Infected With Dcads - Making My Computer Hell

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
You cannot reply to this topic

Infected With Dcads - Making My Computer Hell Removed most of it just need help finishing it off

#1 iker42

Member

Group: Members
Posts: 23
Joined: 05-January 05

Posted 28 January 2008 - 04:56 PM

I downloaded a file that contained the DCADS installer, and i have since removed most of it. It never got to the toolbar stage in its lifem but its still killing my computer.
Heres my log if you can find anything.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:02, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {41BEB131-28C2-4CDB-8CD4-12D41EDC8550} - C:\WINDOWS\system32\AgCPanelKorea.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url="http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab"]http://a1540.g.akamai.net/7/1540/52/200609...ex/qtplugin.cab[/url]
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - [url="http://download.paltalk.com/wcloader_prod/wcloader.cab"]http://download.paltalk.com/wcloader_prod/wcloader.cab[/url]
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - [url="http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab"]http://wdownload.weatherbug.com/minibug/tr...Transporter.cab[/url]?
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - [url="https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab"]https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [url="http://lads.myspace.com/upload/MySpaceUploader1005.cab"]http://lads.myspace.com/upload/MySpaceUploader1005.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url="http://upload.facebook.com/controls/FacebookPhotoUploader.cab"]http://upload.facebook.com/controls/Facebo...otoUploader.cab[/url]
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - [url="http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab"]http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149898703679"]http://update.microsoft.com/microsoftupdat...b?1149898703679[/url]
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - [url="https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab"]https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab[/url]
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - [url="http://www.betterphoto.com/_shared/uploadImageBulk/ImageUploader3.cab"]http://www.betterphoto.com/_shared/uploadI...geUploader3.cab[/url]
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - [url="http://www.sibelius.com/download/software/win/ActiveXPlugin.cab"]http://www.sibelius.com/download/software/...tiveXPlugin.cab[/url]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [url="http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe"]http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe[/url]
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - [url="https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab"]https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab[/url]
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 16552 bytes

#2 iker42

Member

Group: Members
Posts: 23
Joined: 05-January 05

Posted 28 January 2008 - 09:05 PM

new log after running the suggested programs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:07, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {41BEB131-28C2-4CDB-8CD4-12D41EDC8550} - C:\WINDOWS\system32\AgCPanelKorea.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url="http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab"]http://a1540.g.akamai.net/7/1540/52/200609...ex/qtplugin.cab[/url]
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - [url="http://download.paltalk.com/wcloader_prod/wcloader.cab"]http://download.paltalk.com/wcloader_prod/wcloader.cab[/url]
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - [url="http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab"]http://wdownload.weatherbug.com/minibug/tr...Transporter.cab[/url]?
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - [url="https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab"]https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [url="http://lads.myspace.com/upload/MySpaceUploader1005.cab"]http://lads.myspace.com/upload/MySpaceUploader1005.cab[/url]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url="http://download.bitdefender.com/resources/scan8/oscan8.cab"]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url="http://upload.facebook.com/controls/FacebookPhotoUploader.cab"]http://upload.facebook.com/controls/Facebo...otoUploader.cab[/url]
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - [url="http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab"]http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149898703679"]http://update.microsoft.com/microsoftupdat...b?1149898703679[/url]
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - [url="https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab"]https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab[/url]
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - [url="http://www.betterphoto.com/_shared/uploadImageBulk/ImageUploader3.cab"]http://www.betterphoto.com/_shared/uploadI...geUploader3.cab[/url]
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - [url="http://www.sibelius.com/download/software/win/ActiveXPlugin.cab"]http://www.sibelius.com/download/software/...tiveXPlugin.cab[/url]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [url="http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe"]http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe[/url]
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - [url="https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab"]https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab[/url]
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 16589 bytes

This post has been edited by iker42: 28 January 2008 - 09:06 PM

#3 iker42

Member

Group: Members
Posts: 23
Joined: 05-January 05

Posted 30 January 2008 - 11:31 PM

still waiting, cant keep running like this?

#4 OldTimer

Malware Expert

Group: Malware Response Team
Posts: 11,090
Joined: 28-January 05
Gender:Male
Location:North Carolina

Posted 02 February 2008 - 10:58 AM

Hello iker42 and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

What specifically is happening (or not happening) that is an issue? Give me some details. Also, please do not use the codebox when replying. It changes the formatting of the post and makes it very difficult to analyze the information. If an application needs to be posted as code the application will use the proper tags.

Ok, let's see what we can find. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.
Under Additional Scans click the checkboxes in front of the following items to select them:
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

#5 iker42

Member

Group: Members
Posts: 23
Joined: 05-January 05

Posted 02 February 2008 - 12:21 PM

I am having severe slowness issues as well as dcads still poping up false error messages and trying to re route my IE pages.

i will run that scan

#6 iker42

Member

Group: Members
Posts: 23
Joined: 05-January 05

Posted 02 February 2008 - 12:31 PM

Here it is:

