Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nebluer S, Purity, Alphbet.......


  • This topic is locked This topic is locked
18 replies to this topic

#1 deir64

deir64

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 21 October 2007 - 08:09 PM

I have several viruses. I am ready to throw my new laptop away. I have both WinPFind3U and AVG Anti-Spyware. Here is my WinP. scan results. Can you help!

I also tried to restart my computer from an earlier date and that didn't work.



WinPFind3 logfile created on: 10/21/2007 6:23:07 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

502.11 Mb Total Physical Memory | 259.37 Mb Available Physical Memory | 51.66% Memory free
1.20 Gb Paging File | 0.88 Gb Available in Paging File | 73.32% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.66 Gb Total Space | 58.14 Gb Free Space | 84.67% Space Free
Drive D: | 5.85 Gb Total Space | 2.97 Gb Free Space | 50.77% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-D552846388
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
adservice.exe -> %ProgramFiles%\Iomega\AutoDisk\ADService.exe -> Iomega Corporation [Ver = 3, 2, 1, 5 | Size = 151552 bytes | Modified Date = 9/24/2002 5:39:48 PM | Attr = ]
anotify.exe -> %CommonProgramFiles%\AOL\1169412877\ee\anotify.exe -> AOL LLC [Ver = 1.4.16.3 | Size = 50736 bytes | Modified Date = 10/26/2006 2:50:30 PM | Attr = ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 6:50:36 AM | Attr = R ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1169412877\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 6:52:48 PM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1169412877\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 6:52:48 PM | Attr = ]
aolsp scheduler.exe -> %CommonProgramFiles%\AOL\1169412877\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe -> [Ver = | Size = 1536 bytes | Modified Date = 10/23/2006 1:04:42 PM | Attr = ]
appservices.exe -> %ProgramFiles%\Iomega\System32\AppServices.exe -> Iomega Corporation [Ver = 2, 0, 2, 5 | Size = 73728 bytes | Modified Date = 9/4/2002 3:11:04 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 3:25:42 AM | Attr = ]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.0.1.2200 | Size = 622653 bytes | Modified Date = 3/14/2006 3:42:18 PM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.2200 | Size = 266295 bytes | Modified Date = 3/14/2006 3:34:38 PM | Attr = ]
d?xplore.exe -> %UserDocuments%\?ymantec\d?xplore.exe -> File not found
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20 | Size = 434176 bytes | Modified Date = 8/2/2006 2:39:20 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 6:31:10 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/23/2006 2:13:40 PM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.5.0.1035 | Size = 86140 bytes | Modified Date = 10/12/2005 2:30:24 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/23/2006 2:17:50 PM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 163840 bytes | Modified Date = 3/23/2006 2:13:30 PM | Attr = ]
imgicon.exe -> %ProgramFiles%\Iomega\DriveIcons\Imgicon.exe -> Iomega [Ver = 6, 3, 0, 56 | Size = 86016 bytes | Modified Date = 8/13/2002 3:30:58 PM | Attr = ]
mgrs.exe -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 10/21/2007 6:21:50 PM | Attr = ]
prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.3.30 | Size = 196608 bytes | Modified Date = 11/29/2006 6:14:50 PM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4 | Size = 327680 bytes | Modified Date = 8/2/2006 2:24:22 AM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.0.34 | Size = 937984 bytes | Modified Date = 8/2/2006 2:31:22 AM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 12:29:46 PM | Attr = ]
win27.tmp.exe -> %SystemRoot%\Temp\win27.tmp.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/21/2007 5:25:50 PM | Attr = ]
win39.tmp.exe -> %SystemRoot%\Temp\win39.tmp.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/21/2007 6:07:52 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 10/16/2007 6:42:08 PM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 6:50:36 AM | Attr = R ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 6:31:10 AM | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.2200 | Size = 266295 bytes | Modified Date = 3/14/2006 3:34:38 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20 | Size = 434176 bytes | Modified Date = 8/2/2006 2:39:20 AM | Attr = ]
(IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.5.0.1035 | Size = 86140 bytes | Modified Date = 10/12/2005 2:30:24 PM | Attr = ]
(Iomega Activity Disk2) Iomega Activity Disk2 [Win32_Own | Disabled | Stopped] -> -> File not found
(Iomega App Services) Iomega App Services [Win32_Own | Auto | Running] -> %ProgramFiles%\Iomega\System32\AppServices.exe -> Iomega Corporation [Ver = 2, 0, 2, 5 | Size = 73728 bytes | Modified Date = 9/4/2002 3:11:04 PM | Attr = ]
(PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.3.30 | Size = 196608 bytes | Modified Date = 11/29/2006 6:14:50 PM | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4 | Size = 327680 bytes | Modified Date = 8/2/2006 2:24:22 AM | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.0.34 | Size = 937984 bytes | Modified Date = 8/2/2006 2:31:22 AM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 12:29:46 PM | Attr = ]
(_IOMEGA_ACTIVE_DISK_SERVICE_) Iomega Active Disk [Win32_Own | Auto | Running] -> %ProgramFiles%\Iomega\AutoDisk\ADService.exe -> Iomega Corporation [Ver = 3, 2, 1, 5 | Size = 151552 bytes | Modified Date = 9/24/2002 5:39:48 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 3:25:42 AM | Attr = ]
avp -> %SystemRoot%\Temp\win39.tmp.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/21/2007 6:07:52 PM | Attr = ]
Deskup -> %ProgramFiles%\Iomega\DriveIcons\deskup.exe -> Iomega [Ver = 4, 0, 1, 0 | Size = 32768 bytes | Modified Date = 7/16/2002 11:55:38 AM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/23/2006 2:13:40 PM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/23/2006 2:17:50 PM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> File not found
Iomega Drive Icons -> %ProgramFiles%\Iomega\DriveIcons\Imgicon.exe -> Iomega [Ver = 6, 3, 0, 56 | Size = 86016 bytes | Modified Date = 8/13/2002 3:30:58 PM | Attr = ]
smgr -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 10/21/2007 6:21:50 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Qajgu -> %UserDocuments%\?ymantec\d?xplore.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.0.1.2200 | Size = 622653 bytes | Modified Date = 3/14/2006 3:42:18 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 6:29:58 AM | Attr = ]
{837B45D6-BF85-457D-AABF-6D2E7815F791} [HKLM] -> %System32%\mljhghi.dll [] -> [Ver = | Size = 44054 bytes | Modified Date = 10/16/2007 7:51:38 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4543 | Size = 139264 bytes | Modified Date = 3/23/2006 2:12:42 PM | Attr = ]
mljhghi -> %System32%\mljhghi.dll -> [Ver = | Size = 44054 bytes | Modified Date = 10/16/2007 7:51:38 PM | Attr = ]
winhab32 -> %System32%\winhab32.dll -> [Ver = | Size = 20480 bytes | Modified Date = 10/16/2007 7:52:10 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.gateway.com/g/startpage.html?Ch...TB&M=NX570X ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.gateway.com/g/sidepanel.html?Ch...TB&M=NX570X ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.aol.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 3:56:50 AM | Attr = ]
{837B45D6-BF85-457D-AABF-6D2E7815F791} [HKLM] -> %System32%\mljhghi.dll [Reg Data - Value does not exist] -> [Ver = | Size = 44054 bytes | Modified Date = 10/16/2007 7:51:38 PM | Attr = ]
{89AD4D75-2429-462e-BD4E-443F233F6033} [HKLM] -> %System32%\owkjhqyh.dll [Reg Data - Value does not exist] -> File not found
{BFE86351-F0C8-DB45-E85A-F88A3EF729C7} [HKLM] -> %System32%\xtaaicqh.dll [Reg Data - Value does not exist] -> [Ver = | Size = 60928 bytes | Modified Date = 10/18/2007 8:22:16 AM | Attr = ]
{CB292176-C9B4-408A-9040-C6242D33ACA4} [HKLM] -> %System32%\pmnlm.dll [Reg Data - Value does not exist] -> [Ver = | Size = 311904 bytes | Modified Date = 10/16/2007 7:59:48 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 5/29/2003 2:53:12 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{20A0AE0D-AB52-4F76-B17A-A802F393A5D9} -> () ->
{62C055F6-F63F-4065-862C-DAA7EE58B918} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{A8DAB202-9A62-41EC-967A-8027FAEF472E} -> (1394 Net Adapter) ->
{B4249BE6-CCF7-4CC7-9DFC-2B7F7C98B2A8} -> (Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{407408d4-94ed-4d86-ab69-a7f649d112ee} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
KB910393 -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall ->
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
[HKLM] -> Reg Data - Key not found [] -> File not found
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> %ProgramFiles%\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> File not found
{3AEEA5E5-1604-4C19-A91C-C049919C82EF} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [AlphaZip] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{44AD9C9A-62E6-49A8-9AE0-5EE7F4B91145} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [Alpha-Zip Drop Menu] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{5AD42C8A-F224-4113-9851-8A9A489A0CA6} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [Alpha-Zip Context Menu] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{6af09ec9-b429-11d4-a1fb-0090960218cb} [HKLM] -> %System32%\btneighborhood.dll [My Bluetooth Places] -> Broadcom Corporation. [Ver = 5.0.1.2200 | Size = 1065037 bytes | Modified Date = 3/14/2006 3:37:42 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7D5C4BDD-B015-4401-8731-1507B87DE297} [HKLM] -> %CommonProgramFiles%\Intuit\QuickBooks\QBVersionTool.dll [QBVersionTool] -> Intuit Inc. [Ver = 16.0D R3 | Size = 212992 bytes | Modified Date = 12/8/2005 10:30:44 AM | Attr = ]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} [HKLM] -> %System32%\ShellvRTF.dll [SampleView] -> XSS [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Modified Date = 9/21/2002 1:42:28 AM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