WinPFind35 logfile created on: 2/2/2008 12:25:25
WinPFind35U Version Beta42 Folder = C:\Documents and Settings\Mike Arroyo\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1022.92 Mb Total Physical Memory | 516.14 Mb Available Physical Memory | 50.46% Memory free
2.37 Gb Paging File | 1.62 Gb Available in Paging File | 68.40% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.26 Gb Total Space | 12.76 Gb Free Space | 37.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MIKEA
Current User Name: Mike Arroyo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 7/3/2003 00:25:00 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 11/16/2006 20:57:18 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 86016 bytes | Modified Date = 2/6/2006 21:23:06 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 372809 bytes | Modified Date = 2/6/2006 21:26:34 | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 161392 bytes | Modified Date = 4/8/2005 15:54:52 | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 185968 bytes | Modified Date = 4/8/2005 15:52:32 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 11/16/2006 20:57:18 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 110592 bytes | Modified Date = 7/31/2003 17:25:34 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 512000 bytes | Modified Date = 7/31/2003 17:24:24 | Attr = ]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 8/7/2003 17:57:52 | Attr = ]
ezejmnap.exe -> %ProgramFiles%\ThinkPad\Utilities\EzEjMnAp.Exe -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 204800 bytes | Modified Date = 12/24/2002 04:01:00 | Attr = ]
ibmmessages.exe -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 1.058 | Size = 495616 bytes | Modified Date = 1/7/2003 16:52:16 | Attr = ]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 6/23/2003 09:34:18 | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 3.50.31a | Size = 106551 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 19648 bytes | Modified Date = 4/17/2005 12:30:32 | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/23/2007 23:09:21 | Attr = ]
tpscrex.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe -> IBM Corporation [Ver = 1.06 | Size = 65536 bytes | Modified Date = 1/10/2002 17:01:34 | Attr = ]
xptryicn.exe -> %ProgramFiles%\Mediafour\XPlay\XPTRYICN.EXE -> Mediafour Corporation [Ver = 2.0.10.0 | Size = 94208 bytes | Modified Date = 9/27/2004 15:11:00 | Attr = R ]
macvntfy.exe -> %CommonProgramFiles%\Mediafour\MACVNTFY.EXE -> Mediafour Corporation [Ver = 5.0.10.0 | Size = 61440 bytes | Modified Date = 12/17/2002 14:43:00 | Attr = R ]
mddiskprotect.exe -> %ProgramFiles%\Mediafour\MacDrive\MDDiskProtect.exe -> Mediafour Corporation [Ver = 6.0.6.1 | Size = 106496 bytes | Modified Date = 4/15/2005 16:54:00 | Attr = ]
qcwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCWLICON.EXE -> [Ver = | Size = 53248 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 48752 bytes | Modified Date = 4/8/2005 15:52:30 | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 85184 bytes | Modified Date = 4/17/2005 12:30:48 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 09:54:04 | Attr = ]
qconsvc.exe -> %System32%\QCONSVC.EXE -> [Ver = | Size = 49152 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 139264 bytes | Modified Date = 2/6/2006 21:22:26 | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 81920 bytes | Modified Date = 2/16/2005 15:15:20 | Attr = ]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 14:53:44 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:35 | Attr = ]
atomic.exe -> %ProgramFiles%\Atomic Clock Sync\Atomic.exe -> Chaos Software Group, Inc. [Ver = 2.7.0.3 | Size = 524288 bytes | Modified Date = 6/17/2004 12:46:48 | Attr = ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 10 | Size = 1343488 bytes | Modified Date = 4/7/2006 15:02:24 | Attr = ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
quickdcf.exe -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 4, 0, 0, 0 | Size = 200704 bytes | Modified Date = 12/20/2002 15:18:40 | Attr = ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/23/2007 23:09:18 | Attr = ]
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 01:51:48 | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 1706176 bytes | Modified Date = 4/17/2005 12:30:40 | Attr = ]
tpkmpsvc.exe -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 7/11/2003 20:19:22 | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 16:38:08 | Attr = ]
winvnc.exe -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 16:38:18 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 12:38:16 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 11/16/2006 20:57:18 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 185968 bytes | Modified Date = 4/8/2005 15:52:32 | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 83568 bytes | Modified Date = 4/8/2005 15:54:50 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 161392 bytes | Modified Date = 4/8/2005 15:54:52 | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 19648 bytes | Modified Date = 4/17/2005 12:30:32 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 02:56:48 | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 86016 bytes | Modified Date = 2/6/2006 21:23:06 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/23/2007 23:09:21 | Attr = ]
(IBMPMSVC) IBM PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 7/3/2003 00:25:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 02:24:18 | Attr = ]
(QCONSVC) QCONSVC [Win32_Own | Auto | Running] -> %System32%\QCONSVC.EXE -> [Ver = | Size = 49152 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 139264 bytes | Modified Date = 2/6/2006 21:22:26 | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 372809 bytes | Modified Date = 2/6/2006 21:26:34 | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.0.359 | Size = 124608 bytes | Modified Date = 4/17/2005 12:30:42 | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 14:53:44 | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,1,3 | Size = 992864 bytes | Modified Date = 3/30/2005 21:48:22 | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 01:51:48 | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 1706176 bytes | Modified Date = 4/17/2005 12:30:40 | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 15:59:50 | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 7/11/2003 20:19:22 | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 16:38:08 | Attr = ]
(winvnc) VNC Server [Win32_Own | Auto | Running] -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 14:20:04 | Attr = ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.25 | Size = 98752 bytes | Modified Date = 8/22/2002 19:57:02 | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 12/7/2006 19:57:27 | Attr = ]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %System32%\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.20 2.1.20 10/18/2002 10:07:32 | Size = 1156672 bytes | Modified Date = 10/18/2002 13:07:34 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 15:51:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 01:07:42 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 15:52:00 | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 15:51:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6547 | Size = 1133568 bytes | Modified Date = 11/16/2006 21:02:24 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 15:51:54 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 15:52:16 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 01:07:17 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 01:07:16 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 07:00:00 | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.49a | Size = 83104 bytes | Modified Date = 12/20/2002 05:21:00 | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.27e | Size = 40368 bytes | Modified Date = 12/24/2002 04:56:00 | Attr = ]
(E1000) Intel® PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 6.4.16.33 built by: WinDDK | Size = 103936 bytes | Modified Date = 1/19/2003 17:29:18 | Attr = ]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 14:12:10 | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 1/18/2008 04:00:00 | Attr = ]
(EGATHDRV) IBM Access Support [Kernel | Auto | Running] -> %System32%\EGATHDRV.SYS -> IBM Corporation [Ver = 2.05 | Size = 11712 bytes | Modified Date = 6/29/2006 17:11:08 | Attr = ]
(FINEPIX_PCC) FinePix Digital Camera 020724 [Kernel | On_Demand | Stopped] -> %System32%\drivers\V4CB011B.SYS -> FUJI PHOTO FILM CO.,LTD. [Ver = 3, 0, 0, 1 | Size = 81700 bytes | Modified Date = 5/7/2002 04:44:04 | Attr = ]
(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %System32%\drivers\ibmpmdrv.sys -> IBM Corp. [Ver = 1.25 | Size = 11344 bytes | Modified Date = 7/3/2003 00:25:00 | Attr = ]
(IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> %System32%\drivers\IBMBLDID.SYS -> [Ver = | Size = 2295 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Modified Date = 12/10/2007 14:53:28 | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 14:53:28 | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 14:53:28 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Modified Date = 8/4/2004 00:41:35 | Attr = ]
(MASPINT) MASPINT [Kernel | Auto | Running] -> %System32%\drivers\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.05 | Size = 8224 bytes | Modified Date = 6/21/2002 17:42:50 | Attr = ]
(MDFSYSNT) MDFSYSNT [File_System | System | Running] -> %System32%\drivers\MDFSYSNT.SYS -> Mediafour Corporation [Ver = 6.1.4.2 | Size = 213888 bytes | Modified Date = 9/13/2006 13:53:18 | Attr = R ]
(MDPMGRNT) MDPMGRNT [Kernel | Boot | Running] -> %System32%\drivers\MDPMGRNT.SYS -> Mediafour Corporation [Ver = 6.0.6.0 | Size = 24320 bytes | Modified Date = 7/20/2005 17:35:00 | Attr = R ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 15:52:12 | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080201.007\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 82256 bytes | Modified Date = 1/22/2008 04:00:00 | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080201.007\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 895312 bytes | Modified Date = 1/22/2008 04:00:00 | Attr = ]
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/4/2004 01:00:50 | Attr = ]
(PCDRDRV) Pcdr Helper Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys -> File not found
(PcdrNt) PcdrNt [Kernel | On_Demand | Stopped] -> %System32%\drivers\PcdrNt.sys -> PC-Doctor Inc. [Ver = 4.0.7 | Size = 44192 bytes | Modified Date = 3/22/2000 23:42:24 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(pctfw2) pctfw2 [Kernel | System | Running] -> %System32%\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 0, 57 | Size = 218504 bytes | Modified Date = 1/25/2008 17:53:26 | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(poxpkwwc) poxpkwwc [Kernel | Boot | Running] -> %System32%\drivers\npyrdscf.dat -> [Ver = | Size = 19584 bytes | Modified Date = 1/24/2008 20:13:24 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 07:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 3/27/2007 02:55:31 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 15:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 15:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 15:52:18 | Attr = ]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 11354 bytes | Modified Date = 11/7/2005 05:58:30 | Attr = ]
(S3SSavage) S3SSavage [Kernel | On_Demand | Stopped] -> %System32%\drivers\s3ssavm.sys -> S3 Graphics, Inc. [Ver = 6.13.10.1236-12.90.36 | Size = 95104 bytes | Modified Date = 11/1/2001 04:57:14 | Attr = ]
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.5.0.41 | Size = 324232 bytes | Modified Date = 2/4/2005 20:14:30 | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.5.0.41 | Size = 53896 bytes | Modified Date = 2/4/2005 20:14:32 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 05:25:53 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 01:07:42 | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3535 | Size = 537920 bytes | Modified Date = 12/13/2002 16:59:16 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 16:07:44 | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,5,1,3 | Size = 372832 bytes | Modified Date = 3/30/2005 21:48:20 | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.61a | Size = 5589 bytes | Modified Date = 12/24/2002 12:52:26 | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.61a | Size = 22995 bytes | Modified Date = 12/24/2002 12:51:46 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 16:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 16:07:36 | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.1.1 | Size = 123200 bytes | Modified Date = 4/1/2005 20:36:04 | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 17976 bytes | Modified Date = 4/5/2005 11:17:00 | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 267192 bytes | Modified Date = 4/5/2005 11:17:02 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 16:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 16:07:42 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 270288 bytes | Modified Date = 7/31/2003 17:04:04 | Attr = ]
(TDSMAPI) TDSMAPI [Kernel | System | Running] -> %System32%\drivers\TDSMAPI.SYS -> [Ver = | Size = 9343 bytes | Modified Date = 8/3/2006 01:54:00 | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 23895 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 34775 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 4087 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 2171 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 55254 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 14103 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 6295 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 91318 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 95447 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/28/2008 17:04:59 | Attr = ]
(Tp4Track) IBM PS/2 TrackPoint Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\tp4track.sys -> IBM Corporation [Ver = 3.09 | Size = 14064 bytes | Modified Date = 12/3/2002 05:09:00 | Attr = ]
(TPHKDRV) TPHKDRV [Kernel | System | Running] -> %System32%\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 16162 bytes | Modified Date = 6/23/2003 09:33:58 | Attr = ]
(TPPWR) TPPWR [Kernel | System | Running] -> %System32%\drivers\TPPWR.SYS -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 16384 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
(TSMAPIP) TSMAPIP [Kernel | System | Running] -> %System32%\drivers\TSMAPIP.SYS -> [Ver = | Size = 7168 bytes | Modified Date = 12/26/2002 04:10:00 | Attr = ]
(TwoTrack) IBM PS/2 TrackPoint Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\TwoTrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Modified Date = 8/17/2001 15:48:14 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 15:52:22 | Attr = ]
(Vax347b) Vax347b [Kernel | Boot | Running] -> %System32%\drivers\Vax347b.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 159616 bytes | Modified Date = 4/25/2005 10:43:58 | Attr = ]
(Vax347s) Vax347s [Kernel | Boot | Running] -> %System32%\drivers\Vax347s.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 4/30/2004 09:33:00 | Attr = ]
(w29n51) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9004-8 Driver | Size = 3325312 bytes | Modified Date = 1/17/2006 17:32:44 | Attr = ]
(w70n51) Intel® PRO/Wireless 7100 Adapter Driver for Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w70n51.sys -> Intel® Corporation [Ver = 1.2.4.41 | Size = 674560 bytes | Modified Date = 7/13/2006 12:33:08 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 19:51:55 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 11/16/2006 20:00:00 | Attr = ]
Atomic.exe -> %ProgramFiles%\Atomic Clock Sync\Atomic.exe -> Chaos Software Group, Inc. [Ver = 2.7.0.3 | Size = 524288 bytes | Modified Date = 6/17/2004 12:46:48 | Attr = ]
BLOG -> %ProgramFiles%\ThinkPad\Utilities\BATLOGEX.DLL -> [Ver = | Size = 208896 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
BMMGAG -> %ProgramFiles%\ThinkPad\Utilities\PWRMONIT.DLL -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 110592 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
BMMLREF -> %ProgramFiles%\ThinkPad\Utilities\BMMLREF.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
BMMMONWND -> %ProgramFiles%\ThinkPad\Utilities\BATINFEX.DLL -> [Ver = | Size = 396288 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 48752 bytes | Modified Date = 4/8/2005 15:52:30 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 3.50.31a | Size = 106551 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
DNS7reminder -> %ProgramFiles%\Nuance\NaturallySpeaking9\Ereg\Ereg.exe -> Nuance Communications, Inc. [Ver = 5, 0, 0, 0 | Size = 259624 bytes | Modified Date = 3/19/2007 08:20:42 | Attr = ]
EZEJMNAP -> %ProgramFiles%\ThinkPad\Utilities\EzEjMnAp.Exe -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 204800 bytes | Modified Date = 12/24/2002 04:01:00 | Attr = ]
ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 1.058 | Size = 495616 bytes | Modified Date = 1/7/2003 16:52:16 | Attr = ]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 221184 bytes | Modified Date = 2/16/2005 15:15:22 | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 81920 bytes | Modified Date = 2/16/2005 15:15:20 | Attr = ]
MDDiskProtect.exe -> %ProgramFiles%\Mediafour\MacDrive\MDDiskProtect.exe -> Mediafour Corporation [Ver = 6.0.6.1 | Size = 106496 bytes | Modified Date = 4/15/2005 16:54:00 | Attr = ]
Mediafour Mac Volume Notifications -> %CommonProgramFiles%\Mediafour\MACVNTFY.EXE -> Mediafour Corporation [Ver = 5.0.10.0 | Size = 61440 bytes | Modified Date = 12/17/2002 14:43:00 | Attr = R ]
Mediafour XPlay Tray Notification Icon -> %ProgramFiles%\Mediafour\XPlay\XPTRYICN.EXE -> Mediafour Corporation [Ver = 2.0.10.0 | Size = 94208 bytes | Modified Date = 9/27/2004 15:11:00 | Attr = R ]
QCWLIcon -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCWLICON.EXE -> [Ver = | Size = 53248 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 09:54:04 | Attr = ]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 21:32:10 | Attr = ]
S3TRAY2 -> %System32%\S3Tray2.exe -> S3 Graphics, Inc. [Ver = 1.00.13-1012 | Size = 69632 bytes | Modified Date = 10/12/2001 00:32:36 | Attr = ]
SSBkgdUpdate -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe -> Nuance Communications, Inc. [Ver = 5,2,0,0 | Size = 210472 bytes | Modified Date = 10/25/2006 08:03:38 | Attr = ]
StorageGuard -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 6/18/2002 02:01:00 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:35 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 512000 bytes | Modified Date = 7/31/2003 17:24:24 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 110592 bytes | Modified Date = 7/31/2003 17:25:34 | Attr = ]
TP4EX -> %System32%\TP4EX.exe -> IBM Corporation [Ver = 1.05.00 | Size = 53248 bytes | Modified Date = 9/4/2002 03:05:00 | Attr = ]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 8/7/2003 17:57:52 | Attr = ]
TPKMAPHELPER -> %ProgramFiles%\ThinkPad\Utilities\TpKmapAp.exe -> IBM Corp. [Ver = 1, 1, 0, 0 | Size = 897024 bytes | Modified Date = 8/8/2003 17:39:38 | Attr = ]
TrackPointSrv -> %System32%\tp4serv.exe -> IBM Corporation [Ver = 3.09 | Size = 87552 bytes | Modified Date = 12/3/2002 05:09:00 | Attr = ]
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 85184 bytes | Modified Date = 4/17/2005 12:30:48 | Attr = ]
WinVNC -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 16:22:02 | Attr = ]
ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 1.058 | Size = 495616 bytes | Modified Date = 1/7/2003 16:52:16 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 8/23/2007 23:09:25 | Attr = ]
tgcmd -> -> File not found
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 10 | Size = 1343488 bytes | Modified Date = 4/7/2006 15:02:24 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 14:06:48 | Attr = ]
%AllUsersStartup%\Exif Launcher.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 4, 0, 0, 0 | Size = 200704 bytes | Modified Date = 12/20/2002 15:18:40 | Attr = ]
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/23/2007 23:09:18 | Attr = ]
< Mike Arroyo Startup Folder > -> C:\Documents and Settings\Mike Arroyo\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 11/16/2006 20:58:18 | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.0.0.359 | Size = 43712 bytes | Modified Date = 4/17/2005 12:30:56 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (874 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ig?hl=en ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{41BEB131-28C2-4CDB-8CD4-12D41EDC8550} [HKEY_LOCAL_MACHINE] -> %System32%\AgCPanelKorea.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 84480 bytes | Modified Date = 7/22/2007 16:39:26 | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 15:29:16 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 3.50.31a | Size = 94262 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:33 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 8/23/2007 23:09:25 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:33 | Attr = ]
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 15:29:16 | Attr = ]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 1/9/2008 15:01:48 | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 14:35:36 | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 16:43:18 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 15:29:16 | Attr = ]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 14:35:36 | Attr = ]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 16:43:18 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 4, 0, 428 | Size = 253952 bytes | Modified Date = 8/3/2006 10:15:32 | Attr = ]
&Lookup Meaning -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 4, 0, 428 | Size = 253952 bytes | Modified Date = 8/3/2006 10:15:32 | Attr = ]
&Yahoo! Search -> -> File not found
Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 4, 0, 428 | Size = 253952 bytes | Modified Date = 8/3/2006 10:15:32 | Attr = ]
Yahoo! &Dictionary -> -> File not found
Yahoo! &Maps -> -> File not found
Yahoo! &SMS -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3208BD92-DCC9-40EF-B612-2C0CBAB48FFD} -> () ->
{4BB26424-422C-4147-82A6-7817319D205B} -> (Intel® PRO/1000 MT Mobile Connection) ->
{6CF2B35C-B8F7-488F-84DA-66C1F53E7BB0} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{8506968E-7EDC-4F73-8B9A-DCFD07DA7292} -> () ->
{CD21294F-6B93-4289-BDD2-4F0CD162723B} -> (Intel® PRO/Wireless LAN 2100 3B Mini PCI Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/200609...ex/qtplugin.cab[QuickTime Object] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b...heckControl.cab[Windows Genuine Advantage Validation Tool] ->
{1B9B97D0-C0F4-4045-9B42-50A4535C9041}[HKEY_LOCAL_MACHINE] -> http://download.paltalk.com/wcloader_prod/wcloader.cab[WCLoaderCtl Class] ->
{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}[HKEY_LOCAL_MACHINE] -> http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?[MiniBugTransporterX Class] ->
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab[IASRunner Class] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] ->
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] ->
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{66D393D5-4D80-497C-9F4F-F3839E090202}[HKEY_LOCAL_MACHINE] -> http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab[PlayerOCX Control] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1149898703679[MUWebControl Class] ->
{74FFE28D-2378-11D5-990C-006094235084}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab[IBM Access Support] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}[HKEY_LOCAL_MACHINE] -> http://www.betterphoto.com/_shared/uploadI...geUploader3.cab[Aurigma Image Uploader 3.5 Control] ->
{A8F2B9BD-A6A0-486A-9744-18920D898429}[HKEY_LOCAL_MACHINE] -> http://www.sibelius.com/download/software/...tiveXPlugin.cab[ScorchPlugin Class] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe[Virtools WebPlayer Class] ->
{E598AC61-4C6F-4F4D-877F-FAC49CA91FA3}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab[acpRunner Class] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\SerialNumber -> A109A-K13-3ZXD-BAP5-TE ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\SerialNumber -> A109A-K13-3ZXD-BAP5-TE ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 02:56:43 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 02:56:43 | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 09:21:15 | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 23:37:50 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 832 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 02:56:44 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\AUOptions -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 02:56:44 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/29/2002 07:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 02:56:57 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 16812 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 02:56:42 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 02:56:56 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 07:44:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 14:35:36 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 16:10:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 02:56:56 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Support.com\Bin\tgcmd.exe -> C:\Program Files\Support.com\Bin\tgcmd.exe [C:\Program Files\Support.com\Bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eDonkey2000\edonkey2000.exe -> C:\Program Files\eDonkey2000\edonkey2000.exe [C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 16:43:18 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 16:43:18 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 16:22:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 | Attr = HS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 05:59:52 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151763126\ee\aolsoftware.exe -> C:\Program Files\Common Files\AOL\1151763126\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1151763126\ee\aolsoftware.exe:*:Enabled:AOL Services] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151763126\ee\aim6.exe -> C:\Program Files\Common Files\AOL\1151763126\ee\aim6.exe [C:\Program Files\Common Files\AOL\1151763126\ee\aim6.exe:*:Enabled:AIM] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\empires2.exe -> C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\empires2.exe [C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\empires2.exe:*:Enabled:Age of Empires II] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\age2_x1.exe -> C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\age2_x1.exe [C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\age2_x1.exe:*:Enabled:Age of Empires II Expansion] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\empires2.exe -> C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\empires2.exe [C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\empires2.exe:*:Enabled:Age of Empires II] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dplaysvr.exe -> C:\WINDOWS\system32\dplaysvr.exe [C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30208 bytes | Modified Date = 8/4/2004 02:56:48 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\age2_x1.exe -> C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\age2_x1.exe [C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\age2_x1.exe:*:Enabled:Age of Empires II Expansion] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo\halo.exe -> C:\Program Files\Microsoft Games\Halo\halo.exe [C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 07:44:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 14:35:36 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\UltraVNC\winvnc.exe -> C:\Program Files\UltraVNC\winvnc.exe [C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32] -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\PDFEdit.exe -> C:\Documents and Settings\Mike Arroyo\Desktop\PDFEdit.exe [C:\Documents and Settings\Mike Arroyo\Desktop\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe -> C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe [C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameSpy Arcade\Aphex.exe -> C:\Program Files\GameSpy Arcade\Aphex.exe [C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 10/31/2005 10:56:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe -> C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe [C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe -> C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe [C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6023.5000 | Size = 12831608 bytes | Modified Date = 5/25/2007 19:09:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Games\Microsoft Games\Halo\HALO.EXE -> G:\Games\Microsoft Games\Halo\HALO.EXE [G:\Games\Microsoft Games\Halo\HALO.EXE:*:Enabled:Halo] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Games\Microsoft Games\Halo Custom Edition\haloce.exe -> G:\Games\Microsoft Games\Halo Custom Edition\haloce.exe [G:\Games\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 16:10:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetMeeting\conf.exe -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®] -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 1032192 bytes | Modified Date = 8/4/2004 02:56:48 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\GAMES\Age of Empires\age2_x1.exe -> C:\GAMES\Age of Empires\age2_x1.exe [C:\GAMES\Age of Empires\age2_x1.exe:*:Enabled:Age of Empires II Expansion] -> Microsoft Corporation [Ver = 00.07.22.0627 | Size = 2695213 bytes | Modified Date = 8/8/2000 02:13:34 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Games\BF2\Bf2_w32ded.exe -> G:\Games\BF2\Bf2_w32ded.exe [G:\Games\BF2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\GAMES\Age of Empires\empires2.exe -> C:\GAMES\Age of Empires\empires2.exe [C:\GAMES\Age of Empires\empires2.exe:*:Enabled:Age of Empires II] -> Microsoft Corporation [Ver = 00.14.14.0914 | Size = 2560000 bytes | Modified Date = 9/21/1999 19:46:58 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\GAMES\[ PC Games ] - Age of Empires II(FULL)(3)\age2_x1.exe -> C:\GAMES\[ PC Games ] - Age of Empires II(FULL)(3)\age2_x1.exe [C:\GAMES\[ PC Games ] - Age of Empires II(FULL)(3)\age2_x1.exe:*:Enabled:Age of Empires II Expansion] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent_DNA\dna.exe -> C:\Program Files\BitTorrent_DNA\dna.exe [C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitDownload\BitDownload.exe -> C:\Program Files\BitDownload\BitDownload.exe [C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Defcon\defcon.exe -> C:\Program Files\Defcon\defcon.exe [C:\Program Files\Defcon\defcon.exe:*:Enabled:Defcon] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Live for Speed S2\LFS.exe -> C:\Program Files\Live for Speed S2\LFS.exe [C:\Program Files\Live for Speed S2\LFS.exe:*:Enabled:LFS] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Games\Microsoft Games\Halo\HALO.EXE -> F:\Games\Microsoft Games\Halo\HALO.EXE [F:\Games\Microsoft Games\Halo\HALO.EXE:*:Enabled:Halo] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Rigs of Rods 0.33\RoRserver.exe -> C:\Program Files\Rigs of Rods 0.33\RoRserver.exe [C:\Program Files\Rigs of Rods 0.33\RoRserver.exe:*:Enabled:RoRserver] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Games\Microsoft Games\Halo Custom Edition\haloce.exe -> F:\Games\Microsoft Games\Halo Custom Edition\haloce.exe [F:\Games\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.9: 2007102514 | Size = 7649128 bytes | Modified Date = 1/25/2008 18:24:41 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8506968E-7EDC-4F73-8B9A-DCFD07DA7292} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{CD21294F-6B93-4289-BDD2-4F0CD162723B} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4BB26424-422C-4147-82A6-7817319D205B} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 02:56:57 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 02:56:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 23:39:49 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 02:56:57 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 02:56:44 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 02:56:57 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 23:39:49 | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->

[Files/Folders - Created Within 30 days]
temp_phw -> %SystemDrive%\temp_phw -> [Folder | Created Date = 1/14/2008 20:15:50 | Attr = ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
npyrdscf.dat -> %System32%\drivers\npyrdscf.dat -> [Ver = | Size = 19584 bytes | Created Date = 1/24/2008 20:13:24 | Attr = ]
pctfw2.sys -> %System32%\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 0, 57 | Size = 218504 bytes | Created Date = 1/25/2008 21:47:54 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/28/2008 17:05:35 | Attr = ]
AgCPanelKorea.dll -> %System32%\AgCPanelKorea.dll -> [Ver = | Size = 84480 bytes | Created Date = 1/24/2008 20:11:03 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/28/2008 17:18:24 | Attr = ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bdoscandel.exe -> %SystemRoot%\bdoscandel.exe -> [Ver = | Size = 53248 bytes | Created Date = 1/9/2008 15:01:48 | Attr = ]
bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini -> [Ver = | Size = 453 bytes | Created Date = 1/9/2008 15:01:48 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
PC Tools -> %AllUsersAppData%\PC Tools -> [Folder | Created Date = 1/25/2008 21:51:13 | Attr = ]
ArcSoft -> %UserAppData%\ArcSoft -> [Folder | Created Date = 1/5/2008 19:26:28 | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Created Date = 1/25/2008 17:22:23 | Attr = ]
urlredir.cfg -> %UserAppData%\urlredir.cfg -> [Ver = | Size = 209 bytes | Created Date = 1/24/2008 20:18:52 | Attr = ]
Got It Right This Time.doc -> %UserDocuments%\Got It Right This Time.doc -> [Ver = | Size = 31232 bytes | Created Date = 1/3/2008 21:56:01 | Attr = ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk -> [Ver = | Size = 1740 bytes | Created Date = 1/5/2008 19:22:29 | Attr = ]
Panorama Maker 4.lnk -> %AllUsersDesktop%\Panorama Maker 4.lnk -> [Ver = | Size = 1622 bytes | Created Date = 1/5/2008 19:24:55 | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 1648 bytes | Created Date = 1/25/2008 17:22:37 | Attr = ]
AC3D.lnk -> %UserDesktop%\AC3D.lnk -> [Ver = | Size = 669 bytes | Created Date = 1/27/2008 23:06:01 | Attr = ]
ac3dtex -> %UserDesktop%\ac3dtex -> [Folder | Created Date = 1/28/2008 21:26:33 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 1/28/2008 16:38:16 | Attr = ]
Rigs of Rods 0.34.lnk -> %UserDesktop%\Rigs of Rods 0.34.lnk -> [Ver = | Size = 573 bytes | Created Date = 1/21/2008 20:50:15 | Attr = ]
RoR.exe.lnk -> %UserDesktop%\RoR.exe.lnk -> [Ver = | Size = 727 bytes | Created Date = 1/21/2008 20:50:21 | Attr = ]
rorEditor.exe.lnk -> %UserDesktop%\rorEditor.exe.lnk -> [Ver = | Size = 1101 bytes | Created Date = 1/25/2008 22:43:20 | Attr = ]
Winch -> %UserDesktop%\Winch -> [Folder | Created Date = 2/1/2008 17:58:49 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 2/2/2008 12:21:31 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478495 bytes | Created Date = 2/2/2008 12:17:37 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/25/2008 22:14:34 | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Created Date = 1/25/2008 17:53:30 | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072680960 bytes | Modified Date = 2/1/2008 22:57:26 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/28/2008 16:38:15 | Attr = R ]
Software Killers -> %SystemDrive%\Software Killers -> [Folder | Modified Date = 1/28/2008 16:52:05 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/24/2008 23:27:52 | Attr = HS]
temp_phw -> %SystemDrive%\temp_phw -> [Folder | Modified Date = 1/14/2008 20:15:50 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/31/2008 22:28:48 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2/1/2008 02:27:41 | Attr = ]
npyrdscf.dat -> %System32%\drivers\npyrdscf.dat -> [Ver = | Size = 19584 bytes | Modified Date = 1/24/2008 20:13:24 | Attr = ]
pctfw2.sys -> %System32%\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 0, 57 | Size = 218504 bytes | Modified Date = 1/25/2008 17:53:26 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/28/2008 17:04:59 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2/1/2008 22:59:00 | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 1/28/2008 23:04:31 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/15/2008 20:48:37 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2/1/2008 22:58:53 | Attr = ]
EPScreensaver dir -> %System32%\EPScreensaver dir -> [Folder | Modified Date = 1/24/2008 20:21:03 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 54010 bytes | Modified Date = 1/25/2008 17:24:02 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 383822 bytes | Modified Date = 1/25/2008 17:24:02 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 443380 bytes | Modified Date = 1/25/2008 17:24:02 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/24/2008 23:27:52 | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 1/10/2008 19:34:09 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 2/1/2008 23:00:56 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 17:13:02 | Attr = H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/28/2008 19:33:56 | Attr = ]
bdoscandel.exe -> %SystemRoot%\bdoscandel.exe -> [Ver = | Size = 53248 bytes | Modified Date = 1/9/2008 15:01:48 | Attr = ]
bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini -> [Ver = | Size = 453 bytes | Modified Date = 1/9/2008 15:01:48 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/1/2008 22:57:36 | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2/1/2008 22:57:41 | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/28/2008 23:03:45 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/24/2008 21:21:07 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/9/2008 03:01:12 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/28/2008 23:04:12 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/25/2008 22:18:39 | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/31/2008 22:28:48 | Attr = ]
msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Modified Date = 1/28/2008 23:04:17 | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/2/2008 12:22:47 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/31/2008 18:44:27 | Attr = H ]
system32 -> %System32% -> [Folder | Modified Date = 1/28/2008 23:03:44 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/1/2008 23:01:03 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/2/2008 12:25:59 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/27/2008 06:33:01 | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2/2/2008 01:52:53 | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/1/2008 22:57:44 | Attr = H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 366 bytes | Modified Date = 2/2/2008 10:18:22 | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1310 bytes | Modified Date = 12/21/2006 19:01:57 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 11436 bytes | Modified Date = 2/1/2008 23:00:45 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 11436 bytes | Modified Date = 2/1/2008 23:00:45 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8514 bytes | Modified Date = 1/24/2007 22:02:32 | Attr = ]
aupd.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\aupd.exe -> [Ver = | Size = 284633 bytes | Modified Date = 1/24/2008 20:11:37 | Attr = ]
A~NSISu_.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\A~NSISu_.exe -> Lime Wire LLC [Ver = 4.14.8 | Size = 125635 bytes | Modified Date = 8/19/2007 20:32:59 | Attr = ]
FlashPlayerUpdate.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\FlashPlayerUpdate.exe -> Adobe Systems Incorporated [Ver = 1.0.20 | Size = 1523032 bytes | Modified Date = 2/1/2008 23:01:15 | Attr = ]
2705 C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\*.tmp ->
ShFolder.Exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ShFolder.Exe -> Microsoft Corporation [Ver = 5.50.4027.300 | Size = 117288 bytes | Modified Date = 4/16/2001 15:39:02 | Attr = ]
ShFolder.Exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ShFolder.Exe -> Microsoft Corporation [Ver = 5.50.4027.300 | Size = 117288 bytes | Modified Date = 4/16/2001 16:39:02 | Attr = ]
GoogleToolbarInstaller_en.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{2DC96CF0-1337-42A8-8E3D-8F984DAE8C39}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\GoogleToolbarInstaller_en.exe -> Google [Ver = 3, 0, 131, 0 | Size = 582216 bytes | Modified Date = 1/29/2007 23:47:26 | Attr = ]
SketchUpInstaller.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{2DC96CF0-1337-42A8-8E3D-8F984DAE8C39}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\SketchUpInstaller.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 31343285 bytes | Modified Date = 1/29/2007 23:47:48 | Attr = ]
dotnetfx.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{6D8848DE-530A-4F77-9B30-3D869535915D}\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\dotnetfx.exe -> Microsoft [Ver = 1.1.4322.573 | Size = 24265736 bytes | Modified Date = 2/21/2003 16:37:38 | Attr = ]
ExporterInstaller.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{6D8848DE-530A-4F77-9B30-3D869535915D}\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\ExporterInstaller.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 3817574 bytes | Modified Date = 4/25/2007 12:59:38 | Attr = ]
GoogleToolbarInstaller_en.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{6D8848DE-530A-4F77-9B30-3D869535915D}\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\GoogleToolbarInstaller_en.exe -> Google [Ver = 4, 0, 1020, 6156 | Size = 844328 bytes | Modified Date = 4/25/2007 12:59:14 | Attr = ]
LayOutInstaller.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{6D8848DE-530A-4F77-9B30-3D869535915D}\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\LayOutInstaller.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 16803902 bytes | Modified Date = 4/25/2007 12:59:50 | Attr = ]
LicenseActivation.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{6D8848DE-530A-4F77-9B30-3D869535915D}\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\LicenseActivation.exe -> [Ver = | Size = 110592 bytes | Modified Date = 4/25/2007 12:59:14 | Attr = ]
sgs.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{6D8848DE-530A-4F77-9B30-3D869535915D}\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\sgs.exe -> [Ver = | Size = 376248 bytes | Modified Date = 4/25/2007 12:59:16 | Attr = ]
SketchUpInstaller.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{6D8848DE-530A-4F77-9B30-3D869535915D}\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\SketchUpInstaller.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 30942863 bytes | Modified Date = 4/25/2007 12:59:36 | Attr = ]
Au_.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\~nsu.tmp\Au_.exe -> Adobe Systems Incorporated [Ver = 1.0.17 | Size = 48749 bytes | Modified Date = 7/23/2007 23:42:09 | Attr = ]
ymdc.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\9295640\ymdc.exe -> Yahoo! Inc. [Ver = 2007.03.23.01 | Size = 46088 bytes | Modified Date = 3/23/2007 18:27:14 | Attr = ]
4 C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\9295640\*.tmp files -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\9295640\*.tmp ->
Setup.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Adobe Reader 8\Setup.exe -> Adobe Systems Incorporated [Ver = 3.0.3.1 | Size = 304784 bytes | Modified Date = 5/11/2007 03:50:42 | Attr = ]
Setup.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Adobe Reader 8_\Setup.exe -> Adobe Systems Incorporated [Ver = 3.0.3.1 | Size = 304784 bytes | Modified Date = 5/11/2007 03:50:42 | Attr = ]
setup.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\bye1F2.tmp\Disk1\setup.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 121064 bytes | Modified Date = 5/5/2007 18:01:55 | Attr = ]
setup.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\bye23.tmp\Disk1\setup.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 121064 bytes | Modified Date = 4/21/2007 17:43:09 | Attr = ]
setup.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\bye2C.tmp\Disk1\setup.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 121064 bytes | Modified Date = 4/21/2007 19:23:46 | Attr = ]
DivXInstaller.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Div28E.tmp\DivXInstaller.exe -> DivX, Inc. [Ver = 1.0.0.286 | Size = 14764808 bytes | Modified Date = 4/6/2007 09:34:19 | Attr = ]
jinstall.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\ICD1.tmp\jinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 376832 bytes | Modified Date = 9/25/2007 01:33:20 | Attr = ]
jinstall.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\ICD2.tmp\jinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 376832 bytes | Modified Date = 9/25/2007 01:33:20 | Attr = ]
adw.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\adw.exe -> [Ver = | Size = 240148 bytes | Modified Date = 11/23/2007 09:48:18 | Attr = ]
games.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\games.exe -> [Ver = | Size = 2676212 bytes | Modified Date = 11/23/2007 10:12:02 | Attr = ]
Setup.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 52, 164, 0 | Size = 73728 bytes | Modified Date = 1/12/1999 11:42:20 | Attr = R ]
_ISDel.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 10/27/1998 12:06:48 | Attr = R ]
AcroRd32.exe -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 5.0.1.2001032700 | Size = 3870784 bytes | Modified Date = 3/27/2001 21:44:58 | Attr = R ]
DRVMGT.DLL -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\DRVMGT.DLL -> [Ver = | Size = 34304 bytes | Modified Date = 4/15/2007 10:24:24 | Attr = ]
setupenu.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\setupenu.dll -> Microsoft Corporation [Ver = 1.0.0 | Size = 32768 bytes | Modified Date = 4/15/2007 10:24:24 | Attr = ]
2705 C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\*.tmp ->
BrwsrPI.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\BrwsrPI.dll -> Adobe Systems, Inc. [Ver = 5.05 | Size = 53248 bytes | Modified Date = 8/8/2001 20:22:42 | Attr = ]
IccTest.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IccTest.dll -> Adobe Systems, Inc. [Ver = 1.2 | Size = 126976 bytes | Modified Date = 8/7/2001 15:48:00 | Attr = ]
Permission.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Permission.dll -> [Ver = 1.1 | Size = 98304 bytes | Modified Date = 4/16/2001 15:39:02 | Attr = ]
BrwsrPI.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\BrwsrPI.dll -> Adobe Systems, Inc. [Ver = 5.05 | Size = 53248 bytes | Modified Date = 8/8/2001 21:22:42 | Attr = ]
IccTest.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\IccTest.dll -> Adobe Systems, Inc. [Ver = 1.2 | Size = 126976 bytes | Modified Date = 8/7/2001 16:48:00 | Attr = ]
Permission.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Permission.dll -> [Ver = 1.1 | Size = 98304 bytes | Modified Date = 4/16/2001 16:39:02 | Attr = ]
gtapi.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{2DC96CF0-1337-42A8-8E3D-8F984DAE8C39}\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\gtapi.dll -> [Ver = | Size = 45056 bytes | Modified Date = 1/29/2007 23:47:26 | Attr = ]
gtapi.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{6D8848DE-530A-4F77-9B30-3D869535915D}\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\gtapi.dll -> [Ver = | Size = 45056 bytes | Modified Date = 4/25/2007 12:59:14 | Attr = ]
ywiseext.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\3678855\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 9, 17, 1 | Size = 106496 bytes | Modified Date = 9/17/2007 08:13:28 | Attr = ]
SCHook.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\7zS10.tmp\SCHook.dll -> PcHelpWare [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/2/2007 01:08:36 | Attr = ]
ywiseext.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\8091044\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 3, 7, 1 | Size = 102400 bytes | Modified Date = 3/7/2007 09:52:18 | Attr = ]
yvertr.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\9295640\yvertr.dll -> [Ver = 2004, 1, 15, 1 | Size = 42080 bytes | Modified Date = 1/15/2004 13:48:38 | Attr = ]
ywiseext.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\9295640\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 3, 7, 1 | Size = 102400 bytes | Modified Date = 3/7/2007 09:52:18 | Attr = ]
4 C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\9295640\*.tmp files -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\9295640\*.tmp ->
_setup.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\isp73D.tmp\_setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 380928 bytes | Modified Date = 8/26/2006 22:43:43 | Attr = ]
AdvSplash.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsc5D7.tmp\AdvSplash.dll -> [Ver = | Size = 6144 bytes | Modified Date = 8/21/2007 18:31:44 | Attr = ]
Banner.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsc5D7.tmp\Banner.dll -> [Ver = | Size = 4096 bytes | Modified Date = 8/21/2007 18:31:56 | Attr = ]
InstallOptions.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsc5D7.tmp\InstallOptions.dll -> [Ver = | Size = 14336 bytes | Modified Date = 8/21/2007 18:31:46 | Attr = ]
LangDLL.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsc5D7.tmp\LangDLL.dll -> [Ver = | Size = 5120 bytes | Modified Date = 8/21/2007 18:31:44 | Attr = ]
NSIS_Picasa.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsi1077.tmp\NSIS_Picasa.dll -> [Ver = | Size = 54784 bytes | Modified Date = 7/22/2007 09:04:55 | Attr = ]
NSISArray.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsjE.tmp\NSISArray.dll -> [Ver = | Size = 17920 bytes | Modified Date = 2/1/2008 23:01:29 | Attr = ]
InetLoad.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\InetLoad.dll -> [Ver = | Size = 18944 bytes | Modified Date = 1/24/2008 20:10:25 | Attr = ]
InstallOptions.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\InstallOptions.dll -> [Ver = | Size = 14336 bytes | Modified Date = 1/24/2008 20:10:41 | Attr = ]
System.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\System.dll -> [Ver = | Size = 10240 bytes | Modified Date = 1/24/2008 20:10:22 | Attr = ]
_Setup.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 9/29/1998 16:34:56 | Attr = R ]
AceLite.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\AceLite.dll -> Adobe Systems, Incorporated [Ver = 1.02.00 | Size = 397312 bytes | Modified Date = 2/28/2001 09:29:36 | Attr = R ]
ACROFX32.DLL -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\ACROFX32.DLL -> [Ver = | Size = 53248 bytes | Modified Date = 5/12/2000 18:30:02 | Attr = R ]
Agm.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\Agm.dll -> Adobe Systems, Incorporated [Ver = 4.04.26 | Size = 1138688 bytes | Modified Date = 3/14/2001 10:06:02 | Attr = R ]
Bib.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\Bib.dll -> Adobe Systems, Incorporated [Ver = 1.0.20 | Size = 147456 bytes | Modified Date = 1/20/2001 22:13:36 | Attr = R ]
CoolType.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\CoolType.dll -> Adobe Systems, Incorporated [Ver = 4.04.26 | Size = 1441792 bytes | Modified Date = 3/14/2001 10:06:02 | Attr = R ]
msvcp60.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\msvcp60.dll -> Microsoft Corporation [Ver = 6.00.8168.0 | Size = 401462 bytes | Modified Date = 12/1/1999 00:40:28 | Attr = R ]
msvcrt.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\msvcrt.dll -> Microsoft Corporation [Ver = 6.00.8397.0 | Size = 266293 bytes | Modified Date = 2/11/1999 03:33:58 | Attr = R ]
oleaut32.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\oleaut32.dll -> Microsoft Corporation [Ver = 2.30.4261 | Size = 598288 bytes | Modified Date = 6/18/1998 11:33:08 | Attr = R ]
WHA Library.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\WHA Library.dll -> Adobe Systems Incorporated [Ver = 0.2.0.0 | Size = 167936 bytes | Modified Date = 3/15/2001 06:14:38 | Attr = R ]
nppdf32.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\Browser\nppdf32.dll -> Adobe Systems Inc. [Ver = 5.0.0.2001031500 | Size = 103312 bytes | Modified Date = 2/26/2001 21:48:44 | Attr = R ]
NPDocBox.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\plug_ins\InterTrust\NPDocBox.dll -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 3/14/2001 04:52:06 | Attr = R ]
QT2.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\plug_ins\Movie\QT2.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 24576 bytes | Modified Date = 3/15/2001 06:00:24 | Attr = R ]
QT3.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\plug_ins\Movie\QT3.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 32768 bytes | Modified Date = 3/15/2001 06:00:42 | Attr = R ]
QT4.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\plug_ins\Movie\QT4.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 36864 bytes | Modified Date = 3/15/2001 06:01:02 | Attr = R ]
Uninst.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Reader\Uninstall\Uninst.dll -> Adobe Systems, Inc. [Ver = 4.0.11 | Size = 81920 bytes | Modified Date = 2/26/2001 21:48:44 | Attr = R ]
NPSVGVw.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\SVG Files\NPSVGVw.dll -> Adobe Systems Inc. [Ver = 2, 0, 0, 55 | Size = 299059 bytes | Modified Date = 3/14/2001 14:10:56 | Attr = R ]
SVGControl.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\SVG Files\SVGControl.dll -> Adobe Systems Incorporated [Ver = 2, 0, 0, 55 | Size = 491574 bytes | Modified Date = 3/14/2001 14:14:00 | Attr = R ]
SVGRSRC.DLL -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\SVG Files\SVGRSRC.DLL -> [Ver = | Size = 12288 bytes | Modified Date = 3/14/2001 14:06:24 | Attr = R ]
SVGView.dll -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\SVG Files\SVGView.dll -> Adobe Systems Incorporated [Ver = 2, 0, 0, 55 | Size = 1597491 bytes | Modified Date = 3/14/2001 14:07:52 | Attr = R ]
Perflib_Perfdata_20c.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_20c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/6/2007 11:51:16 | Attr = ]
Perflib_Perfdata_2c0.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_2c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/18/2007 11:15:48 | Attr = ]
Perflib_Perfdata_368.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_368.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/2/2007 11:24:51 | Attr = ]
Perflib_Perfdata_4b0.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_4b0.dat -> [Ver = | Size = 0 bytes | Modified Date = 1/28/2008 23:25:44 | Attr = ]
Perflib_Perfdata_51c.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_51c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/28/2008 20:51:08 | Attr = ]
Perflib_Perfdata_5d8.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_5d8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/30/2007 17:27:01 | Attr = ]
Perflib_Perfdata_894.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_894.dat -> [Ver = | Size = 0 bytes | Modified Date = 1/31/2008 22:29:52 | Attr = ]
Perflib_Perfdata_908.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_908.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/6/2007 21:09:59 | Attr = ]
Perflib_Perfdata_90c.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_90c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/10/2007 22:07:52 | Attr = ]
Perflib_Perfdata_9a8.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_9a8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/10/2007 22:23:47 | Attr = ]
Perflib_Perfdata_9cc.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_9cc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/9/2007 22:24:52 | Attr = ]
Perflib_Perfdata_9d4.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_9d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/23/2007 23:19:29 | Attr = ]
Perflib_Perfdata_9e8.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_9e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/25/2008 21:59:21 | Attr = ]
Perflib_Perfdata_a30.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_a30.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/27/2008 20:17:23 | Attr = ]
Perflib_Perfdata_a48.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_a48.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/28/2008 16:51:20 | Attr = ]
Perflib_Perfdata_aa8.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_aa8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/2/2007 22:33:18 | Attr = ]
Perflib_Perfdata_ad8.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_ad8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/5/2008 17:01:44 | Attr = ]
Perflib_Perfdata_b74.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_b74.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/27/2008 22:24:25 | Attr = ]
Perflib_Perfdata_c38.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_c38.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/12/2007 21:38:44 | Attr = ]
Perflib_Perfdata_ca0.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_ca0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/26/2008 19:34:34 | Attr = ]
Perflib_Perfdata_ccc.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_ccc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/6/2007 09:32:19 | Attr = ]
Perflib_Perfdata_cfc.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_cfc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/26/2007 13:38:05 | Attr = ]
Perflib_Perfdata_dcc.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_dcc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/26/2008 18:50:26 | Attr = ]
Perflib_Perfdata_e18.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_e18.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/8/2007 21:41:40 | Attr = ]
Perflib_Perfdata_f6c.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_f6c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/11/2007 06:32:53 | Attr = ]
zseifita.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\zseifita.dat -> [Ver = | Size = 4736 bytes | Modified Date = 1/24/2008 20:13:24 | Attr = ]
2705 C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\*.tmp ->
dicts.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\gen_py\2.5\dicts.dat -> [Ver = | Size = 10 bytes | Modified Date = 6/25/2007 13:43:18 | Attr = ]
lang.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\lang.dat -> [Ver = | Size = 23541 bytes | Modified Date = 1/12/1999 10:34:42 | Attr = R ]
os.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\os.dat -> [Ver = | Size = 450 bytes | Modified Date = 7/27/1998 17:41:06 | Attr = R ]
ylskaile.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\ylskaile.ini -> [Ver = | Size = 4 bytes | Modified Date = 1/24/2008 20:13:21 | Attr = ]
_isdelet.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_isdelet.ini -> [Ver = | Size = 239 bytes | Modified Date = 8/23/2007 23:16:23 | Attr = ]
{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> [Ver = | Size = 627 bytes | Modified Date = 1/5/2008 19:26:54 | Attr = ]
2705 C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\*.tmp ->
AdobeIns.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\AdobeIns.ini -> [Ver = | Size = 6260 bytes | Modified Date = 9/17/2001 16:58:18 | Attr = ]
AdobeIns.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\AdobeIns.ini -> [Ver = | Size = 6260 bytes | Modified Date = 9/17/2001 17:58:18 | Attr = ]
abcpy.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Adobe Reader 8\abcpy.ini -> [Ver = | Size = 1728 bytes | Modified Date = 11/15/2006 10:38:14 | Attr = ]
setup.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Adobe Reader 8\setup.ini -> [Ver = | Size = 292 bytes | Modified Date = 8/25/2006 12:00:33 | Attr = ]
abcpy.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Adobe Reader 8_\abcpy.ini -> [Ver = | Size = 1728 bytes | Modified Date = 11/15/2006 10:38:14 | Attr = ]
setup.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Adobe Reader 8_\setup.ini -> [Ver = | Size = 292 bytes | Modified Date = 8/25/2006 12:00:33 | Attr = ]
setup.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\bye1F2.tmp\Disk1\setup.ini -> [Ver = | Size = 470 bytes | Modified Date = 5/5/2007 18:01:55 | Attr = ]
setup.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\bye23.tmp\Disk1\setup.ini -> [Ver = | Size = 466 bytes | Modified Date = 4/21/2007 17:43:09 | Attr = ]
setup.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\bye2C.tmp\Disk1\setup.ini -> [Ver = | Size = 466 bytes | Modified Date = 4/21/2007 19:23:46 | Attr = ]
setup.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\iss73C.tmp\setup.ini -> [Ver = | Size = 598 bytes | Modified Date = 8/23/2007 23:14:24 | Attr = ]
ioSpecial.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsc5D7.tmp\ioSpecial.ini -> [Ver = | Size = 707 bytes | Modified Date = 8/21/2007 18:34:22 | Attr = ]
RKDemographicCollection.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\RKDemographicCollection.ini -> [Ver = | Size = 2115 bytes | Modified Date = 1/24/2008 20:10:54 | Attr = ]
RKLicensePage.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\RKLicensePage.ini -> [Ver = | Size = 2122 bytes | Modified Date = 1/24/2008 20:10:43 | Attr = ]
Abcpy.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\Abcpy.ini -> [Ver = | Size = 3026 bytes | Modified Date = 4/4/2001 14:57:10 | Attr = R ]
SETUP.INI -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\SETUP.INI -> [Ver = | Size = 103 bytes | Modified Date = 3/28/2001 15:30:20 | Attr = R ]
SVGViewer.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\pftB9B~tmp\SVG Files\SVGViewer.ini -> [Ver = | Size = 0 bytes | Modified Date = 3/9/2001 11:13:50 | Attr = R ]
ERTS0019.exe -> C:\WINDOWS\Temp\ERTS0019.exe -> Lenovo Corporation [Ver = 2, 0, 0, 1 | Size = 49152 bytes | Modified Date = 2/6/2006 15:59:10 | Attr = ]
6 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
acpCommon.dll -> C:\WINDOWS\Temp\acpCommon.dll -> [Ver = 1, 0, 0, 1 | Size = 102400 bytes | Modified Date = 4/22/2004 16:34:22 | Attr = ]
erts2005.dll -> C:\WINDOWS\Temp\erts2005.dll -> IBM Corporation [Ver = 1, 0, 0, 6 | Size = 49152 bytes | Modified Date = 4/21/2005 11:21:02 | Attr = ]
MpEngine.dll -> C:\WINDOWS\Temp\MpEngine.dll -> Microsoft Corporation [Ver = 1.1.1303.0 | Size = 2625296 bytes | Modified Date = 3/20/2006 18:45:24 | Attr = ]
6 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
NSIS_Picasa.dll -> C:\WINDOWS\Temp\nsh82.tmp\NSIS_Picasa.dll -> [Ver = | Size = 55808 bytes | Modified Date = 8/29/2007 05:13:09 | Attr = ]
NSIS_Picasa.dll -> C:\WINDOWS\Temp\nso1E9.tmp\NSIS_Picasa.dll -> [Ver = | Size = 55808 bytes | Modified Date = 10/28/2007 17:36:41 | Attr = ]
instopts.dat -> C:\WINDOWS\Temp\instopts.dat -> [Ver = | Size = 1348 bytes | Modified Date = 6/10/2006 09:31:43 | Attr = ]
6 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 1/24/2008 23:02:44 | Attr = ]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 1/24/2008 23:02:44 | Attr = ]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 65536 bytes | Modified Date = 1/24/2008 23:02:44 | Attr = ]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 6/9/2006 18:18:59 | Attr = HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 6/9/2006 18:18:59 | Attr = HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0D2FS5U7\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 6/9/2006 18:18:59 | Attr = HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4TIV8XYN\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 6/9/2006 18:18:59 | Attr = HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KLAB0PQ3\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 6/9/2006 18:18:59 | Attr = HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ODER4HUJ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 6/9/2006 18:18:59 | Attr = HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 1/5/2008 19:22:21 | Attr = ]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 2/1/2008 14:16:22 | Attr = ]
PC Tools -> %AllUsersAppData%\PC Tools -> [Folder | Modified Date = 1/25/2008 21:51:13 | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 2/2/2008 11:24:46 | Attr = ]
@Alternate Data Stream - 506 bytes -> %AllUsersAppData%\TEMP:05EE1EEF
@Alternate Data Stream - 123 bytes -> %AllUsersAppData%\TEMP:64217CD0
@Alternate Data Stream - 152 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
ArcSoft -> %UserAppData%\ArcSoft -> [Folder | Modified Date = 1/5/2008 19:26:29 | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Modified Date = 1/25/2008 17:22:23 | Attr = ]
SAS7_000.DAT -> %UserAppData%\SAS7_000.DAT -> [Ver = | Size = 2154 bytes | Modified Date = 1/15/2008 20:15:47 | Attr = ]
urlredir.cfg -> %UserAppData%\urlredir.cfg -> [Ver = | Size = 209 bytes | Modified Date = 1/24/2008 20:18:53 | Attr = ]
WeatherBug -> %UserAppData%\WeatherBug -> [Folder | Modified Date = 1/28/2008 16:03:44 | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 1/5/2008 19:25:15 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 139264 bytes | Modified Date = 1/31/2008 20:52:48 | Attr = ]
Dump Folder -> %UserDocuments%\Dump Folder -> [Folder | Modified Date = 2/1/2008 09:19:03 | Attr = ]
eDonkey2000 Downloads -> %UserDocuments%\eDonkey2000 Downloads -> [Folder | Modified Date = 1/27/2008 23:18:02 | Attr = ]
Google Talk Received Files -> %UserDocuments%\Google Talk Received Files -> [Folder | Modified Date = 1/27/2008 23:18:00 | Attr = ]
Got It Right This Time.doc -> %UserDocuments%\Got It Right This Time.doc -> [Ver = | Size = 31232 bytes | Modified Date = 1/3/2008 21:56:02 | Attr = ]
Incomplete -> %UserDocuments%\Incomplete -> [Folder | Modified Date = 1/27/2008 23:18:13 | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/5/2008 19:20:40 | Attr = R ]
My PSP Files -> %UserDocuments%\My PSP Files -> [Folder | Modified Date = 1/30/2008 21:31:53 | Attr = ]
School -> %UserDocuments%\School -> [Folder | Modified Date = 1/15/2008 20:49:00 | Attr = ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk -> [Ver = | Size = 1740 bytes | Modified Date = 1/5/2008 19:27:15 | Attr = ]
Jasc Paint Shop Pro 9.lnk -> %AllUsersDesktop%\Jasc Paint Shop Pro 9.lnk -> [Ver = | Size = 2523 bytes | Modified Date = 1/30/2008 21:31:53 | Attr = ]
Panorama Maker 4.lnk -> %AllUsersDesktop%\Panorama Maker 4.lnk -> [Ver = | Size = 1622 bytes | Modified Date = 1/5/2008 19:24:55 | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 1648 bytes | Modified Date = 1/25/2008 17:22:37 | Attr = ]
AC3D.lnk -> %UserDesktop%\AC3D.lnk -> [Ver = | Size = 669 bytes | Modified Date = 1/27/2008 23:06:01 | Attr = ]
ac3dtex -> %UserDesktop%\ac3dtex -> [Folder | Modified Date = 2/2/2008 09:18:25 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Modified Date = 1/28/2008 16:38:16 | Attr = ]
Rigs of Rods 0.34.lnk -> %UserDesktop%\Rigs of Rods 0.34.lnk -> [Ver = | Size = 573 bytes | Modified Date = 1/21/2008 20:50:15 | Attr = ]
RoR.exe.lnk -> %UserDesktop%\RoR.exe.lnk -> [Ver = | Size = 727 bytes | Modified Date = 1/21/2008 20:50:21 | Attr = ]
rorEditor.exe.lnk -> %UserDesktop%\rorEditor.exe.lnk -> [Ver = | Size = 1101 bytes | Modified Date = 1/25/2008 22:43:20 | Attr = ]
Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 26112 bytes | Modified Date = 1/3/2008 20:38:49 | Attr = HS]
Winch -> %UserDesktop%\Winch -> [Folder | Modified Date = 2/1/2008 22:20:36 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 2/2/2008 12:21:31 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478495 bytes | Modified Date = 2/2/2008 12:18:04 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 1/5/2008 19:22:25 | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 1/25/2008 22:14:34 | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Modified Date = 1/25/2008 21:47:51 | Attr = ]