{C4995F03-3866-499C-9315-CE361502FE58} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [AlphaZip - UI Object] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{c7745760-8ead-11ce-b750-02608ca5202c} [HKLM] -> %ProgramFiles%\Iomega\Shell\IMGMENU.DLL [IomegaWare Shell Extension] -> Iomega Corp. [Ver = 8, 0, 2, 5 | Size = 61440 bytes | Modified Date = 9/25/2002 11:08:16 AM | Attr = ]
{c7745761-8ead-11ce-b750-02608ca5202c} [HKLM] -> %ProgramFiles%\Iomega\Shell\IMGPROP.DLL [IomegaWare Shell Extension] -> Iomega Corp. [Ver = 7, 0, 2, 2 | Size = 49152 bytes | Modified Date = 7/16/2002 11:55:40 AM | Attr = ]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0;C:\WINDOWS\system32\pmnlm.dll; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 940 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 6N+[-^Hk)db9e6dd4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> V4i ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 8 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> hԫ6IML ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> V% ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2804 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winC.tmp.exe -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winC.tmp.exe:*:Enabled:winC.tmp ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe -> C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe:*:Disabled:QuickBooks 2006 Data Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1169412877\ee\aolsoftware.exe -> C:\Program Files\Common Files\AOL\1169412877\ee\aolsoftware.exe:*:Disabled:AOL Services ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\xgtuiuos.exe -> C:\WINDOWS\system32\xgt ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\laydgmbo.exe -> C:\WINDOWS\system32\lay ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win1A.tmp.exe -> C:\WINDOWS\TEMP\win1A.tmp.exe:*:Enabled:win1A.tmp ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 4:20:02 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
{5AD42C8A-F224-4113-9851-8A9A489A0CA6} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [AlphaZipContextMenu] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 144944 bytes | Modified Date = 5/30/2007 6:29:46 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
{5AD42C8A-F224-4113-9851-8A9A489A0CA6} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [AlphaZipContextMenu] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 144944 bytes | Modified Date = 5/30/2007 6:29:46 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ ->
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4543 | Size = 143360 bytes | Modified Date = 3/23/2006 2:16:46 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
{5AD42C8A-F224-4113-9851-8A9A489A0CA6} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [AlphaZipContextMenu] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
< ControlSets > -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk -> %ProgramFiles%\BigFix\bigfix.exe -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk -> %ProgramFiles%\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe -> File not found
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Gateway Extended Warranty -> %ProgramFiles%\Gateway\GWCares\GWCares.exe -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ->
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8194 - Reg Data - Key not found ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8192 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Windows Messenger ->
NextId -> 8195 ->
< Security Settings > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2804 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winC.tmp.exe -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winC.tmp.exe:*:Enabled:winC.tmp ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe -> C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe:*:Disabled:QuickBooks 2006 Data Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1169412877\ee\aolsoftware.exe -> C:\Program Files\Common Files\AOL\1169412877\ee\aolsoftware.exe:*:Disabled:AOL Services ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\xgtuiuos.exe -> C:\WINDOWS\system32\xgt ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\laydgmbo.exe -> C:\WINDOWS\system32\lay ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win1A.tmp.exe -> C:\WINDOWS\TEMP\win1A.tmp.exe:*:Enabled:win1A.tmp ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *; ->
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 -> ->
%SystemRoot% -> ->
%SystemRoot%\System32\Wbem -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> ->
.EXE -> ->
.BAT -> ->
.CMD -> ->
.VBS -> ->
.VBE -> ->
.JS -> ->
.JSE -> ->
.WSF -> ->
.WSH -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 5/27/2005 12:22:02 AM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Modified Date = 3/17/2006 5:03:54 AM | Attr = ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
htmlfile [edit] -> Reg Data - Key not found ->
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.2912 (xpsp.060519-0021) | Size = 3055104 bytes | Modified Date = 5/19/2006 4:06:04 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp.060529-0207) | Size = 1496576 bytes | Modified Date = 5/29/2006 4:32:10 PM | Attr = ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.2912 (xpsp.060519-0021) | Size = 3055104 bytes | Modified Date = 5/19/2006 4:06:04 PM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Modified Date = 3/17/2006 5:03:54 AM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^0OzIj
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> gԋ4:?Ӽdg ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xȓ܊݄} ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> *BV%M/g ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_ikj" ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} -> mLogView ->
{15377C3E-9655-400F-B441-E69F0A6BEAFE} -> Recovery Software Suite Gateway ->
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> DVD Solution ->
{23FB368F-1399-4EAC-817C-4B83ECBE3D83} -> mProSafe ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{3E9D596A-61D4-4239-BD19-2DB984D2A16F} -> mIWA ->
{3F4EC965-28EF-45C3-B063-04B25D4E9679} -> WIDCOMM Bluetooth Software ->
{40BF1E83-20EB-11D8-97C5-0009C5020658} -> Power2Go 4.0 ->
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD ->
{69B02159-7626-4DBB-B9EE-F933039830AD} -> QuickBooks Premier: Contractor Edition 2006 ->
{6D52C408-B09A-4520-9B18-475B81D393F1} -> Microsoft Works ->
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 ->
{7148F0A8-6813-11D6-A77B-00B0D0142000} -> Java 2 Runtime Environment, SE v1.4.2 ->
{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B} -> Microsoft Streets & Trips 2006 ->
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel® Graphics Media Accelerator Driver ->
{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} -> mPfMgr ->
{8C6BB412-D3A8-4AAE-A01B-35B681789D68} -> mHelp ->
{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} -> Intel Matrix Storage Manager ->
{90B0D222-8C21-4B35-9262-53B042F18AF9} -> mPfWiz ->
{90CC4231-94AC-45CD-991A-0253BFAC0650} -> mDrWiFi ->
{94658027-9F16-4509-BBD7-A59FE57C3023} -> mZConfig ->
{9875BF9C-8565-4085-B6A4-5D8D838FB5C3} -> HP Deskjet 460 ->
{9941F0AA-B903-4AF4-A055-83A9815CC011} -> Sonic Encoders ->
{9CC89556-3578-48DD-8408-04E66EBEF401} -> mXML ->
{9D18F7F8-B984-4249-8512-CC621BC59F12} -> Microsoft Location Finder ->
{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} -> mDriver ->
{A462213D-EED4-42C2-9A60-7BDD4D4B0B17} -> SigmaTel Audio ->
{AC76BA86-7AD7-1033-7B44-A70000000000} -> Adobe Reader 7.0 ->
{AD7914E1-6453-4440-AEC7-02C72AD6FE5F} -> TIPCI ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{E81667C6-2856-46D6-ABEA-6A2F42166779} -> mCore ->
{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} -> mMHouse ->
{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} -> mWlsSafe ->
Active Disk -> Active Disk ->
Adobe PageMaker 6.5 -> Adobe PageMaker 6.5 ->
AlphaZIP -> AlphaZIP ->
AOL Uninstaller -> AOL Uninstaller (Choose which Products to Remove) ->
AOLCoach -> AOL Coach Version 1.0(Build:20040229.1 en) ->
AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 ->
BoardGamesDeinstKey -> Board Game Classics ->
hp deskjet 460 series -> HP Deskjet 460 Series ->
InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F} -> Texas Instruments PCIxx21/x515/xx12 drivers. ->
IomegaWare -> IomegaWare 4.0.3 ->
KB834707 -> Windows XP Hotfix - KB834707 ->
KB867282 -> Windows XP Hotfix - KB867282 ->
KB873333 -> Windows XP Hotfix - KB873333 ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB883939 -> Security Update for Windows XP (KB883939) ->
KB885250 -> Windows XP Hotfix - KB885250 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB888111WXPSP2 -> High Definition Audio Driver Package - KB888111 ->
KB888113 -> Windows XP Hotfix - KB888113 ->
KB888239 -> Windows XP Hotfix - KB888239 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB888795 -> Hotfix for Windows XP (KB888795) ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890047 -> Windows XP Hotfix - KB890047 ->
KB890175 -> Windows XP Hotfix - KB890175 ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB890923 -> Windows XP Hotfix - KB890923 ->
KB891593 -> Hotfix for Windows XP (KB891593) ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB893066 -> Windows XP Hotfix - KB893066 ->
KB893086 -> Windows XP Hotfix - KB893086 ->
KB893357 -> Hotfix for Windows XP (KB893357) ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803 -> Windows Installer 3.1 (KB893803) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894391 -> Update for Windows XP (KB894391) ->
KB895953 -> Hotfix for Windows XP (KB895953) ->
KB895961 -> Hotfix for Windows XP (KB895961) ->
KB896256 -> Hotfix for Windows XP (KB896256) ->
KB896344 -> Hotfix for Windows XP (KB896344) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896422 -> Security Update for Windows XP (KB896422) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896424 -> Security Update for Windows XP (KB896424) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB896688 -> Security Update for Windows XP (KB896688) ->