< End of report >

#7 OldTimer

Malware Expert

Group: Malware Response Team
Posts: 11,090
Joined: 28-January 05
Gender:Male
Location:North Carolina

Posted 02 February 2008 - 03:06 PM

Hi iker42 . Ok, let's see what we can do. First, copy these directions into Notepad and save them on your desktop. We will be booting to Safe Mode and you will need this information and the ability to copy/paste some of it during the fix.

Now please follow these steps in order:

Step #1

Start in Safe Mode Using the F8 method:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
Use the arrow keys to select the Safe Mode menu item.
Press the Enter key.

Step #2

Now we will need to disable the driver for this thing. Please do the following:

Click Start, click Control Panel, click Performance and Maintenance, and then click System.
On the Hardware tab, click Device Manager.
Click the View menu and if there is no checkmark in front of Show hidden devices then click on it to activate it.
Scroll down the list of devices and double-click Non-Plug and Play Drivers.
Locate the poxpkwwc device and right click it and then click the Properties option.
Click the Driver] tab.
In the Startup section select Disable from the drop-down list.
Click General tab.
In the Device Usage drop-down list select Do not use this device (disable).
Click the Ok button and you should be prompted to reboot. You can reboot normally.

Step #3

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (poxpkwwc) poxpkwwc [Kernel | Boot | Running] -> %System32%\drivers\npyrdscf.dat
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> tgcmd -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {41BEB131-28C2-4CDB-8CD4-12D41EDC8550} [HKEY_LOCAL_MACHINE] -> %System32%\AgCPanelKorea.dll [Reg Error: Value does not exist or could not be read.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Support.com\Bin\tgcmd.exe -> C:\Program Files\Support.com\Bin\tgcmd.exe [C:\Program Files\Support.com\Bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eDonkey2000\edonkey2000.exe -> C:\Program Files\eDonkey2000\edonkey2000.exe [C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151763126\ee\aolsoftware.exe -> C:\Program Files\Common Files\AOL\1151763126\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1151763126\ee\aolsoftware.exe:*:Enabled:AOL Services]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151763126\ee\aim6.exe -> C:\Program Files\Common Files\AOL\1151763126\ee\aim6.exe [C:\Program Files\Common Files\AOL\1151763126\ee\aim6.exe:*:Enabled:AIM]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\empires2.exe -> C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\empires2.exe [C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\empires2.exe:*:Enabled:Age of Empires II]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\age2_x1.exe -> C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\age2_x1.exe [C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\age2_x1.exe:*:Enabled:Age of Empires II Expansion]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\empires2.exe -> C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\empires2.exe [C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\empires2.exe:*:Enabled:Age of Empires II]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\age2_x1.exe -> C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\age2_x1.exe [C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\age2_x1.exe:*:Enabled:Age of Empires II Expansion]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo\halo.exe -> C:\Program Files\Microsoft Games\Halo\halo.exe [C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\PDFEdit.exe -> C:\Documents and Settings\Mike Arroyo\Desktop\PDFEdit.exe [C:\Documents and Settings\Mike Arroyo\Desktop\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe -> C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe [C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameSpy Arcade\Aphex.exe -> C:\Program Files\GameSpy Arcade\Aphex.exe [C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe -> C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe [C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe -> C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe [C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Games\Microsoft Games\Halo\HALO.EXE -> G:\Games\Microsoft Games\Halo\HALO.EXE [G:\Games\Microsoft Games\Halo\HALO.EXE:*:Enabled:Halo]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Games\Microsoft Games\Halo Custom Edition\haloce.exe -> G:\Games\Microsoft Games\Halo Custom Edition\haloce.exe [G:\Games\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Games\BF2\Bf2_w32ded.exe -> G:\Games\BF2\Bf2_w32ded.exe [G:\Games\BF2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\GAMES\[ PC Games ] - Age of Empires II(FULL)(3)\age2_x1.exe -> C:\GAMES\[ PC Games ] - Age of Empires II(FULL)(3)\age2_x1.exe [C:\GAMES\[ PC Games ] - Age of Empires II(FULL)(3)\age2_x1.exe:*:Enabled:Age of Empires II Expansion]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent_DNA\dna.exe -> C:\Program Files\BitTorrent_DNA\dna.exe [C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitDownload\BitDownload.exe -> C:\Program Files\BitDownload\BitDownload.exe [C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Defcon\defcon.exe -> C:\Program Files\Defcon\defcon.exe [C:\Program Files\Defcon\defcon.exe:*:Enabled:Defcon]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Live for Speed S2\LFS.exe -> C:\Program Files\Live for Speed S2\LFS.exe [C:\Program Files\Live for Speed S2\LFS.exe:*:Enabled:LFS]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Games\Microsoft Games\Halo\HALO.EXE -> F:\Games\Microsoft Games\Halo\HALO.EXE [F:\Games\Microsoft Games\Halo\HALO.EXE:*:Enabled:Halo]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Rigs of Rods 0.33\RoRserver.exe -> C:\Program Files\Rigs of Rods 0.33\RoRserver.exe [C:\Program Files\Rigs of Rods 0.33\RoRserver.exe:*:Enabled:RoRserver]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Games\Microsoft Games\Halo Custom Edition\haloce.exe -> F:\Games\Microsoft Games\Halo Custom Edition\haloce.exe [F:\Games\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo]
[Files/Folders - Created Within 30 days]
YN -> npyrdscf.dat -> %System32%\drivers\npyrdscf.dat
YN -> AgCPanelKorea.dll -> %System32%\AgCPanelKorea.dll
[Files Created - Additional Folder Scans - Non-Microsoft Only]
YN -> urlredir.cfg -> %UserAppData%\urlredir.cfg
[Files/Folders - Modified Within 30 days]
YN -> npyrdscf.dat -> %System32%\drivers\npyrdscf.dat
YN -> ylskaile.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\ylskaile.ini
YN -> RKDemographicCollection.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\RKDemographicCollection.ini
YN -> RKLicensePage.ini -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\RKLicensePage.ini
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YN -> @Alternate Data Stream - 506 bytes -> %AllUsersAppData%\TEMP:05EE1EEF
YN -> @Alternate Data Stream - 123 bytes -> %AllUsersAppData%\TEMP:64217CD0
YN -> @Alternate Data Stream - 152 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
YN -> urlredir.cfg -> %UserAppData%\urlredir.cfg
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally. If you are not asked to reboot, cLick the Ok button on the finished message and Notepad will open with a log of actions taken during the fix. Post that information back here. My guess is that we will still need to use Avenger again to remove the left-over files but it should not give us the problems it did previously.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

#8 iker42

Member

Group: Members
Posts: 23
Joined: 05-January 05

Posted 02 February 2008 - 04:10 PM

it asked me to restart, so i think this is the log u wanted

Explorer killed successfully
[Driver Services - Non-Microsoft Only]
Service poxpkwwc stopped successfully.
Service poxpkwwc deleted successfully.
File move failed. C:\WINDOWS\System32\drivers\npyrdscf.dat scheduled to be moved on reboot.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tgcmd deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41BEB131-28C2-4CDB-8CD4-12D41EDC8550}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41BEB131-28C2-4CDB-8CD4-12D41EDC8550}\ deleted successfully.
File C:\WINDOWS\System32\AgCPanelKorea.dll not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Support.com\Bin\tgcmd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eDonkey2000\edonkey2000.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151763126\ee\aolsoftware.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151763126\ee\aim6.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\empires2.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\Age of Empires\age2_x1.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\empires2.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\GAMES\Age of Empires\age2_x1.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo\halo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike Arroyo\Desktop\PDFEdit.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameSpy Arcade\Aphex.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Games\Microsoft Games\Halo\HALO.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Games\Microsoft Games\Halo Custom Edition\haloce.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Games\BF2\Bf2_w32ded.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\GAMES\[ PC Games ] - Age of Empires II(FULL)(3)\age2_x1.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent_DNA\dna.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitDownload\BitDownload.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Defcon\defcon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Live for Speed S2\LFS.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Games\Microsoft Games\Halo\HALO.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Rigs of Rods 0.33\RoRserver.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Games\Microsoft Games\Halo Custom Edition\haloce.exe deleted successfully.
[Files/Folders - Created Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\npyrdscf.dat scheduled to be moved on reboot.
File C:\WINDOWS\System32\AgCPanelKorea.dll not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\Mike Arroyo\Application Data\urlredir.cfg moved successfully.
[Files/Folders - Modified Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\npyrdscf.dat scheduled to be moved on reboot.
C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\ylskaile.ini moved successfully.
C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\RKDemographicCollection.ini moved successfully.
C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\nsz214.tmp\RKLicensePage.ini moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:64217CD0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
File C:\Documents and Settings\Mike Arroyo\Application Data\urlredir.cfg not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_974.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta42 fix logfile created on 02022008_155700

#9 OldTimer

Malware Expert

Group: Malware Response Team
Posts: 11,090
Joined: 28-January 05
Gender:Male
Location:North Carolina

Posted 02 February 2008 - 05:08 PM

Hi iker42. Yup, that looks good. Now I need a new WinPFind35 scan also.

Cheers.

OT

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

#10 iker42

Member

Group: Members
Posts: 23
Joined: 05-January 05

Posted 03 February 2008 - 01:00 AM

WinPFind35 logfile created on: 2/3/2008 00:59:04
WinPFind35U Version Beta42 Folder = C:\Documents and Settings\Mike Arroyo\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1022.92 Mb Total Physical Memory | 435.27 Mb Available Physical Memory | 42.55% Memory free
2.37 Gb Paging File | 1.62 Gb Available in Paging File | 68.22% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.26 Gb Total Space | 13.27 Gb Free Space | 38.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.83 Gb Total Space | 187.42 Gb Free Space | 80.50% Space Free | Partition Type: FAT32

Computer Name: MIKEA
Current User Name: Mike Arroyo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 7/3/2003 00:25:00 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 11/16/2006 20:57:18 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 86016 bytes | Modified Date = 2/6/2006 21:23:06 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 372809 bytes | Modified Date = 2/6/2006 21:26:34 | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 161392 bytes | Modified Date = 4/8/2005 15:54:52 | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 185968 bytes | Modified Date = 4/8/2005 15:52:32 | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 19648 bytes | Modified Date = 4/17/2005 12:30:32 | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/23/2007 23:09:21 | Attr = ]
qconsvc.exe -> %System32%\QCONSVC.EXE -> [Ver = | Size = 49152 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 139264 bytes | Modified Date = 2/6/2006 21:22:26 | Attr = ]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 14:53:44 | Attr = ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 01:51:48 | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 1706176 bytes | Modified Date = 4/17/2005 12:30:40 | Attr = ]
tpkmpsvc.exe -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 7/11/2003 20:19:22 | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 16:38:08 | Attr = ]
winvnc.exe -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 11/16/2006 20:57:18 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 110592 bytes | Modified Date = 7/31/2003 17:25:34 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 512000 bytes | Modified Date = 7/31/2003 17:24:24 | Attr = ]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 8/7/2003 17:57:52 | Attr = ]
ezejmnap.exe -> %ProgramFiles%\ThinkPad\Utilities\EzEjMnAp.Exe -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 204800 bytes | Modified Date = 12/24/2002 04:01:00 | Attr = ]
ibmmessages.exe -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 1.058 | Size = 495616 bytes | Modified Date = 1/7/2003 16:52:16 | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 3.50.31a | Size = 106551 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
xptryicn.exe -> %ProgramFiles%\Mediafour\XPlay\XPTRYICN.EXE -> Mediafour Corporation [Ver = 2.0.10.0 | Size = 94208 bytes | Modified Date = 9/27/2004 15:11:00 | Attr = R ]
macvntfy.exe -> %CommonProgramFiles%\Mediafour\MACVNTFY.EXE -> Mediafour Corporation [Ver = 5.0.10.0 | Size = 61440 bytes | Modified Date = 12/17/2002 14:43:00 | Attr = R ]
mddiskprotect.exe -> %ProgramFiles%\Mediafour\MacDrive\MDDiskProtect.exe -> Mediafour Corporation [Ver = 6.0.6.1 | Size = 106496 bytes | Modified Date = 4/15/2005 16:54:00 | Attr = ]
qcwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCWLICON.EXE -> [Ver = | Size = 53248 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 48752 bytes | Modified Date = 4/8/2005 15:52:30 | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 85184 bytes | Modified Date = 4/17/2005 12:30:48 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 09:54:04 | Attr = ]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 6/23/2003 09:34:18 | Attr = ]
tpscrex.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe -> IBM Corporation [Ver = 1.06 | Size = 65536 bytes | Modified Date = 1/10/2002 17:01:34 | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 16:38:18 | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 81920 bytes | Modified Date = 2/16/2005 15:15:20 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:35 | Attr = ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
atomic.exe -> %ProgramFiles%\Atomic Clock Sync\Atomic.exe -> Chaos Software Group, Inc. [Ver = 2.7.0.3 | Size = 524288 bytes | Modified Date = 6/17/2004 12:46:48 | Attr = ]
quickdcf.exe -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 4, 0, 0, 0 | Size = 200704 bytes | Modified Date = 12/20/2002 15:18:40 | Attr = ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/23/2007 23:09:18 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 12:38:16 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 11/16/2006 20:57:18 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 185968 bytes | Modified Date = 4/8/2005 15:52:32 | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 83568 bytes | Modified Date = 4/8/2005 15:54:50 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 161392 bytes | Modified Date = 4/8/2005 15:54:52 | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 19648 bytes | Modified Date = 4/17/2005 12:30:32 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 02:56:48 | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 86016 bytes | Modified Date = 2/6/2006 21:23:06 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/23/2007 23:09:21 | Attr = ]
(IBMPMSVC) IBM PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 7/3/2003 00:25:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 02:24:18 | Attr = ]
(QCONSVC) QCONSVC [Win32_Own | Auto | Running] -> %System32%\QCONSVC.EXE -> [Ver = | Size = 49152 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 139264 bytes | Modified Date = 2/6/2006 21:22:26 | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 372809 bytes | Modified Date = 2/6/2006 21:26:34 | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.0.359 | Size = 124608 bytes | Modified Date = 4/17/2005 12:30:42 | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 14:53:44 | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,1,3 | Size = 992864 bytes | Modified Date = 3/30/2005 21:48:22 | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 01:51:48 | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 1706176 bytes | Modified Date = 4/17/2005 12:30:40 | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 15:59:50 | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 7/11/2003 20:19:22 | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 16:38:08 | Attr = ]
(winvnc) VNC Server [Win32_Own | Auto | Running] -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 14:20:04 | Attr = ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.25 | Size = 98752 bytes | Modified Date = 8/22/2002 19:57:02 | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 12/7/2006 19:57:27 | Attr = ]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %System32%\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.20 2.1.20 10/18/2002 10:07:32 | Size = 1156672 bytes | Modified Date = 10/18/2002 13:07:34 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 15:51:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 01:07:42 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 15:52:00 | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 15:51:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6547 | Size = 1133568 bytes | Modified Date = 11/16/2006 21:02:24 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 15:51:54 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 15:52:16 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 01:07:17 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 01:07:16 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 07:00:00 | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.49a | Size = 83104 bytes | Modified Date = 12/20/2002 05:21:00 | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.27e | Size = 40368 bytes | Modified Date = 12/24/2002 04:56:00 | Attr = ]
(E1000) Intel® PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 6.4.16.33 built by: WinDDK | Size = 103936 bytes | Modified Date = 1/19/2003 17:29:18 | Attr = ]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 14:12:10 | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 1/18/2008 04:00:00 | Attr = ]
(EGATHDRV) IBM Access Support [Kernel | Auto | Running] -> %System32%\EGATHDRV.SYS -> IBM Corporation [Ver = 2.05 | Size = 11712 bytes | Modified Date = 6/29/2006 17:11:08 | Attr = ]
(FINEPIX_PCC) FinePix Digital Camera 020724 [Kernel | On_Demand | Stopped] -> %System32%\drivers\V4CB011B.SYS -> FUJI PHOTO FILM CO.,LTD. [Ver = 3, 0, 0, 1 | Size = 81700 bytes | Modified Date = 5/7/2002 04:44:04 | Attr = ]
(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %System32%\drivers\ibmpmdrv.sys -> IBM Corp. [Ver = 1.25 | Size = 11344 bytes | Modified Date = 7/3/2003 00:25:00 | Attr = ]
(IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> %System32%\drivers\IBMBLDID.SYS -> [Ver = | Size = 2295 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Modified Date = 12/10/2007 14:53:28 | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 14:53:28 | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 14:53:28 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Modified Date = 8/4/2004 00:41:35 | Attr = ]
(MASPINT) MASPINT [Kernel | Auto | Running] -> %System32%\drivers\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.05 | Size = 8224 bytes | Modified Date = 6/21/2002 17:42:50 | Attr = ]
(MDFSYSNT) MDFSYSNT [File_System | System | Running] -> %System32%\drivers\MDFSYSNT.SYS -> Mediafour Corporation [Ver = 6.1.4.2 | Size = 213888 bytes | Modified Date = 9/13/2006 13:53:18 | Attr = R ]
(MDPMGRNT) MDPMGRNT [Kernel | Boot | Running] -> %System32%\drivers\MDPMGRNT.SYS -> Mediafour Corporation [Ver = 6.0.6.0 | Size = 24320 bytes | Modified Date = 7/20/2005 17:35:00 | Attr = R ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 15:52:12 | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080201.007\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 82256 bytes | Modified Date = 1/22/2008 04:00:00 | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080201.007\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 895312 bytes | Modified Date = 1/22/2008 04:00:00 | Attr = ]
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/4/2004 01:00:50 | Attr = ]
(PCDRDRV) Pcdr Helper Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys -> File not found
(PcdrNt) PcdrNt [Kernel | On_Demand | Stopped] -> %System32%\drivers\PcdrNt.sys -> PC-Doctor Inc. [Ver = 4.0.7 | Size = 44192 bytes | Modified Date = 3/22/2000 23:42:24 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(pctfw2) pctfw2 [Kernel | System | Running] -> %System32%\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 0, 57 | Size = 218504 bytes | Modified Date = 1/25/2008 17:53:26 | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 07:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 3/27/2007 02:55:31 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 15:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 15:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 15:52:18 | Attr = ]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 11354 bytes | Modified Date = 11/7/2005 05:58:30 | Attr = ]
(S3SSavage) S3SSavage [Kernel | On_Demand | Stopped] -> %System32%\drivers\s3ssavm.sys -> S3 Graphics, Inc. [Ver = 6.13.10.1236-12.90.36 | Size = 95104 bytes | Modified Date = 11/1/2001 04:57:14 | Attr = ]
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.5.0.41 | Size = 324232 bytes | Modified Date = 2/4/2005 20:14:30 | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.5.0.41 | Size = 53896 bytes | Modified Date = 2/4/2005 20:14:32 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 05:25:53 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 01:07:42 | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3535 | Size = 537920 bytes | Modified Date = 12/13/2002 16:59:16 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 16:07:44 | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,5,1,3 | Size = 372832 bytes | Modified Date = 3/30/2005 21:48:20 | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.61a | Size = 5589 bytes | Modified Date = 12/24/2002 12:52:26 | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.61a | Size = 22995 bytes | Modified Date = 12/24/2002 12:51:46 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 16:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 16:07:36 | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.1.1 | Size = 123200 bytes | Modified Date = 4/1/2005 20:36:04 | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 17976 bytes | Modified Date = 4/5/2005 11:17:00 | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 267192 bytes | Modified Date = 4/5/2005 11:17:02 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 16:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 16:07:42 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 270288 bytes | Modified Date = 7/31/2003 17:04:04 | Attr = ]
(TDSMAPI) TDSMAPI [Kernel | System | Running] -> %System32%\drivers\TDSMAPI.SYS -> [Ver = | Size = 9343 bytes | Modified Date = 8/3/2006 01:54:00 | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 23895 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 34775 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 4087 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 2171 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 55254 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 14103 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 6295 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 91318 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 95447 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/28/2008 17:04:59 | Attr = ]
(Tp4Track) IBM PS/2 TrackPoint Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\tp4track.sys -> IBM Corporation [Ver = 3.09 | Size = 14064 bytes | Modified Date = 12/3/2002 05:09:00 | Attr = ]
(TPHKDRV) TPHKDRV [Kernel | System | Running] -> %System32%\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 16162 bytes | Modified Date = 6/23/2003 09:33:58 | Attr = ]
(TPPWR) TPPWR [Kernel | System | Running] -> %System32%\drivers\TPPWR.SYS -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 16384 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
(TSMAPIP) TSMAPIP [Kernel | System | Running] -> %System32%\drivers\TSMAPIP.SYS -> [Ver = | Size = 7168 bytes | Modified Date = 12/26/2002 04:10:00 | Attr = ]
(TwoTrack) IBM PS/2 TrackPoint Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\TwoTrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Modified Date = 8/17/2001 15:48:14 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 15:52:22 | Attr = ]
(Vax347b) Vax347b [Kernel | Boot | Running] -> %System32%\drivers\Vax347b.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 159616 bytes | Modified Date = 4/25/2005 10:43:58 | Attr = ]
(Vax347s) Vax347s [Kernel | Boot | Running] -> %System32%\drivers\Vax347s.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 4/30/2004 09:33:00 | Attr = ]
(w29n51) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9004-8 Driver | Size = 3325312 bytes | Modified Date = 1/17/2006 17:32:44 | Attr = ]
(w70n51) Intel® PRO/Wireless 7100 Adapter Driver for Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w70n51.sys -> Intel® Corporation [Ver = 1.2.4.41 | Size = 674560 bytes | Modified Date = 7/13/2006 12:33:08 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 19:51:55 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 11/16/2006 20:00:00 | Attr = ]
Atomic.exe -> %ProgramFiles%\Atomic Clock Sync\Atomic.exe -> Chaos Software Group, Inc. [Ver = 2.7.0.3 | Size = 524288 bytes | Modified Date = 6/17/2004 12:46:48 | Attr = ]
BLOG -> %ProgramFiles%\ThinkPad\Utilities\BATLOGEX.DLL -> [Ver = | Size = 208896 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
BMMGAG -> %ProgramFiles%\ThinkPad\Utilities\PWRMONIT.DLL -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 110592 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
BMMLREF -> %ProgramFiles%\ThinkPad\Utilities\BMMLREF.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
BMMMONWND -> %ProgramFiles%\ThinkPad\Utilities\BATINFEX.DLL -> [Ver = | Size = 396288 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 48752 bytes | Modified Date = 4/8/2005 15:52:30 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 3.50.31a | Size = 106551 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
DNS7reminder -> %ProgramFiles%\Nuance\NaturallySpeaking9\Ereg\Ereg.exe -> Nuance Communications, Inc. [Ver = 5, 0, 0, 0 | Size = 259624 bytes | Modified Date = 3/19/2007 08:20:42 | Attr = ]
EZEJMNAP -> %ProgramFiles%\ThinkPad\Utilities\EzEjMnAp.Exe -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 204800 bytes | Modified Date = 12/24/2002 04:01:00 | Attr = ]
ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 1.058 | Size = 495616 bytes | Modified Date = 1/7/2003 16:52:16 | Attr = ]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 221184 bytes | Modified Date = 2/16/2005 15:15:22 | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 81920 bytes | Modified Date = 2/16/2005 15:15:20 | Attr = ]
MDDiskProtect.exe -> %ProgramFiles%\Mediafour\MacDrive\MDDiskProtect.exe -> Mediafour Corporation [Ver = 6.0.6.1 | Size = 106496 bytes | Modified Date = 4/15/2005 16:54:00 | Attr = ]
Mediafour Mac Volume Notifications -> %CommonProgramFiles%\Mediafour\MACVNTFY.EXE -> Mediafour Corporation [Ver = 5.0.10.0 | Size = 61440 bytes | Modified Date = 12/17/2002 14:43:00 | Attr = R ]
Mediafour XPlay Tray Notification Icon -> %ProgramFiles%\Mediafour\XPlay\XPTRYICN.EXE -> Mediafour Corporation [Ver = 2.0.10.0 | Size = 94208 bytes | Modified Date = 9/27/2004 15:11:00 | Attr = R ]
QCWLIcon -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCWLICON.EXE -> [Ver = | Size = 53248 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 09:54:04 | Attr = ]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 21:32:10 | Attr = ]
S3TRAY2 -> %System32%\S3Tray2.exe -> S3 Graphics, Inc. [Ver = 1.00.13-1012 | Size = 69632 bytes | Modified Date = 10/12/2001 00:32:36 | Attr = ]
SSBkgdUpdate -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe -> Nuance Communications, Inc. [Ver = 5,2,0,0 | Size = 210472 bytes | Modified Date = 10/25/2006 08:03:38 | Attr = ]
StorageGuard -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 6/18/2002 02:01:00 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:35 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 512000 bytes | Modified Date = 7/31/2003 17:24:24 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 110592 bytes | Modified Date = 7/31/2003 17:25:34 | Attr = ]
TP4EX -> %System32%\TP4EX.exe -> IBM Corporation [Ver = 1.05.00 | Size = 53248 bytes | Modified Date = 9/4/2002 03:05:00 | Attr = ]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 8/7/2003 17:57:52 | Attr = ]
TPKMAPHELPER -> %ProgramFiles%\ThinkPad\Utilities\TpKmapAp.exe -> IBM Corp. [Ver = 1, 1, 0, 0 | Size = 897024 bytes | Modified Date = 8/8/2003 17:39:38 | Attr = ]
TrackPointSrv -> %System32%\tp4serv.exe -> IBM Corporation [Ver = 3.09 | Size = 87552 bytes | Modified Date = 12/3/2002 05:09:00 | Attr = ]
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 85184 bytes | Modified Date = 4/17/2005 12:30:48 | Attr = ]
WinVNC -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 16:22:02 | Attr = ]
ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 1.058 | Size = 495616 bytes | Modified Date = 1/7/2003 16:52:16 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 8/23/2007 23:09:25 | Attr = ]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 10 | Size = 1343488 bytes | Modified Date = 4/7/2006 15:02:24 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 14:06:48 | Attr = ]
%AllUsersStartup%\Exif Launcher.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 4, 0, 0, 0 | Size = 200704 bytes | Modified Date = 12/20/2002 15:18:40 | Attr = ]
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/23/2007 23:09:18 | Attr = ]
< Mike Arroyo Startup Folder > -> C:\Documents and Settings\Mike Arroyo\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 11/16/2006 20:58:18 | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.0.0.359 | Size = 43712 bytes | Modified Date = 4/17/2005 12:30:56 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (874 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ig?hl=en ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 15:29:16 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 3.50.31a | Size = 94262 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:33 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 8/23/2007 23:09:25 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:33 | Attr = ]
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 15:29:16 | Attr = ]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 1/9/2008 15:01:48 | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 14:35:36 | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 16:43:18 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 15:29:16 | Attr = ]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 14:35:36 | Attr = ]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 16:43:18 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 4, 0, 428 | Size = 253952 bytes | Modified Date = 8/3/2006 10:15:32 | Attr = ]
&Lookup Meaning -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 4, 0, 428 | Size = 253952 bytes | Modified Date = 8/3/2006 10:15:32 | Attr = ]
&Yahoo! Search -> -> File not found
Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 4, 0, 428 | Size = 253952 bytes | Modified Date = 8/3/2006 10:15:32 | Attr = ]
Yahoo! &Dictionary -> -> File not found
Yahoo! &Maps -> -> File not found
Yahoo! &SMS -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3208BD92-DCC9-40EF-B612-2C0CBAB48FFD} -> () ->
{4BB26424-422C-4147-82A6-7817319D205B} -> (Intel® PRO/1000 MT Mobile Connection) ->
{6CF2B35C-B8F7-488F-84DA-66C1F53E7BB0} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{8506968E-7EDC-4F73-8B9A-DCFD07DA7292} -> () ->
{CD21294F-6B93-4289-BDD2-4F0CD162723B} -> (Intel® PRO/Wireless LAN 2100 3B Mini PCI Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/200609...ex/qtplugin.cab[QuickTime Object] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b...heckControl.cab[Windows Genuine Advantage Validation Tool] ->
{1B9B97D0-C0F4-4045-9B42-50A4535C9041}[HKEY_LOCAL_MACHINE] -> http://download.paltalk.com/wcloader_prod/wcloader.cab[WCLoaderCtl Class] ->
{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}[HKEY_LOCAL_MACHINE] -> http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?[MiniBugTransporterX Class] ->
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab[IASRunner Class] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] ->
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] ->
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{66D393D5-4D80-497C-9F4F-F3839E090202}[HKEY_LOCAL_MACHINE] -> http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab[PlayerOCX Control] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1149898703679[MUWebControl Class] ->
{74FFE28D-2378-11D5-990C-006094235084}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab[IBM Access Support] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}[HKEY_LOCAL_MACHINE] -> http://www.betterphoto.com/_shared/uploadI...geUploader3.cab[Aurigma Image Uploader 3.5 Control] ->
{A8F2B9BD-A6A0-486A-9744-18920D898429}[HKEY_LOCAL_MACHINE] -> http://www.sibelius.com/download/software/...tiveXPlugin.cab[ScorchPlugin Class] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe[Virtools WebPlayer Class] ->
{E598AC61-4C6F-4F4D-877F-FAC49CA91FA3}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab[acpRunner Class] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\SerialNumber -> A109A-K13-3ZXD-BAP5-TE ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\SerialNumber -> A109A-K13-3ZXD-BAP5-TE ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 02:56:43 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 02:56:43 | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 09:21:15 | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 23:37:50 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 816 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 02:56:44 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\AUOptions -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 02:56:44 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/29/2002 07:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 02:56:57 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 16832 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 02:56:42 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 02:56:56 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 07:44:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 14:35:36 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 16:10:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 02:56:56 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 16:43:18 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 16:43:18 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 16:22:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 | Attr = HS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 05:59:52 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dplaysvr.exe -> C:\WINDOWS\system32\dplaysvr.exe [C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30208 bytes | Modified Date = 8/4/2004 02:56:48 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 07:44:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 14:35:36 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\UltraVNC\winvnc.exe -> C:\Program Files\UltraVNC\winvnc.exe [C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32] -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 10/31/2005 10:56:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6023.5000 | Size = 12831608 bytes | Modified Date = 5/25/2007 19:09:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 16:10:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetMeeting\conf.exe -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®] -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 1032192 bytes | Modified Date = 8/4/2004 02:56:48 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\GAMES\Age of Empires\age2_x1.exe -> C:\GAMES\Age of Empires\age2_x1.exe [C:\GAMES\Age of Empires\age2_x1.exe:*:Enabled:Age of Empires II Expansion] -> Microsoft Corporation [Ver = 00.07.22.0627 | Size = 2695213 bytes | Modified Date = 8/8/2000 02:13:34 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\GAMES\Age of Empires\empires2.exe -> C:\GAMES\Age of Empires\empires2.exe [C:\GAMES\Age of Empires\empires2.exe:*:Enabled:Age of Empires II] -> Microsoft Corporation [Ver = 00.14.14.0914 | Size = 2560000 bytes | Modified Date = 9/21/1999 19:46:58 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.9: 2007102514 | Size = 7649128 bytes | Modified Date = 1/25/2008 18:24:41 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8506968E-7EDC-4F73-8B9A-DCFD07DA7292} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{CD21294F-6B93-4289-BDD2-4F0CD162723B} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4BB26424-422C-4147-82A6-7817319D205B} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 02:56:57 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 02:56:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 23:39:49 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 02:56:57 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 02:56:44 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 02:56:57 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 23:39:49 | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->