KB896727 -> Update for Windows XP (KB896727) ->
KB898458 -> Security Update for Step By Step Interactive Training (KB898458) ->
KB899337 -> Hotfix for Windows XP (KB899337) ->
KB899510 -> Hotfix for Windows XP (KB899510) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899588 -> Security Update for Windows XP (KB899588) ->
KB899589 -> Security Update for Windows XP (KB899589) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900325 -> Update Rollup 2 for Windows XP Media Center Edition 2005 ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB902841 -> Hotfix for Windows XP (KB902841) ->
KB903157 -> Hotfix for Windows Media Player 10 (KB903157) ->
KB903235 -> Security Update for Windows XP (KB903235) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB905915 -> Security Update for Windows XP (KB905915) ->
KB906569 -> Hotfix for Windows XP (KB906569) ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908531 -> Security Update for Windows XP (KB908531) ->
KB909095 -> Hotfix for Windows XP (KB909095) ->
KB910393 -> Update for Windows Media Player 10 (KB910393) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB910728 -> Hotfix for Windows XP (KB910728) ->
KB911280 -> Security Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB911565 -> Security Update for Windows Media Player 10 (KB911565) ->
KB911567 -> Security Update for Windows XP (KB911567) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912024 -> Hotfix for Windows XP (KB912024) ->
KB912812 -> Security Update for Windows XP (KB912812) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB912945 -> Update for Windows XP (KB912945) ->
KB913433 -> Security Update for Windows XP (KB913433) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB913800 -> Update for Windows Media Player 10 (KB913800) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB914548 -> Windows XP Media Center Edition 2005 KB914548 ->
KB914906 -> Hotfix for Windows XP (KB914906) ->
KB916281 -> Security Update for Windows XP (KB916281) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917159 -> Security Update for Windows XP (KB917159) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917537 -> Security Update for Windows XP (KB917537) ->
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918439 -> Security Update for Windows XP (KB918439) ->
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 ->
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 ->
ProInst -> Intel® PROSet/Wireless Software ->
QuickTime -> QuickTime ->
QuickTime32 -> QuickTime for Windows (32-bit) ->
RealPlayer 6.0 -> RealPlayer Basic ->
RegCure -> RegCure 1.4.0.4 ->
SMSERIAL -> Motorola SM56 Data Fax Modem ->
StreetPlugin -> Learn2 Player (Uninstall Only) ->
SynTPDeinstKey -> Synaptics Pointing Device Driver ->
ViewpointMediaPlayer -> Viewpoint Media Player ->
WGA -> Windows Genuine Advantage Validation Tool ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
WinPhlash -> WinPhlash ->
< WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW ->
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< EventViewer Logs > -> Errors and Warnings -> Description
Application - Warning - 10/15/2007 9:25:16 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/16/2007 7:16:50 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/19/2007 9:05:32 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/19/2007 4:04:16 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/20/2007 10:55:10 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/31/2007 10:10:31 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 11/2/2007 9:24:38 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/5/2007 5:12:43 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/6/2007 11:04:19 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/6/2007 3:16:36 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/7/2007 4:16:15 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/8/2007 7:20:21 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/9/2007 7:03:53 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/11/2007 6:04:49 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/13/2007 12:49:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Hang -> Description = Hanging application aolphxexe version 9001 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 10/13/2007 7:50:21 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/14/2007 1:00:15 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/14/2007 2:04:01 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/14/2007 7:40:37 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/15/2007 2:18:53 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/15/2007 5:10:29 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/16/2007 12:41:04 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/16/2007 5:41:27 PM -> Computer Name = YOUR-D552846388 - User Name = YOUR-D552846388\Administrator - Source = MsiInstaller -> Description = Product Adobe Common File Installer -- Error 1500Another installation is in progress You must complete that installation before continuing this one
Application - Error - 10/16/2007 5:41:28 PM -> Computer Name = YOUR-D552846388 - User Name = YOUR-D552846388\Administrator - Source = MsiInstaller -> Description = Product Adobe Common File Installer -- Error 1500Another installation is in progress You must complete that installation before continuing this one
Application - Error - 10/16/2007 5:41:29 PM -> Computer Name = YOUR-D552846388 - User Name = YOUR-D552846388\Administrator - Source = MsiInstaller -> Description = Product Adobe Common File Installer -- Error 1500Another installation is in progress You must complete that installation before continuing this one
Application - Error - 10/16/2007 7:24:43 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Hang -> Description = Hanging application msiexecexe version 3140001823 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 10/16/2007 7:47:38 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 11:48:49 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 11:54:57 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 1:07:10 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 2:01:48 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 2:32:33 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/18/2007 7:25:21 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 10/18/2007 8:22:35 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 10:50:21 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/19/2007 2:21:10 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/19/2007 2:29:55 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 10/19/2007 2:47:37 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/19/2007 3:09:11 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/19/2007 3:46:46 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = EventSystem -> Description = The COM Event System detected a bad return code during its internal processing HRESULT was 800706BF from line 44 of dqxpslpcomcom1xsrceventstier1eventsystemobjcpp Please contact Microsoft Product Support Services to report this error
Application - Warning - 10/19/2007 3:46:50 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/19/2007 3:48:44 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/19/2007 7:53:38 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = EventSystem -> Description = The COM Event System detected a bad return code during its internal processing HRESULT was 800706BA from line 44 of dqxpslpcomcom1xsrceventstier1eventsystemobjcpp Please contact Microsoft Product Support Services to report this error
Application - Warning - 10/19/2007 7:53:42 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/21/2007 2:05:06 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Winlogon -> Description = A critical system process CWINDOWSsystem32lsassexe failed with status code 00000000 The machinemust now be restarted
Application - Error - 10/21/2007 3:15:07 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Windows Product Activation -> Description = The Windows license was restored due to a system error You might need to reactivate your Windows product
Application - Error - 10/21/2007 3:32:22 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Windows Product Activation -> Description = The Windows license was restored due to a system error You might need to reactivate your Windows product
Application - Error - 10/21/2007 4:14:23 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = EventSystem -> Description = The COM Event System detected a bad return code during its internal processing HRESULT was 800706BA from line 44 of dqxpslpcomcom1xsrceventstier1eventsystemobjcpp Please contact Microsoft Product Support Services to report this error
Application - Warning - 10/21/2007 4:14:27 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/21/2007 5:02:57 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Hang -> Description = Hanging application WinPFind3Uexe version 10420 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 10/21/2007 5:04:29 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
System - Warning - 10/15/2007 9:14:58 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized
System - Warning - 10/15/2007 9:25:12 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/19/2007 9:05:32 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/20/2007 10:55:10 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 11/4/2007 2:58:22 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = W32Time -> Description = The time service has detected that the system time needs to be changed by -2591945 seconds The time service will not change the system time by more than -54000 seconds Verify that your time and time zone are correct and that the time source timewindowscom (ntpm0x1192168065123->20746130100123) is working properly