[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072680960 bytes | Created Date = 2/2/2008 15:53:40 | Attr = HS]
temp_phw -> %SystemDrive%\temp_phw -> [Folder | Created Date = 1/14/2008 20:15:50 | Attr = ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
npyrdscf.dat -> %System32%\drivers\npyrdscf.dat -> [Ver = | Size = 19584 bytes | Created Date = 1/24/2008 20:13:24 | Attr = ]
pctfw2.sys -> %System32%\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 0, 57 | Size = 218504 bytes | Created Date = 1/25/2008 21:47:54 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/28/2008 17:05:35 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/28/2008 17:18:24 | Attr = ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bdoscandel.exe -> %SystemRoot%\bdoscandel.exe -> [Ver = | Size = 53248 bytes | Created Date = 1/9/2008 15:01:48 | Attr = ]
bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini -> [Ver = | Size = 453 bytes | Created Date = 1/9/2008 15:01:48 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
PC Tools -> %AllUsersAppData%\PC Tools -> [Folder | Created Date = 1/25/2008 21:51:13 | Attr = ]
ArcSoft -> %UserAppData%\ArcSoft -> [Folder | Created Date = 1/5/2008 19:26:28 | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Created Date = 1/25/2008 17:22:23 | Attr = ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk -> [Ver = | Size = 1740 bytes | Created Date = 1/5/2008 19:22:29 | Attr = ]
Panorama Maker 4.lnk -> %AllUsersDesktop%\Panorama Maker 4.lnk -> [Ver = | Size = 1622 bytes | Created Date = 1/5/2008 19:24:55 | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 1648 bytes | Created Date = 1/25/2008 17:22:37 | Attr = ]
4b54a5a3bcc68b1f496cdd827ad44b841e36faaa-firetruck.truck -> %UserDesktop%\4b54a5a3bcc68b1f496cdd827ad44b841e36faaa-firetruck.truck -> [Ver = | Size = 20310 bytes | Created Date = 2/1/2008 19:12:44 | Attr = ]
AC3D.lnk -> %UserDesktop%\AC3D.lnk -> [Ver = | Size = 669 bytes | Created Date = 1/27/2008 23:06:01 | Attr = ]
ac3dtex -> %UserDesktop%\ac3dtex -> [Folder | Created Date = 1/28/2008 21:26:33 | Attr = ]
firetruck_p1 -> %UserDesktop%\firetruck_p1 -> [Folder | Created Date = 2/2/2008 14:56:29 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 1/28/2008 16:38:16 | Attr = ]
Rigs of Rods 0.34.lnk -> %UserDesktop%\Rigs of Rods 0.34.lnk -> [Ver = | Size = 573 bytes | Created Date = 1/21/2008 20:50:15 | Attr = ]
RoR.exe.lnk -> %UserDesktop%\RoR.exe.lnk -> [Ver = | Size = 727 bytes | Created Date = 1/21/2008 20:50:21 | Attr = ]
rorEditor.exe.lnk -> %UserDesktop%\rorEditor.exe.lnk -> [Ver = | Size = 1101 bytes | Created Date = 1/25/2008 22:43:20 | Attr = ]
Winch -> %UserDesktop%\Winch -> [Folder | Created Date = 2/1/2008 17:58:49 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 2/2/2008 12:21:31 | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/25/2008 22:14:34 | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Created Date = 1/25/2008 17:53:30 | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072680960 bytes | Modified Date = 2/2/2008 16:04:04 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/28/2008 16:38:15 | Attr = R ]
Software Killers -> %SystemDrive%\Software Killers -> [Folder | Modified Date = 1/28/2008 16:52:05 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/24/2008 23:27:52 | Attr = HS]
temp_phw -> %SystemDrive%\temp_phw -> [Folder | Modified Date = 1/14/2008 20:15:50 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/2/2008 14:48:48 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2/1/2008 02:27:41 | Attr = ]
npyrdscf.dat -> %System32%\drivers\npyrdscf.dat -> [Ver = | Size = 19584 bytes | Modified Date = 1/24/2008 20:13:24 | Attr = ]
pctfw2.sys -> %System32%\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 0, 57 | Size = 218504 bytes | Modified Date = 1/25/2008 17:53:26 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/28/2008 17:04:59 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2/2/2008 16:06:06 | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 1/28/2008 23:04:31 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/15/2008 20:48:37 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2/2/2008 16:04:51 | Attr = ]
EPScreensaver dir -> %System32%\EPScreensaver dir -> [Folder | Modified Date = 1/24/2008 20:21:03 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 54010 bytes | Modified Date = 1/25/2008 17:24:02 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 383822 bytes | Modified Date = 1/25/2008 17:24:02 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 443380 bytes | Modified Date = 1/25/2008 17:24:02 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/24/2008 23:27:52 | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 1/10/2008 19:34:09 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 2/2/2008 16:04:52 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 17:13:02 | Attr = H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/28/2008 19:33:56 | Attr = ]
bdoscandel.exe -> %SystemRoot%\bdoscandel.exe -> [Ver = | Size = 53248 bytes | Modified Date = 1/9/2008 15:01:48 | Attr = ]
bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini -> [Ver = | Size = 453 bytes | Modified Date = 1/9/2008 15:01:48 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/2/2008 16:04:11 | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2/2/2008 14:48:51 | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/28/2008 23:03:45 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/24/2008 21:21:07 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/9/2008 03:01:12 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/28/2008 23:04:12 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/25/2008 22:18:39 | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2/2/2008 14:48:47 | Attr = ]
msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Modified Date = 1/28/2008 23:04:17 | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/3/2008 00:58:42 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/31/2008 18:44:27 | Attr = H ]
system32 -> %System32% -> [Folder | Modified Date = 2/2/2008 15:55:55 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/2/2008 16:07:22 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/2/2008 18:18:15 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/27/2008 06:33:01 | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2/2/2008 16:07:22 | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/2/2008 16:04:17 | Attr = H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 366 bytes | Modified Date = 2/2/2008 22:18:11 | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1310 bytes | Modified Date = 12/21/2006 19:01:57 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 11436 bytes | Modified Date = 2/2/2008 16:07:16 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 11436 bytes | Modified Date = 2/2/2008 16:07:16 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8514 bytes | Modified Date = 1/24/2007 22:02:32 | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 1/5/2008 19:22:21 | Attr = ]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 2/1/2008 14:16:22 | Attr = ]
PC Tools -> %AllUsersAppData%\PC Tools -> [Folder | Modified Date = 1/25/2008 21:51:13 | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 2/2/2008 22:26:08 | Attr = ]
@Alternate Data Stream - 152 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
ArcSoft -> %UserAppData%\ArcSoft -> [Folder | Modified Date = 1/5/2008 19:26:29 | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Modified Date = 1/25/2008 17:22:23 | Attr = ]
SAS7_000.DAT -> %UserAppData%\SAS7_000.DAT -> [Ver = | Size = 2154 bytes | Modified Date = 1/15/2008 20:15:47 | Attr = ]
WeatherBug -> %UserAppData%\WeatherBug -> [Folder | Modified Date = 1/28/2008 16:03:44 | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 1/5/2008 19:25:15 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 139264 bytes | Modified Date = 1/31/2008 20:52:48 | Attr = ]
Dump Folder -> %UserDocuments%\Dump Folder -> [Folder | Modified Date = 2/1/2008 09:19:03 | Attr = ]
eDonkey2000 Downloads -> %UserDocuments%\eDonkey2000 Downloads -> [Folder | Modified Date = 1/27/2008 23:18:02 | Attr = ]
Google Talk Received Files -> %UserDocuments%\Google Talk Received Files -> [Folder | Modified Date = 1/27/2008 23:18:00 | Attr = ]
Incomplete -> %UserDocuments%\Incomplete -> [Folder | Modified Date = 1/27/2008 23:18:13 | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/5/2008 19:20:40 | Attr = R ]
My PSP Files -> %UserDocuments%\My PSP Files -> [Folder | Modified Date = 1/30/2008 21:31:53 | Attr = ]
School -> %UserDocuments%\School -> [Folder | Modified Date = 1/15/2008 20:49:00 | Attr = ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk -> [Ver = | Size = 1740 bytes | Modified Date = 1/5/2008 19:27:15 | Attr = ]
Jasc Paint Shop Pro 9.lnk -> %AllUsersDesktop%\Jasc Paint Shop Pro 9.lnk -> [Ver = | Size = 2523 bytes | Modified Date = 1/30/2008 21:31:53 | Attr = ]
Panorama Maker 4.lnk -> %AllUsersDesktop%\Panorama Maker 4.lnk -> [Ver = | Size = 1622 bytes | Modified Date = 1/5/2008 19:24:55 | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 1648 bytes | Modified Date = 1/25/2008 17:22:37 | Attr = ]
4b54a5a3bcc68b1f496cdd827ad44b841e36faaa-firetruck.truck -> %UserDesktop%\4b54a5a3bcc68b1f496cdd827ad44b841e36faaa-firetruck.truck -> [Ver = | Size = 20310 bytes | Modified Date = 2/2/2008 15:09:22 | Attr = ]
AC3D.lnk -> %UserDesktop%\AC3D.lnk -> [Ver = | Size = 669 bytes | Modified Date = 1/27/2008 23:06:01 | Attr = ]
ac3dtex -> %UserDesktop%\ac3dtex -> [Folder | Modified Date = 2/2/2008 15:09:36 | Attr = ]
firetruck_p1 -> %UserDesktop%\firetruck_p1 -> [Folder | Modified Date = 2/2/2008 14:56:48 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Modified Date = 1/28/2008 16:38:16 | Attr = ]
Rigs of Rods 0.34.lnk -> %UserDesktop%\Rigs of Rods 0.34.lnk -> [Ver = | Size = 573 bytes | Modified Date = 1/21/2008 20:50:15 | Attr = ]
RoR.exe.lnk -> %UserDesktop%\RoR.exe.lnk -> [Ver = | Size = 727 bytes | Modified Date = 1/21/2008 20:50:21 | Attr = ]
rorEditor.exe.lnk -> %UserDesktop%\rorEditor.exe.lnk -> [Ver = | Size = 1101 bytes | Modified Date = 1/25/2008 22:43:20 | Attr = ]
Winch -> %UserDesktop%\Winch -> [Folder | Modified Date = 2/1/2008 22:20:36 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 2/2/2008 15:57:41 | Attr = ]
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 1/5/2008 19:22:25 | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 1/25/2008 22:14:34 | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Modified Date = 1/25/2008 21:47:51 | Attr = ]

< End of report >

#11 OldTimer

Malware Expert

Group: Malware Response Team
Posts: 11,090
Joined: 28-January 05
Gender:Male
Location:North Carolina

Posted 03 February 2008 - 11:34 AM

Hi iker42. It looks like we need to use something else on that .dat file. It's kind of stubborn lol.

Step #1

Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

files to delete:
c:\windows\System32\drivers\npyrdscf.dat

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.

Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Files/Folders - Modified Within 30 days]
NY -> npyrdscf.dat -> %System32%\drivers\npyrdscf.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 152 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
In the Driver Services section click on Non-Microsoft.
Under Additional Scans click the checkboxes in front of the following items to select them:
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Step #4

Post the following back here:

Avenger report

WinPFind35u fix log

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

#12 iker42

Member

Group: Members
Posts: 23
Joined: 05-January 05

Posted 03 February 2008 - 12:45 PM

The Avenger Log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gwsmrumk

*******************

Script file located at: \??\C:\WINDOWS\whvirjhm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File c:\windows\System32\drivers\npyrdscf.dat deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

The other

WinPFind35 logfile created on: 2/3/2008 12:42:00
WinPFind35U Version Beta42 Folder = C:\Documents and Settings\Mike Arroyo\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1022.92 Mb Total Physical Memory | 469.23 Mb Available Physical Memory | 45.87% Memory free
2.37 Gb Paging File | 1.65 Gb Available in Paging File | 69.49% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.26 Gb Total Space | 13.24 Gb Free Space | 38.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MIKEA
Current User Name: Mike Arroyo
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 7/3/2003 00:25:00 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 11/16/2006 20:57:18 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 86016 bytes | Modified Date = 2/6/2006 21:23:06 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 372809 bytes | Modified Date = 2/6/2006 21:26:34 | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 161392 bytes | Modified Date = 4/8/2005 15:54:52 | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 185968 bytes | Modified Date = 4/8/2005 15:52:32 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 11/16/2006 20:57:18 | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 19648 bytes | Modified Date = 4/17/2005 12:30:32 | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/23/2007 23:09:21 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 110592 bytes | Modified Date = 7/31/2003 17:25:34 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 512000 bytes | Modified Date = 7/31/2003 17:24:24 | Attr = ]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 8/7/2003 17:57:52 | Attr = ]
qconsvc.exe -> %System32%\QCONSVC.EXE -> [Ver = | Size = 49152 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 6/23/2003 09:34:18 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 139264 bytes | Modified Date = 2/6/2006 21:22:26 | Attr = ]
tpscrex.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe -> IBM Corporation [Ver = 1.06 | Size = 65536 bytes | Modified Date = 1/10/2002 17:01:34 | Attr = ]
ezejmnap.exe -> %ProgramFiles%\ThinkPad\Utilities\EzEjMnAp.Exe -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 204800 bytes | Modified Date = 12/24/2002 04:01:00 | Attr = ]
ibmmessages.exe -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 1.058 | Size = 495616 bytes | Modified Date = 1/7/2003 16:52:16 | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 3.50.31a | Size = 106551 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 14:53:44 | Attr = ]
xptryicn.exe -> %ProgramFiles%\Mediafour\XPlay\XPTRYICN.EXE -> Mediafour Corporation [Ver = 2.0.10.0 | Size = 94208 bytes | Modified Date = 9/27/2004 15:11:00 | Attr = R ]
macvntfy.exe -> %CommonProgramFiles%\Mediafour\MACVNTFY.EXE -> Mediafour Corporation [Ver = 5.0.10.0 | Size = 61440 bytes | Modified Date = 12/17/2002 14:43:00 | Attr = R ]
mddiskprotect.exe -> %ProgramFiles%\Mediafour\MacDrive\MDDiskProtect.exe -> Mediafour Corporation [Ver = 6.0.6.1 | Size = 106496 bytes | Modified Date = 4/15/2005 16:54:00 | Attr = ]
qcwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCWLICON.EXE -> [Ver = | Size = 53248 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 48752 bytes | Modified Date = 4/8/2005 15:52:30 | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 85184 bytes | Modified Date = 4/17/2005 12:30:48 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 09:54:04 | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 81920 bytes | Modified Date = 2/16/2005 15:15:20 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:35 | Attr = ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
atomic.exe -> %ProgramFiles%\Atomic Clock Sync\Atomic.exe -> Chaos Software Group, Inc. [Ver = 2.7.0.3 | Size = 524288 bytes | Modified Date = 6/17/2004 12:46:48 | Attr = ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 16:22:02 | Attr = ]
weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 10 | Size = 1343488 bytes | Modified Date = 4/7/2006 15:02:24 | Attr = ]
quickdcf.exe -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 4, 0, 0, 0 | Size = 200704 bytes | Modified Date = 12/20/2002 15:18:40 | Attr = ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/23/2007 23:09:18 | Attr = ]
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 01:51:48 | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 1706176 bytes | Modified Date = 4/17/2005 12:30:40 | Attr = ]
tpkmpsvc.exe -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 7/11/2003 20:19:22 | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 16:38:08 | Attr = ]
winvnc.exe -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 16:38:18 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 12:38:16 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 11/16/2006 20:57:18 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 185968 bytes | Modified Date = 4/8/2005 15:52:32 | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 83568 bytes | Modified Date = 4/8/2005 15:54:50 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 161392 bytes | Modified Date = 4/8/2005 15:54:52 | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 19648 bytes | Modified Date = 4/17/2005 12:30:32 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 02:56:48 | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 86016 bytes | Modified Date = 2/6/2006 21:23:06 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/23/2007 23:09:21 | Attr = ]
(IBMPMSVC) IBM PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 7/3/2003 00:25:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 02:24:18 | Attr = ]
(QCONSVC) QCONSVC [Win32_Own | Auto | Running] -> %System32%\QCONSVC.EXE -> [Ver = | Size = 49152 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 139264 bytes | Modified Date = 2/6/2006 21:22:26 | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 372809 bytes | Modified Date = 2/6/2006 21:26:34 | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.0.359 | Size = 124608 bytes | Modified Date = 4/17/2005 12:30:42 | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 14:53:44 | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,1,3 | Size = 992864 bytes | Modified Date = 3/30/2005 21:48:22 | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 01:51:48 | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 1706176 bytes | Modified Date = 4/17/2005 12:30:40 | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 15:59:50 | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 7/11/2003 20:19:22 | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 16:38:08 | Attr = ]
(winvnc) VNC Server [Win32_Own | Auto | Running] -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 14:20:04 | Attr = ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.25 | Size = 98752 bytes | Modified Date = 8/22/2002 19:57:02 | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 12/7/2006 19:57:27 | Attr = ]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %System32%\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.20 2.1.20 10/18/2002 10:07:32 | Size = 1156672 bytes | Modified Date = 10/18/2002 13:07:34 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 15:51:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 01:07:42 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 15:52:00 | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 15:51:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6547 | Size = 1133568 bytes | Modified Date = 11/16/2006 21:02:24 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 15:51:54 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 15:52:16 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 01:07:17 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 01:07:16 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 07:00:00 | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.49a | Size = 83104 bytes | Modified Date = 12/20/2002 05:21:00 | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.27e | Size = 40368 bytes | Modified Date = 12/24/2002 04:56:00 | Attr = ]
(E1000) Intel® PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 6.4.16.33 built by: WinDDK | Size = 103936 bytes | Modified Date = 1/19/2003 17:29:18 | Attr = ]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 14:12:10 | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 1/18/2008 04:00:00 | Attr = ]
(EGATHDRV) IBM Access Support [Kernel | Auto | Running] -> %System32%\EGATHDRV.SYS -> IBM Corporation [Ver = 2.05 | Size = 11712 bytes | Modified Date = 6/29/2006 17:11:08 | Attr = ]
(FINEPIX_PCC) FinePix Digital Camera 020724 [Kernel | On_Demand | Stopped] -> %System32%\drivers\V4CB011B.SYS -> FUJI PHOTO FILM CO.,LTD. [Ver = 3, 0, 0, 1 | Size = 81700 bytes | Modified Date = 5/7/2002 04:44:04 | Attr = ]
(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %System32%\drivers\ibmpmdrv.sys -> IBM Corp. [Ver = 1.25 | Size = 11344 bytes | Modified Date = 7/3/2003 00:25:00 | Attr = ]
(IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> %System32%\drivers\IBMBLDID.SYS -> [Ver = | Size = 2295 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Modified Date = 12/10/2007 14:53:28 | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 14:53:28 | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 14:53:28 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Modified Date = 8/4/2004 00:41:35 | Attr = ]
(MASPINT) MASPINT [Kernel | Auto | Running] -> %System32%\drivers\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.05 | Size = 8224 bytes | Modified Date = 6/21/2002 17:42:50 | Attr = ]
(MDFSYSNT) MDFSYSNT [File_System | System | Running] -> %System32%\drivers\MDFSYSNT.SYS -> Mediafour Corporation [Ver = 6.1.4.2 | Size = 213888 bytes | Modified Date = 9/13/2006 13:53:18 | Attr = R ]
(MDPMGRNT) MDPMGRNT [Kernel | Boot | Running] -> %System32%\drivers\MDPMGRNT.SYS -> Mediafour Corporation [Ver = 6.0.6.0 | Size = 24320 bytes | Modified Date = 7/20/2005 17:35:00 | Attr = R ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 15:52:12 | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080201.007\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 82256 bytes | Modified Date = 1/22/2008 04:00:00 | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080201.007\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 895312 bytes | Modified Date = 1/22/2008 04:00:00 | Attr = ]
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/4/2004 01:00:50 | Attr = ]
(PCDRDRV) Pcdr Helper Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys -> File not found
(PcdrNt) PcdrNt [Kernel | On_Demand | Stopped] -> %System32%\drivers\PcdrNt.sys -> PC-Doctor Inc. [Ver = 4.0.7 | Size = 44192 bytes | Modified Date = 3/22/2000 23:42:24 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(pctfw2) pctfw2 [Kernel | System | Running] -> %System32%\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 0, 57 | Size = 218504 bytes | Modified Date = 1/25/2008 17:53:26 | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 07:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 3/27/2007 02:55:31 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 15:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 15:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 15:52:18 | Attr = ]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 9, 0, 4, 0 | Size = 11354 bytes | Modified Date = 11/7/2005 05:58:30 | Attr = ]
(S3SSavage) S3SSavage [Kernel | On_Demand | Stopped] -> %System32%\drivers\s3ssavm.sys -> S3 Graphics, Inc. [Ver = 6.13.10.1236-12.90.36 | Size = 95104 bytes | Modified Date = 11/1/2001 04:57:14 | Attr = ]
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.5.0.41 | Size = 324232 bytes | Modified Date = 2/4/2005 20:14:30 | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.5.0.41 | Size = 53896 bytes | Modified Date = 2/4/2005 20:14:32 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 05:25:53 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 01:07:42 | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3535 | Size = 537920 bytes | Modified Date = 12/13/2002 16:59:16 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 16:07:44 | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,5,1,3 | Size = 372832 bytes | Modified Date = 3/30/2005 21:48:20 | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.61a | Size = 5589 bytes | Modified Date = 12/24/2002 12:52:26 | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.61a | Size = 22995 bytes | Modified Date = 12/24/2002 12:51:46 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 16:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 16:07:36 | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.1.1 | Size = 123200 bytes | Modified Date = 4/1/2005 20:36:04 | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 17976 bytes | Modified Date = 4/5/2005 11:17:00 | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 267192 bytes | Modified Date = 4/5/2005 11:17:02 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 16:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 16:07:42 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 270288 bytes | Modified Date = 7/31/2003 17:04:04 | Attr = ]
(TDSMAPI) TDSMAPI [Kernel | System | Running] -> %System32%\drivers\TDSMAPI.SYS -> [Ver = | Size = 9343 bytes | Modified Date = 8/3/2006 01:54:00 | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 23895 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 34775 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 4087 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 2171 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 55254 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 14103 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 6295 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 91318 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 3.50.31a | Size = 95447 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/28/2008 17:04:59 | Attr = ]
(Tp4Track) IBM PS/2 TrackPoint Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\tp4track.sys -> IBM Corporation [Ver = 3.09 | Size = 14064 bytes | Modified Date = 12/3/2002 05:09:00 | Attr = ]
(TPHKDRV) TPHKDRV [Kernel | System | Running] -> %System32%\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 16162 bytes | Modified Date = 6/23/2003 09:33:58 | Attr = ]
(TPPWR) TPPWR [Kernel | System | Running] -> %System32%\drivers\TPPWR.SYS -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 16384 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
(TSMAPIP) TSMAPIP [Kernel | System | Running] -> %System32%\drivers\TSMAPIP.SYS -> [Ver = | Size = 7168 bytes | Modified Date = 12/26/2002 04:10:00 | Attr = ]
(TwoTrack) IBM PS/2 TrackPoint Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\TwoTrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Modified Date = 8/17/2001 15:48:14 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 15:52:22 | Attr = ]
(Vax347b) Vax347b [Kernel | Boot | Running] -> %System32%\drivers\Vax347b.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 159616 bytes | Modified Date = 4/25/2005 10:43:58 | Attr = ]
(Vax347s) Vax347s [Kernel | Boot | Running] -> %System32%\drivers\Vax347s.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 4/30/2004 09:33:00 | Attr = ]
(w29n51) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9004-8 Driver | Size = 3325312 bytes | Modified Date = 1/17/2006 17:32:44 | Attr = ]
(w70n51) Intel® PRO/Wireless 7100 Adapter Driver for Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w70n51.sys -> Intel® Corporation [Ver = 1.2.4.41 | Size = 674560 bytes | Modified Date = 7/13/2006 12:33:08 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 19:51:55 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 11/16/2006 20:00:00 | Attr = ]
Atomic.exe -> %ProgramFiles%\Atomic Clock Sync\Atomic.exe -> Chaos Software Group, Inc. [Ver = 2.7.0.3 | Size = 524288 bytes | Modified Date = 6/17/2004 12:46:48 | Attr = ]
BLOG -> %ProgramFiles%\ThinkPad\Utilities\BATLOGEX.DLL -> [Ver = | Size = 208896 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
BMMGAG -> %ProgramFiles%\ThinkPad\Utilities\PWRMONIT.DLL -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 110592 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
BMMLREF -> %ProgramFiles%\ThinkPad\Utilities\BMMLREF.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
BMMMONWND -> %ProgramFiles%\ThinkPad\Utilities\BATINFEX.DLL -> [Ver = | Size = 396288 bytes | Modified Date = 4/20/2005 00:38:00 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 48752 bytes | Modified Date = 4/8/2005 15:52:30 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 3.50.31a | Size = 106551 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
DNS7reminder -> %ProgramFiles%\Nuance\NaturallySpeaking9\Ereg\Ereg.exe -> Nuance Communications, Inc. [Ver = 5, 0, 0, 0 | Size = 259624 bytes | Modified Date = 3/19/2007 08:20:42 | Attr = ]
EZEJMNAP -> %ProgramFiles%\ThinkPad\Utilities\EzEjMnAp.Exe -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 204800 bytes | Modified Date = 12/24/2002 04:01:00 | Attr = ]
ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 1.058 | Size = 495616 bytes | Modified Date = 1/7/2003 16:52:16 | Attr = ]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 14:53:46 | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 221184 bytes | Modified Date = 2/16/2005 15:15:22 | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 81920 bytes | Modified Date = 2/16/2005 15:15:20 | Attr = ]
MDDiskProtect.exe -> %ProgramFiles%\Mediafour\MacDrive\MDDiskProtect.exe -> Mediafour Corporation [Ver = 6.0.6.1 | Size = 106496 bytes | Modified Date = 4/15/2005 16:54:00 | Attr = ]
Mediafour Mac Volume Notifications -> %CommonProgramFiles%\Mediafour\MACVNTFY.EXE -> Mediafour Corporation [Ver = 5.0.10.0 | Size = 61440 bytes | Modified Date = 12/17/2002 14:43:00 | Attr = R ]
Mediafour XPlay Tray Notification Icon -> %ProgramFiles%\Mediafour\XPlay\XPTRYICN.EXE -> Mediafour Corporation [Ver = 2.0.10.0 | Size = 94208 bytes | Modified Date = 9/27/2004 15:11:00 | Attr = R ]
QCWLIcon -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCWLICON.EXE -> [Ver = | Size = 53248 bytes | Modified Date = 3/27/2003 04:06:02 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 09:54:04 | Attr = ]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 21:32:10 | Attr = ]
S3TRAY2 -> %System32%\S3Tray2.exe -> S3 Graphics, Inc. [Ver = 1.00.13-1012 | Size = 69632 bytes | Modified Date = 10/12/2001 00:32:36 | Attr = ]
SSBkgdUpdate -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe -> Nuance Communications, Inc. [Ver = 5,2,0,0 | Size = 210472 bytes | Modified Date = 10/25/2006 08:03:38 | Attr = ]
StorageGuard -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 6/18/2002 02:01:00 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:35 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 512000 bytes | Modified Date = 7/31/2003 17:24:24 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.5 31Jul03 | Size = 110592 bytes | Modified Date = 7/31/2003 17:25:34 | Attr = ]
TP4EX -> %System32%\TP4EX.exe -> IBM Corporation [Ver = 1.05.00 | Size = 53248 bytes | Modified Date = 9/4/2002 03:05:00 | Attr = ]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 8/7/2003 17:57:52 | Attr = ]
TPKMAPHELPER -> %ProgramFiles%\ThinkPad\Utilities\TpKmapAp.exe -> IBM Corp. [Ver = 1, 1, 0, 0 | Size = 897024 bytes | Modified Date = 8/8/2003 17:39:38 | Attr = ]
TrackPointSrv -> %System32%\tp4serv.exe -> IBM Corporation [Ver = 3.09 | Size = 87552 bytes | Modified Date = 12/3/2002 05:09:00 | Attr = ]
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 85184 bytes | Modified Date = 4/17/2005 12:30:48 | Attr = ]
WinVNC -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Modified Date = 8/6/2005 18:45:14 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 16:22:02 | Attr = ]
ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 1.058 | Size = 495616 bytes | Modified Date = 1/7/2003 16:52:16 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 8/23/2007 23:09:25 | Attr = ]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 10 | Size = 1343488 bytes | Modified Date = 4/7/2006 15:02:24 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 14:06:48 | Attr = ]
%AllUsersStartup%\Exif Launcher.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 4, 0, 0, 0 | Size = 200704 bytes | Modified Date = 12/20/2002 15:18:40 | Attr = ]
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 8/23/2007 23:09:18 | Attr = ]
< Mike Arroyo Startup Folder > -> C:\Documents and Settings\Mike Arroyo\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 11/16/2006 20:58:18 | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.0.0.359 | Size = 43712 bytes | Modified Date = 4/17/2005 12:30:56 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (874 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ig?hl=en ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 15:29:16 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 3.50.31a | Size = 94262 bytes | Modified Date = 1/10/2003 05:50:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:33 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 8/23/2007 23:09:25 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:33 | Attr = ]
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 15:29:16 | Attr = ]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 1/9/2008 15:01:48 | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 14:35:36 | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 16:43:18 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 15:29:16 | Attr = ]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 14:35:36 | Attr = ]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 16:43:18 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 4, 0, 428 | Size = 253952 bytes | Modified Date = 8/3/2006 10:15:32 | Attr = ]
&Lookup Meaning -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 4, 0, 428 | Size = 253952 bytes | Modified Date = 8/3/2006 10:15:32 | Attr = ]
&Yahoo! Search -> -> File not found
Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 4, 0, 428 | Size = 253952 bytes | Modified Date = 8/3/2006 10:15:32 | Attr = ]
Yahoo! &Dictionary -> -> File not found
Yahoo! &Maps -> -> File not found
Yahoo! &SMS -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3208BD92-DCC9-40EF-B612-2C0CBAB48FFD} -> () ->
{4BB26424-422C-4147-82A6-7817319D205B} -> (Intel® PRO/1000 MT Mobile Connection) ->
{6CF2B35C-B8F7-488F-84DA-66C1F53E7BB0} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{8506968E-7EDC-4F73-8B9A-DCFD07DA7292} -> () ->
{CD21294F-6B93-4289-BDD2-4F0CD162723B} -> (Intel® PRO/Wireless LAN 2100 3B Mini PCI Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %CommonProgramFiles%\PC Tools\LSP\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 89, 0 | Size = 190344 bytes | Modified Date = 12/10/2007 14:53:36 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/200609...ex/qtplugin.cab[QuickTime Object] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b...heckControl.cab[Windows Genuine Advantage Validation Tool] ->
{1B9B97D0-C0F4-4045-9B42-50A4535C9041}[HKEY_LOCAL_MACHINE] -> http://download.paltalk.com/wcloader_prod/wcloader.cab[WCLoaderCtl Class] ->
{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}[HKEY_LOCAL_MACHINE] -> http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?[MiniBugTransporterX Class] ->
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab[IASRunner Class] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] ->
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] ->
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{66D393D5-4D80-497C-9F4F-F3839E090202}[HKEY_LOCAL_MACHINE] -> http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab[PlayerOCX Control] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1149898703679[MUWebControl Class] ->
{74FFE28D-2378-11D5-990C-006094235084}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab[IBM Access Support] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}[HKEY_LOCAL_MACHINE] -> http://www.betterphoto.com/_shared/uploadI...geUploader3.cab[Aurigma Image Uploader 3.5 Control] ->
{A8F2B9BD-A6A0-486A-9744-18920D898429}[HKEY_LOCAL_MACHINE] -> http://www.sibelius.com/download/software/...tiveXPlugin.cab[ScorchPlugin Class] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe[Virtools WebPlayer Class] ->
{E598AC61-4C6F-4F4D-877F-FAC49CA91FA3}[HKEY_LOCAL_MACHINE] -> https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab[acpRunner Class] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->