System - Warning - 10/5/2007 3:18:18 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Warning - 10/5/2007 3:51:52 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Warning - 10/5/2007 5:12:43 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/6/2007 8:40:52 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DEB1973F The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 10/6/2007 11:04:20 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/7/2007 1:15:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 10/7/2007 1:15:21 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DEB1973F The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 10/7/2007 3:25:29 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DEB1973F The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 10/7/2007 4:16:18 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/8/2007 7:20:20 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/9/2007 4:47:03 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DEB1973F The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 10/9/2007 7:03:52 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/11/2007 5:54:04 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Warning - 10/14/2007 1:00:16 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/14/2007 2:03:57 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/14/2007 7:04:40 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Warning - 10/14/2007 7:40:39 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/16/2007 12:41:04 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 10/16/2007 6:50:08 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = System Error -> Description = Error code 10000050 parameter1 d5957048 parameter2 00000008 parameter3 d5957048 parameter4 00000000
System - Error - 10/16/2007 6:51:22 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = System Error -> Description = Error code 10000050 parameter1 d5957048 parameter2 00000008 parameter3 d5957048 parameter4 00000000
System - Error - 10/16/2007 6:54:44 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = System Error -> Description = Error code 10000050 parameter1 d5957048 parameter2 00000008 parameter3 d5957048 parameter4 00000000
System - Warning - 10/16/2007 7:47:37 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/18/2007 11:42:02 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Error - 10/18/2007 11:48:51 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 10/18/2007 11:48:51 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Warning - 10/18/2007 1:07:08 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 10/18/2007 1:58:26 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 10/18/2007 1:59:29 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Warning - 10/18/2007 2:32:32 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 10/18/2007 7:55:39 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:55:49 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:55:58 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:56:08 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The WAN Miniport (ATW) Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:56:34 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:57:20 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Receiver Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/18/2007 7:57:37 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Receiver Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/18/2007 7:58:25 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:58:31 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The AOL Connectivity Service service terminated unexpectedly It has done this 1 time(s)
System - Warning - 10/18/2007 8:01:22 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = PlugPlayManager -> Description = The service ehSched may not have unregistered for device event notifications before it was stopped
System - Error - 10/18/2007 8:01:25 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Scheduler Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:20:50 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DomainService service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 0 milliseconds Restart the service
System - Error - 10/19/2007 2:20:58 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DomainService service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 0 milliseconds Restart the service
System - Error - 10/19/2007 2:20:58 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the DomainService service to connect
System - Error - 10/19/2007 2:38:31 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Extender Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/19/2007 2:38:39 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:39:00 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The WAN Miniport (ATW) Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:39:26 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:39:32 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:40:58 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:41:09 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Event Log service terminated unexpectedly It has done this 1 time(s)
System - Warning - 10/19/2007 2:47:38 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 10/19/2007 3:22:01 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 3:44:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The WAN Miniport (ATW) Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 3:44:32 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 3:44:52 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 3:45:43 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Remote Procedure Call (RPC) service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 60000 milliseconds Reboot the machine
System - Error - 10/19/2007 3:45:57 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Warning - 10/19/2007 3:48:44 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 10/19/2007 7:52:56 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 7:53:03 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Remote Procedure Call (RPC) service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 60000 milliseconds Reboot the machine
System - Warning - 10/19/2007 8:03:35 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Error - 10/21/2007 1:32:36 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 1:33:00 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DCOM Server Process Launcher service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 60000 milliseconds Reboot the machine
System - Error - 10/21/2007 1:33:00 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Terminal Services service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 1:36:52 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DomainService service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 0 milliseconds Restart the service
System - Error - 10/21/2007 1:59:31 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Ntfs -> Description = The file system structure on the disk is corrupt and unusablePlease run the chkdsk utility on the volume C
System - Error - 10/21/2007 2:04:19 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 2:04:25 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 2:04:52 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Extender Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/21/2007 3:27:34 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The WAN Miniport (ATW) Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:27:34 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:33:02 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 3:35:22 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:35:30 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:35:39 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Extender Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/21/2007 3:36:47 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 3:38:01 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The SSDP Discovery Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:38:08 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DCOM Server Process Launcher service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 60000 milliseconds Reboot the machine
System - Error - 10/21/2007 3:38:08 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Terminal Services service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:38:31 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:40:02 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 3:53:14 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:53:34 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The WAN Miniport (ATW) Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 4:11:07 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 4:13:15 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 4:13:21 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Remote Procedure Call (RPC) service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 60000 milliseconds Reboot the machine
System - Error - 10/21/2007 4:15:39 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 4:37:22 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 10/21/2007 4:37:25 PM -> Computer Name = YOUR-D552846388 - User Name = YOUR-D552846388\Administrator - Source = DCOM -> Description =
System - Error - 10/21/2007 4:38:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error 31
System - Error - 10/21/2007 4:38:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31
System - Error - 10/21/2007 4:38:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The TCPIP NetBIOS Helper service depends on the AFD service which failed to start because of the following error 31
System - Error - 10/21/2007 4:38:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31
System - Error - 10/21/2007 4:38:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AFDAVG Anti-Spyware DriverAvgAsClnFipsintelppmIPSecMRxSmbNetBIOSNetBTRasAcdRdbssTcpip
System - Error - 10/21/2007 5:00:24 PM -> Computer Name = YOUR-D552846388 - User Name = YOUR-D552846388\Administrator - Source = DCOM -> Description =
System - Error - 10/21/2007 5:00:32 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 10/21/2007 5:01:32 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 5:05:31 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln

[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526569472 bytes | Created Date = 1/1/1601 7:00:00 AM | Attr = HS]
mgrs.exe -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Created Date = 10/21/2007 5:21:48 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 10/21/2007 4:10:39 PM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 356 bytes | Created Date = 10/18/2007 12:41:03 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 348 bytes | Created Date = 10/18/2007 12:41:01 PM | Attr = ]
7-zip32.dll -> %System32%\7-zip32.dll -> [Ver = 3, 11, 00, 01 | Size = 178176 bytes | Created Date = 10/16/2007 6:38:39 PM | Attr = ]
7z.sfx -> %System32%\7z.sfx -> [Ver = | Size = 132096 bytes | Created Date = 10/16/2007 6:38:38 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 10/21/2007 3:47:27 PM | Attr = ]
din.ip -> %System32%\din.ip -> [Ver = | Size = 13 bytes | Created Date = 10/21/2007 4:25:56 PM | Attr = ]
drvfaw.dll -> %System32%\drvfaw.dll -> [Ver = | Size = 101376 bytes | Created Date = 10/21/2007 4:25:44 PM | Attr = ]
drvfawr.dll -> %System32%\drvfawr.dll -> [Ver = | Size = 15360 bytes | Created Date = 10/21/2007 4:25:44 PM | Attr = ]
english_ztv_Bh.SFX -> %System32%\english_ztv_Bh.SFX -> Alpha ZIP [Ver = 1.3.0.425 | Size = 71680 bytes | Created Date = 10/16/2007 6:38:38 PM | Attr = ]
english_ztv_Jar.SFX -> %System32%\english_ztv_Jar.SFX -> Alpha ZIP [Ver = 1.3.0.425 | Size = 67584 bytes | Created Date = 10/16/2007 6:38:38 PM | Attr = ]
english_ztv_lha.SFX -> %System32%\english_ztv_lha.SFX -> Alpha ZIP [Ver = 1.3.0.425 | Size = 66560 bytes | Created Date = 10/16/2007 6:38:38 PM | Attr = ]
english_ztv_Zip.SFX -> %System32%\english_ztv_Zip.SFX -> Alpha ZIP [Ver = 1.3.0.425 | Size = 67584 bytes | Created Date = 10/16/2007 6:38:38 PM | Attr = ]
eSellerateControl365.dll -> %System32%\eSellerateControl365.dll -> eSellerate Inc. [Ver = 3.6.5.0 | Size = 94208 bytes | Created Date = 10/16/2007 6:38:39 PM | Attr = ]
eSellerateEngine.dll -> %System32%\eSellerateEngine.dll -> eSellerate Inc. [Ver = 3.6.5.0 | Size = 360580 bytes | Created Date = 10/16/2007 6:38:39 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 159544 bytes | Created Date = 10/21/2007 3:32:05 PM | Attr = ]
jvskjfsh.ini -> %System32%\jvskjfsh.ini -> [Ver = | Size = 693430 bytes | Created Date = 10/19/2007 2:25:36 PM | Attr = HS]
mljhghi.dll -> %System32%\mljhghi.dll -> [Ver = | Size = 44054 bytes | Created Date = 10/16/2007 6:51:37 PM | Attr = ]
mlnmp.bak1 -> %System32%\mlnmp.bak1 -> [Ver = | Size = 6474 bytes | Created Date = 10/16/2007 7:00:09 PM | Attr = HS]
mlnmp.bak2 -> %System32%\mlnmp.bak2 -> [Ver = | Size = 754501 bytes | Created Date = 10/18/2007 11:26:27 AM | Attr = HS]
mlnmp.ini -> %System32%\mlnmp.ini -> [Ver = | Size = 597277 bytes | Created Date = 10/16/2007 6:59:48 PM | Attr = HS]
navwanvd.ini -> %System32%\navwanvd.ini -> [Ver = | Size = 4 bytes | Created Date = 10/21/2007 4:25:56 PM | Attr = ]
opnoomm.dll -> %System32%\opnoomm.dll -> [Ver = | Size = 34304 bytes | Created Date = 10/21/2007 5:07:30 PM | Attr = ]
pmnlm.dll -> %System32%\pmnlm.dll -> [Ver = | Size = 311904 bytes | Created Date = 10/16/2007 6:59:40 PM | Attr = ]
qomlmnl.dll -> %System32%\qomlmnl.dll -> [Ver = | Size = 34304 bytes | Created Date = 10/21/2007 4:25:36 PM | Attr = ]
winhab32.dll -> %System32%\winhab32.dll -> [Ver = | Size = 20480 bytes | Created Date = 10/16/2007 6:52:09 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2126 bytes | Created Date = 10/21/2007 3:32:21 PM | Attr = ]
xtaaicqh.dll -> %System32%\xtaaicqh.dll -> [Ver = | Size = 60928 bytes | Created Date = 10/21/2007 4:26:34 PM | Attr = ]
ztvunacev2.dll -> %System32%\ztvunacev2.dll -> [Ver = | Size = 75264 bytes | Created Date = 10/16/2007 6:38:39 PM | Attr = ]
ztvunrar3.dll -> %System32%\ztvunrar3.dll -> [Ver = | Size = 156160 bytes | Created Date = 10/16/2007 6:38:39 PM | Attr = ]
cell_bg.gif -> %System32%\drivers\cell_bg.gif -> [Ver = | Size = 1342 bytes | Created Date = 10/21/2007 4:25:57 PM | Attr = ]
cell_footer.gif -> %System32%\drivers\cell_footer.gif -> [Ver = | Size = 1373 bytes | Created Date = 10/21/2007 4:25:58 PM | Attr = ]
cell_header_block.gif -> %System32%\drivers\cell_header_block.gif -> [Ver = | Size = 3313 bytes | Created Date = 10/21/2007 4:25:58 PM | Attr = ]
cell_header_remove.gif -> %System32%\drivers\cell_header_remove.gif -> [Ver = | Size = 3552 bytes | Created Date = 10/21/2007 4:25:59 PM | Attr = ]
cell_header_scan.gif -> %System32%\drivers\cell_header_scan.gif -> [Ver = | Size = 3479 bytes | Created Date = 10/21/2007 4:25:59 PM | Attr = ]
detect.htm -> %System32%\drivers\detect.htm -> [Ver = | Size = 12471 bytes | Created Date = 10/21/2007 4:25:57 PM | Attr = ]
Adobe Systems(2) -> %AllUsersAppData%\Adobe Systems(2) -> [Folder | Created Date = 10/16/2007 7:29:59 PM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 10/21/2007 3:16:13 PM | Attr = ]
McAfee -> %AllUsersAppData%\McAfee -> [Folder | Created Date = 10/18/2007 12:24:34 PM | Attr = ]
McAfee.com Personal Firewall -> %AllUsersAppData%\McAfee.com Personal Firewall -> [Folder | Created Date = 10/18/2007 2:02:26 PM | Attr = ]
GibbHill Properties Ltd -> %UserAppData%\GibbHill Properties Ltd -> [Folder | Created Date = 10/16/2007 6:39:14 PM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 10/18/2007 7:42:25 PM | Attr = ]
S?mantec -> %UserAppData%\S?mantec -> [Folder | Created Date = 9/7/1750 9:55:17 AM | Attr = ]
Adobe PDF -> %AllUsersDocuments%\Adobe PDF -> [Folder | Created Date = 10/16/2007 5:24:21 PM | Attr = ]
Updater -> %UserDocuments%\Updater -> [Folder | Created Date = 10/16/2007 5:29:04 PM | Attr = ]
?ymantec -> %UserDocuments%\?ymantec -> [Folder | Created Date = 6/24/1752 12:29:40 AM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 10/18/2007 7:42:19 PM | Attr = ]
avgas-setup-7.5.1.43.exe -> %UserDesktop%\avgas-setup-7.5.1.43.exe -> [Ver = | Size = 12413440 bytes | Created Date = 10/18/2007 7:41:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier ->
Internet Explorer (2).lnk -> %UserDesktop%\Internet Explorer (2).lnk -> [Ver = | Size = 767 bytes | Created Date = 11/2/2007 8:46:17 AM | Attr = ]
vice city.rtf -> %UserDesktop%\vice city.rtf -> [Ver = | Size = 4134 bytes | Created Date = 10/6/2007 3:08:19 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 10/21/2007 4:26:03 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 10/21/2007 4:25:33 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Created Date = 10/18/2007 2:04:16 PM | Attr = ]
McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Created Date = 10/18/2007 12:40:17 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526569472 bytes | Modified Date = 10/21/2007 6:05:20 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/21/2007 6:21:50 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/21/2007 6:21:50 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/21/2007 6:05:22 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/21/2007 5:00:30 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/18/2007 1:49:22 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/18/2007 1:49:00 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/21/2007 4:47:28 PM | Attr = HS]
mgrs.exe -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 10/21/2007 6:21:50 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/21/2007 6:21:50 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 10/21/2007 6:05:34 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 10/21/2007 4:32:52 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 10/21/2007 6:23:34 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 10/18/2007 1:41:04 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 10/21/2007 6:22:14 PM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 356 bytes | Modified Date = 10/18/2007 1:41:04 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 348 bytes | Modified Date = 10/18/2007 1:41:04 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/21/2007 6:05:28 PM | Attr = H ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 10/21/2007 4:47:30 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 10/18/2007 3:16:02 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/21/2007 5:22:18 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 10/18/2007 3:05:02 PM | Attr = ]
din.ip -> %System32%\din.ip -> [Ver = | Size = 13 bytes | Modified Date = 10/21/2007 5:25:58 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/18/2007 3:25:28 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/21/2007 5:26:00 PM | Attr = ]
drvfaw.dll -> %System32%\drvfaw.dll -> [Ver = | Size = 101376 bytes | Modified Date = 10/21/2007 5:25:46 PM | Attr = ]
drvfawr.dll -> %System32%\drvfawr.dll -> [Ver = | Size = 15360 bytes | Modified Date = 10/21/2007 5:25:46 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 159544 bytes | Modified Date = 10/21/2007 4:32:06 PM | Attr = ]
jvskjfsh.ini -> %System32%\jvskjfsh.ini -> [Ver = | Size = 693430 bytes | Modified Date = 10/19/2007 3:34:18 PM | Attr = HS]
mljhghi.dll -> %System32%\mljhghi.dll -> [Ver = | Size = 44054 bytes | Modified Date = 10/16/2007 7:51:38 PM | Attr = ]
mlnmp.bak1 -> %System32%\mlnmp.bak1 -> [Ver = | Size = 6474 bytes | Modified Date = 10/16/2007 8:00:10 PM | Attr = HS]
mlnmp.bak2 -> %System32%\mlnmp.bak2 -> [Ver = | Size = 754501 bytes | Modified Date = 10/21/2007 2:31:24 PM | Attr = HS]
mlnmp.ini -> %System32%\mlnmp.ini -> [Ver = | Size = 597277 bytes | Modified Date = 10/21/2007 6:23:34 PM | Attr = HS]
navwanvd.ini -> %System32%\navwanvd.ini -> [Ver = | Size = 4 bytes | Modified Date = 10/21/2007 5:25:58 PM | Attr = ]
opnoomm.dll -> %System32%\opnoomm.dll -> [Ver = | Size = 34304 bytes | Modified Date = 10/21/2007 6:07:32 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63264 bytes | Modified Date = 10/6/2007 8:42:40 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 402508 bytes | Modified Date = 10/6/2007 8:42:40 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 472596 bytes | Modified Date = 10/6/2007 8:42:40 AM | Attr = ]
pmnlm.dll -> %System32%\pmnlm.dll -> [Ver = | Size = 311904 bytes | Modified Date = 10/16/2007 7:59:48 PM | Attr = ]
qomlmnl.dll -> %System32%\qomlmnl.dll -> [Ver = | Size = 34304 bytes | Modified Date = 10/21/2007 5:25:38 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 10/18/2007 12:54:46 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 10/18/2007 3:04:52 PM | Attr = ]
winhab32.dll -> %System32%\winhab32.dll -> [Ver = | Size = 20480 bytes | Modified Date = 10/16/2007 7:52:10 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2126 bytes | Modified Date = 10/21/2007 4:32:22 PM | Attr = ]
xtaaicqh.dll -> %System32%\xtaaicqh.dll -> [Ver = | Size = 60928 bytes | Modified Date = 10/18/2007 8:22:16 AM | Attr = ]
cell_bg.gif -> %System32%\drivers\cell_bg.gif -> [Ver = | Size = 1342 bytes | Modified Date = 10/21/2007 5:25:58 PM | Attr = ]
cell_footer.gif -> %System32%\drivers\cell_footer.gif -> [Ver = | Size = 1373 bytes | Modified Date = 10/21/2007 5:26:00 PM | Attr = ]
cell_header_block.gif -> %System32%\drivers\cell_header_block.gif -> [Ver = | Size = 3313 bytes | Modified Date = 10/21/2007 5:26:00 PM | Attr = ]
cell_header_remove.gif -> %System32%\drivers\cell_header_remove.gif -> [Ver = | Size = 3552 bytes | Modified Date = 10/21/2007 5:26:00 PM | Attr = ]
cell_header_scan.gif -> %System32%\drivers\cell_header_scan.gif -> [Ver = | Size = 3479 bytes | Modified Date = 10/21/2007 5:26:00 PM | Attr = ]
detect.htm -> %System32%\drivers\detect.htm -> [Ver = | Size = 12471 bytes | Modified Date = 10/21/2007 5:25:58 PM | Attr = ]
Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 10/16/2007 6:21:10 PM | Attr = ]
Adobe Systems(2) -> %AllUsersAppData%\Adobe Systems(2) -> [Folder | Modified Date = 10/18/2007 3:03:46 PM | Attr = ]
AOL -> %AllUsersAppData%\AOL -> [Folder | Modified Date = 10/21/2007 4:01:56 PM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 10/21/2007 4:16:16 PM | Attr = ]
McAfee -> %AllUsersAppData%\McAfee -> [Folder | Modified Date = 10/18/2007 1:44:00 PM | Attr = ]
McAfee.com Personal Firewall -> %AllUsersAppData%\McAfee.com Personal Firewall -> [Folder | Modified Date = 10/18/2007 3:02:28 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 10/16/2007 8:35:32 PM | Attr = ]
GibbHill Properties Ltd -> %UserAppData%\GibbHill Properties Ltd -> [Folder | Modified Date = 10/16/2007 7:39:16 PM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 10/18/2007 8:42:26 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 10/21/2007 3:35:08 PM | Attr = S]
S?mantec -> %UserAppData%\S?mantec -> [Folder | Modified Date = 10/21/2007 6:11:08 PM | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 10/16/2007 6:33:54 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 35456 bytes | Modified Date = 10/21/2007 2:44:36 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3712744 bytes | Modified Date = 10/21/2007 6:00:30 PM | Attr = H ]
Adobe PDF -> %AllUsersDocuments%\Adobe PDF -> [Folder | Modified Date = 10/16/2007 6:24:26 PM | Attr = ]
Updater -> %UserDocuments%\Updater -> [Folder | Modified Date = 10/16/2007 6:29:06 PM | Attr = ]
?ymantec -> %UserDocuments%\?ymantec -> [Folder | Modified Date = 10/21/2007 5:26:36 PM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 10/18/2007 8:42:20 PM | Attr = ]
avgas-setup-7.5.1.43.exe -> %UserDesktop%\avgas-setup-7.5.1.43.exe -> [Ver = | Size = 12413440 bytes | Modified Date = 10/18/2007 8:41:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier ->
canada -> %UserDesktop%\canada -> [Folder | Modified Date = 10/18/2007 1:52:14 PM | Attr = ]
Internet Explorer (2).lnk -> %UserDesktop%\Internet Explorer (2).lnk -> [Ver = | Size = 767 bytes | Modified Date = 11/2/2007 9:46:18 AM | Attr = ]
mrtile -> %UserDesktop%\mrtile -> [Folder | Modified Date = 10/18/2007 1:52:14 PM | Attr = R ]
vice city.rtf -> %UserDesktop%\vice city.rtf -> [Ver = | Size = 4134 bytes | Modified Date = 10/6/2007 4:08:20 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 10/21/2007 6:04:22 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 10/21/2007 5:25:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 10/18/2007 3:04:06 PM | Attr = ]
Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Modified Date = 10/18/2007 3:04:18 PM | Attr = ]
McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Modified Date = 10/18/2007 10:06:38 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , PECompact2 , -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 10/21/2007 6:21:50 PM | Attr = ]
UPX! , UPX0 , -> %System32%\7-zip32.dll -> [Ver = 3, 11, 00, 01 | Size = 178176 bytes | Modified Date = 1/8/2007 6:29:08 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
PEC2 , -> %System32%\drvfaw.dll -> [Ver = | Size = 101376 bytes | Modified Date = 10/21/2007 5:25:46 PM | Attr = ]
UPX! , UPX0 , -> %System32%\GTW1.exe -> Leader Technologies [Ver = 1.07 | Size = 743936 bytes | Modified Date = 4/4/2006 3:38:44 PM | Attr = ]
aspack , -> %System32%\jesterss.dll -> [Ver = | Size = 23552 bytes | Modified Date = 7/3/2003 5:48:02 PM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft Corp. [Ver = 1.5.0512.0 | Size = 550120 bytes | Modified Date = 2/14/2006 5:20:14 PM | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 3/15/2007 12:22:38 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
PEC2 , -> %System32%\winhab32.dll -> [Ver = | Size = 20480 bytes | Modified Date = 10/16/2007 7:52:10 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 3/15/2007 12:19:58 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 3/15/2007 12:23:16 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\xtaaicqh.dll -> [Ver = | Size = 60928 bytes | Modified Date = 10/18/2007 8:22:16 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
PEC2 , PECompact2 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.05 | Size = 107008 bytes | Modified Date = 6/17/2007 7:07:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
PEC2 , PECompact2 , -> %CommonProgramFiles%\Yazzle1162OinAdmin.exe -> [Ver = | Size = 146432 bytes | Modified Date = 5/1/2007 9:35:12 AM | Attr = ]

< End of report >

BC AdBot (Login to Remove)

 


#2 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 PM

Posted 22 October 2007 - 11:43 PM

Hello and Welcome to Bleeping Computer.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Please give me some time to analyze your log, and I will post back with instructions ASAP.


Posted Image


#3 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 PM

Posted 23 October 2007 - 08:44 AM

Hi deir64,

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Posted Image


#4 deir64

deir64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 24 October 2007 - 08:01 PM

Thank you so much for helping, I was just about to give up.

Here is the combo fix log, next post will have hijacthis log


ComboFix 07-10-23.2 - Administrator 2007-10-24 18:53:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.276 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\SMANTE~1
C:\Documents and Settings\Administrator\Application Data\SMANTE~1\wowexec.exe
C:\Documents and Settings\Administrator\My Documents\YMANTE~1
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\All Users\Application Data.\bwbgbuti.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\racle~1
C:\Program Files\racle~1\r?gsvr32.exe
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\cookies.ini
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drvfaw.dll
C:\WINDOWS\system32\drvfawr.dll
C:\WINDOWS\system32\drvluzr.dll
C:\WINDOWS\system32\fkmdvbtn
C:\WINDOWS\system32\fkmdvbtn\bg1.gif
C:\WINDOWS\system32\fkmdvbtn\bgtop.gif
C:\WINDOWS\system32\fkmdvbtn\bottom1.gif
C:\WINDOWS\system32\fkmdvbtn\essentials.gif
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn1.exe
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn2.exe
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn3.exe
C:\WINDOWS\system32\fkmdvbtn\icon1.ico
C:\WINDOWS\system32\fkmdvbtn\install1.gif
C:\WINDOWS\system32\fkmdvbtn\left1.gif
C:\WINDOWS\system32\fkmdvbtn\li.gif
C:\WINDOWS\system32\fkmdvbtn\logo.gif
C:\WINDOWS\system32\fkmdvbtn\main.htm
C:\WINDOWS\system32\fkmdvbtn\mainframe.htm
C:\WINDOWS\system32\fkmdvbtn\reinstall1.gif
C:\WINDOWS\system32\fkmdvbtn\right1.gif
C:\WINDOWS\system32\fkmdvbtn\s1.htm
C:\WINDOWS\system32\fkmdvbtn\s2.htm
C:\WINDOWS\system32\fkmdvbtn\s3.htm
C:\WINDOWS\system32\fkmdvbtn\SMTop1.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop2.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop3.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop4.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\softbottom_off.gif
C:\WINDOWS\system32\fkmdvbtn\softbottom_on.gif
C:\WINDOWS\system32\fkmdvbtn\softleft_off.gif
C:\WINDOWS\system32\fkmdvbtn\softleft_on.gif
C:\WINDOWS\system32\fkmdvbtn\top1.gif
C:\WINDOWS\system32\fkmdvbtn\top2.gif
C:\WINDOWS\system32\fkmdvbtn\turnoff1.gif
C:\WINDOWS\system32\fkmdvbtn\turnon1.gif
C:\WINDOWS\system32\fwsqbhms.dll
C:\WINDOWS\system32\mljhghi.dll
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\uteb.dll
C:\WINDOWS\system32\winhab32.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-24 18:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 18:44 84,544 --a------ C:\WINDOWS\system32\jtocnkqi.dll
2007-10-24 18:43 16,024 --a------ C:\info.exe
2007-10-24 18:43 15 --a------ C:\WINDOWS\system32\iexchg.dll
2007-10-24 18:42 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-24 18:42 9,728 --a------ C:\Program Files\hlpsrv.exe
2007-10-24 18:41 <DIR> d-------- C:\Program Files\Yqcijdlo
2007-10-24 18:41 <DIR> d-------- C:\Program Files\ojodwxit
2007-10-24 18:41 36,352 --a------ C:\WINDOWS\system32\tuvuuvt.dll
2007-10-24 18:40 102,912 --a------ C:\WINDOWS\system32\drvluz.dll
2007-10-21 18:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-21 18:07 34,304 --a------ C:\WINDOWS\system32\opnoomm.dll
2007-10-21 17:27 14,900 --a------ C:\Program Files\3269.exe
2007-10-21 17:25 34,304 --a------ C:\WINDOWS\system32\qomlmnl.dll
2007-10-19 15:28 <DIR> d-------- C:\Program Files\Adsense Helper Object
2007-10-18 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-10-18 15:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-10-18 15:03 <DIR> d-------- C:\Program Files\RegCure
2007-10-18 13:40 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-18 13:40 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-16 19:38 <DIR> d-------- C:\Program Files\AlphaZIP
2007-10-16 19:38 156,160 --a------ C:\WINDOWS\system32\ztvunrar3.dll
2007-10-16 19:38 75,264 --a------ C:\WINDOWS\system32\ztvunacev2.dll
2007-10-16 19:38 65,536 --a------ C:\WINDOWS\system32\ztvcabinet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 17:15 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-23 16:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Active Disk
2007-10-21 21:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-18 19:43 --------- d-----w C:\Program Files\McAfee
2007-09-11 00:25 10,920 ----a-w C:\aolconnfix.exe
2007-04-22 22:19 130 -c--a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
2007-10-24 18:41 106496 --a------ C:\Program Files\Yqcijdlo\gjjmhoie.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 15:30]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]
"885c465c"="C:\WINDOWS\system32\jtocnkqi.dll" [2007-10-24 18:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ealb"="C:\DOCUME~1\ADMINI~1\APPLIC~1\SMANTE~1\wowexec.exe" []
"Pkrpgk"="C:\Program Files\?racle\r?gsvr32.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnlm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
"C:\Program Files\Gateway\GWCares\GWCares.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"C:\Program Files\Microsoft Location Finder\LocationFinder.exe"


.
Contents of the 'Scheduled Tasks' folder
"2006-12-05 23:43:09 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-12-05 23:43:09 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-10-18 19:41:03 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-10-18 19:41:02 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-24 18:56:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-24 18:57:46 - machine was rebooted
.
--- E O F ---

#5 deir64

deir64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 24 October 2007 - 08:10 PM

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:05 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=NX570X
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - C:\Program Files\Yqcijdlo\gjjmhoie.dll
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [885c465c] rundll32.exe "C:\WINDOWS\system32\jtocnkqi.dll",b
O4 - HKCU\..\Run: [Ealb] "C:\DOCUME~1\ADMINI~1\APPLIC~1\SMANTE~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [Pkrpgk] "C:\Program Files\?racle\r?gsvr32.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 3954 bytes

#6 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 PM

Posted 26 October 2007 - 11:34 AM

Hey deir64,

Step 1
Unless you are comparatively knowledgeable about your version of Windows, you can certainly do more harm to your computer's functioning than any small improvements made by registry cleaners warrant.
There are safer methods to employ to speed performance, and these usually produce noticeable results. See this pinned topic for a start:

http://www.bleepingcomputer.com/forums/t/44690/slow-computer/

Therefore I recommend uninstalling RegCure via Add or Remove Programs.

Step 2
Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

E404 Helper

Step 3
Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=NX570X
O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - C:\Program Files\Yqcijdlo\gjjmhoie.dll
O4 - HKCU\..\Run: [Ealb] "C:\DOCUME~1\ADMINI~1\APPLIC~1\SMANTE~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [Pkrpgk] "C:\Program Files\?racle\r?gsvr32.exe"


Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Step 4
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\?racle

Step 5
Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\jtocnkqi.dll
C:\info.exe
C:\WINDOWS\system32\iexchg.dll
C:\Program Files\hlpsrv.exe
C:\WINDOWS\system32\tuvuuvt.dll
C:\WINDOWS\system32\drvluz.dll
C:\WINDOWS\system32\opnoomm.dll
C:\Program Files\3269.exe
C:\WINDOWS\system32\qomlmnl.dll

Folder::
C:\Program Files\E404 Helper
C:\Program Files\Yqcijdlo
C:\Program Files\ojodwxit
C:\DOCUME~1\ADMINI~1\APPLIC~1\SMANTE~1

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Step 6
Please do the following since you already have WinPFind3.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Step 7
Please post the following in your next reply
  • Combofix.txt
  • Fresh HJT Log
  • WinPFind3 Log
  • Update on how everything is running


Posted Image


#7 deir64

deir64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 26 October 2007 - 02:42 PM

combofix log

ComboFix 07-10-23.2 - Administrator 2007-10-26 12:56:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.238 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\info.exe
C:\Program Files\3269.exe
C:\Program Files\hlpsrv.exe
C:\WINDOWS\system32\drvluz.dll
C:\WINDOWS\system32\iexchg.dll
C:\WINDOWS\system32\jtocnkqi.dll
C:\WINDOWS\system32\opnoomm.dll
C:\WINDOWS\system32\qomlmnl.dll
C:\WINDOWS\system32\tuvuuvt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\internet.lnk
C:\info.exe
C:\Program Files\3269.exe
C:\Program Files\E404 Helper
C:\Program Files\E404 Helper\e404.v1.dll
C:\Program Files\hlpsrv.exe
C:\Program Files\ojodwxit
C:\Program Files\ojodwxit\ydejsvgr.dll
C:\Program Files\Yqcijdlo
C:\Program Files\Yqcijdlo\gjjmhoie.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\drvluz.dll
C:\WINDOWS\system32\iexchg.dll
C:\WINDOWS\system32\jtocnkqi.dll
C:\WINDOWS\system32\opnoomm.dll
C:\WINDOWS\system32\qomlmnl.dll
C:\WINDOWS\system32\tuvuuvt.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.

2007-10-24 18:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-21 18:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-19 15:28 <DIR> d-------- C:\Program Files\Adsense Helper Object
2007-10-18 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-10-18 15:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-10-18 13:40 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-18 13:40 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-16 19:38 <DIR> d-------- C:\Program Files\AlphaZIP
2007-10-16 19:38 156,160 --a------ C:\WINDOWS\system32\ztvunrar3.dll
2007-10-16 19:38 75,264 --a------ C:\WINDOWS\system32\ztvunacev2.dll
2007-10-16 19:38 65,536 --a------ C:\WINDOWS\system32\ztvcabinet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 17:15 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-23 16:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Active Disk
2007-10-21 21:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-18 19:43 --------- d-----w C:\Program Files\McAfee
2007-09-11 00:25 10,920 ----a-w C:\aolconnfix.exe
2007-04-22 22:19 130 -c--a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 15:30]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]
"885c465c"="C:\WINDOWS\system32\jtocnkqi.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
"C:