[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 2/3/2008 12:33:21 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072680960 bytes | Created Date = 2/2/2008 15:53:40 | Attr = HS]
temp_phw -> %SystemDrive%\temp_phw -> [Folder | Created Date = 1/14/2008 20:15:50 | Attr = ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 1/25/2008 17:22:35 | Attr = ]
pctfw2.sys -> %System32%\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 0, 57 | Size = 218504 bytes | Created Date = 1/25/2008 21:47:54 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/28/2008 17:05:35 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/25/2008 22:18:10 | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/28/2008 17:18:24 | Attr = ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bdoscandel.exe -> %SystemRoot%\bdoscandel.exe -> [Ver = | Size = 53248 bytes | Created Date = 1/9/2008 15:01:48 | Attr = ]
bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini -> [Ver = | Size = 453 bytes | Created Date = 1/9/2008 15:01:48 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
PC Tools -> %AllUsersAppData%\PC Tools -> [Folder | Created Date = 1/25/2008 21:51:13 | Attr = ]
ArcSoft -> %UserAppData%\ArcSoft -> [Folder | Created Date = 1/5/2008 19:26:28 | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Created Date = 1/25/2008 17:22:23 | Attr = ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk -> [Ver = | Size = 1740 bytes | Created Date = 1/5/2008 19:22:29 | Attr = ]
Panorama Maker 4.lnk -> %AllUsersDesktop%\Panorama Maker 4.lnk -> [Ver = | Size = 1622 bytes | Created Date = 1/5/2008 19:24:55 | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 1648 bytes | Created Date = 1/25/2008 17:22:37 | Attr = ]
4b54a5a3bcc68b1f496cdd827ad44b841e36faaa-firetruck.truck -> %UserDesktop%\4b54a5a3bcc68b1f496cdd827ad44b841e36faaa-firetruck.truck -> [Ver = | Size = 20310 bytes | Created Date = 2/1/2008 19:12:44 | Attr = ]
AC3D.lnk -> %UserDesktop%\AC3D.lnk -> [Ver = | Size = 669 bytes | Created Date = 1/27/2008 23:06:01 | Attr = ]
ac3dtex -> %UserDesktop%\ac3dtex -> [Folder | Created Date = 1/28/2008 21:26:33 | Attr = ]
avenger -> %UserDesktop%\avenger -> [Folder | Created Date = 2/3/2008 12:25:39 | Attr = ]
firetruck_p1 -> %UserDesktop%\firetruck_p1 -> [Folder | Created Date = 2/2/2008 14:56:29 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 1/28/2008 16:38:16 | Attr = ]
Rigs of Rods 0.34.lnk -> %UserDesktop%\Rigs of Rods 0.34.lnk -> [Ver = | Size = 573 bytes | Created Date = 1/21/2008 20:50:15 | Attr = ]
RoR.exe.lnk -> %UserDesktop%\RoR.exe.lnk -> [Ver = | Size = 727 bytes | Created Date = 1/21/2008 20:50:21 | Attr = ]
rorEditor.exe.lnk -> %UserDesktop%\rorEditor.exe.lnk -> [Ver = | Size = 1101 bytes | Created Date = 1/25/2008 22:43:20 | Attr = ]
Winch -> %UserDesktop%\Winch -> [Folder | Created Date = 2/1/2008 17:58:49 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 2/2/2008 12:21:31 | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/25/2008 22:14:34 | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Created Date = 1/25/2008 17:53:30 | Attr = ]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 2/3/2008 12:33:21 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072680960 bytes | Modified Date = 2/3/2008 12:32:37 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/28/2008 16:38:15 | Attr = R ]
Software Killers -> %SystemDrive%\Software Killers -> [Folder | Modified Date = 1/28/2008 16:52:05 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/24/2008 23:27:52 | Attr = HS]
temp_phw -> %SystemDrive%\temp_phw -> [Folder | Modified Date = 1/14/2008 20:15:50 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/3/2008 12:32:01 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2/1/2008 02:27:41 | Attr = ]
pctfw2.sys -> %System32%\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 0, 57 | Size = 218504 bytes | Modified Date = 1/25/2008 17:53:26 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/28/2008 17:04:59 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2/3/2008 12:35:04 | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 1/28/2008 23:04:31 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/15/2008 20:48:37 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2/3/2008 12:34:09 | Attr = ]
EPScreensaver dir -> %System32%\EPScreensaver dir -> [Folder | Modified Date = 1/24/2008 20:21:03 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 54010 bytes | Modified Date = 1/25/2008 17:24:02 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 383822 bytes | Modified Date = 1/25/2008 17:24:02 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 443380 bytes | Modified Date = 1/25/2008 17:24:02 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/24/2008 23:27:52 | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 1/10/2008 19:34:09 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 2/3/2008 12:35:57 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 17:13:02 | Attr = H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/28/2008 19:33:56 | Attr = ]
bdoscandel.exe -> %SystemRoot%\bdoscandel.exe -> [Ver = | Size = 53248 bytes | Modified Date = 1/9/2008 15:01:48 | Attr = ]
bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini -> [Ver = | Size = 453 bytes | Modified Date = 1/9/2008 15:01:48 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/3/2008 12:32:45 | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2/2/2008 14:48:51 | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/28/2008 23:03:45 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/24/2008 21:21:07 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/9/2008 03:01:12 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/28/2008 23:04:12 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/25/2008 22:18:39 | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2/2/2008 14:48:47 | Attr = ]
msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Modified Date = 1/28/2008 23:04:17 | Attr = H ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/3/2008 12:35:31 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/31/2008 18:44:27 | Attr = H ]
system32 -> %System32% -> [Folder | Modified Date = 2/2/2008 15:55:55 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/3/2008 12:35:56 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/3/2008 12:36:02 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2/3/2008 06:33:00 | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2/3/2008 12:35:56 | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/3/2008 12:32:52 | Attr = H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 366 bytes | Modified Date = 2/3/2008 10:18:27 | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1310 bytes | Modified Date = 12/21/2006 19:01:57 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 11436 bytes | Modified Date = 2/3/2008 12:35:55 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 11436 bytes | Modified Date = 2/3/2008 12:35:56 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8514 bytes | Modified Date = 1/24/2007 22:02:32 | Attr = ]
Perflib_Perfdata_9b8.dat -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\Perflib_Perfdata_9b8.dat -> [Ver = | Size = 0 bytes | Modified Date = 2/3/2008 12:33:45 | Attr = ]
13 C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mike Arroyo\Local Settings\Temp\*.tmp ->
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 1/5/2008 19:22:21 | Attr = ]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 2/1/2008 14:16:22 | Attr = ]
PC Tools -> %AllUsersAppData%\PC Tools -> [Folder | Modified Date = 1/25/2008 21:51:13 | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 2/3/2008 12:34:03 | Attr = ]
ArcSoft -> %UserAppData%\ArcSoft -> [Folder | Modified Date = 1/5/2008 19:26:29 | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Modified Date = 1/25/2008 17:22:23 | Attr = ]
SAS7_000.DAT -> %UserAppData%\SAS7_000.DAT -> [Ver = | Size = 2154 bytes | Modified Date = 1/15/2008 20:15:47 | Attr = ]
WeatherBug -> %UserAppData%\WeatherBug -> [Folder | Modified Date = 1/28/2008 16:03:44 | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 1/5/2008 19:25:15 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 139264 bytes | Modified Date = 1/31/2008 20:52:48 | Attr = ]
Dump Folder -> %UserDocuments%\Dump Folder -> [Folder | Modified Date = 2/1/2008 09:19:03 | Attr = ]
eDonkey2000 Downloads -> %UserDocuments%\eDonkey2000 Downloads -> [Folder | Modified Date = 1/27/2008 23:18:02 | Attr = ]
Google Talk Received Files -> %UserDocuments%\Google Talk Received Files -> [Folder | Modified Date = 1/27/2008 23:18:00 | Attr = ]
Incomplete -> %UserDocuments%\Incomplete -> [Folder | Modified Date = 1/27/2008 23:18:13 | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/5/2008 19:20:40 | Attr = R ]
My PSP Files -> %UserDocuments%\My PSP Files -> [Folder | Modified Date = 1/30/2008 21:31:53 | Attr = ]
School -> %UserDocuments%\School -> [Folder | Modified Date = 1/15/2008 20:49:00 | Attr = ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk -> [Ver = | Size = 1740 bytes | Modified Date = 1/5/2008 19:27:15 | Attr = ]
Jasc Paint Shop Pro 9.lnk -> %AllUsersDesktop%\Jasc Paint Shop Pro 9.lnk -> [Ver = | Size = 2523 bytes | Modified Date = 1/30/2008 21:31:53 | Attr = ]
Panorama Maker 4.lnk -> %AllUsersDesktop%\Panorama Maker 4.lnk -> [Ver = | Size = 1622 bytes | Modified Date = 1/5/2008 19:24:55 | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 1648 bytes | Modified Date = 1/25/2008 17:22:37 | Attr = ]
4b54a5a3bcc68b1f496cdd827ad44b841e36faaa-firetruck.truck -> %UserDesktop%\4b54a5a3bcc68b1f496cdd827ad44b841e36faaa-firetruck.truck -> [Ver = | Size = 20310 bytes | Modified Date = 2/2/2008 15:09:22 | Attr = ]
AC3D.lnk -> %UserDesktop%\AC3D.lnk -> [Ver = | Size = 669 bytes | Modified Date = 1/27/2008 23:06:01 | Attr = ]
ac3dtex -> %UserDesktop%\ac3dtex -> [Folder | Modified Date = 2/2/2008 15:09:36 | Attr = ]
avenger -> %UserDesktop%\avenger -> [Folder | Modified Date = 2/3/2008 12:25:39 | Attr = ]
firetruck_p1 -> %UserDesktop%\firetruck_p1 -> [Folder | Modified Date = 2/2/2008 14:56:48 | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Modified Date = 1/28/2008 16:38:16 | Attr = ]
Rigs of Rods 0.34.lnk -> %UserDesktop%\Rigs of Rods 0.34.lnk -> [Ver = | Size = 573 bytes | Modified Date = 1/21/2008 20:50:15 | Attr = ]
RoR.exe.lnk -> %UserDesktop%\RoR.exe.lnk -> [Ver = | Size = 727 bytes | Modified Date = 1/21/2008 20:50:21 | Attr = ]
rorEditor.exe.lnk -> %UserDesktop%\rorEditor.exe.lnk -> [Ver = | Size = 1101 bytes | Modified Date = 1/25/2008 22:43:20 | Attr = ]
Winch -> %UserDesktop%\Winch -> [Folder | Modified Date = 2/1/2008 22:20:36 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 2/3/2008 00:59:33 | Attr = ]
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 1/5/2008 19:22:25 | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 1/25/2008 22:14:34 | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Modified Date = 1/25/2008 21:47:51 | Attr = ]

< End of report >

#13 OldTimer

Malware Expert

Group: Malware Response Team
Posts: 11,090
Joined: 28-January 05
Gender:Male
Location:North Carolina

Posted 03 February 2008 - 02:25 PM

Hi iker42. That looks good :thumbsup:

I don't see anymore signs of anything unsavory. How are things running? Any more issues? If not, run the machine for a couple of days and then let me know if there is anything further. If not, then we can do some final cleanup.

Cheers.

OT

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

#14 iker42

Member

Group: Members
Posts: 23
Joined: 05-January 05

Posted 03 February 2008 - 02:53 PM

OldTimer, on Feb 3 2008, 02:25 PM, said:

Hi iker42. That looks good :thumbsup:

It seems to be doing ALOT better, IE's still slow, but that may clear up after a few restarts.

ITS SIMPLY AMAZING what you do for no money.

THANK YOU

Mike

#15 OldTimer

Malware Expert

Group: Malware Response Team
Posts: 11,090
Joined: 28-January 05
Gender:Male
Location:North Carolina

Posted 03 February 2008 - 03:26 PM

Quote

It seems to be doing ALOT better, IE's still slow, but that may clear up after a few restarts.

ITS SIMPLY AMAZING what you do for no money.

That's what keeps poor college students poor :thumbsup:

Glad to hear things are running better. Get back to me in a couple of days.

Cheers.

OT

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer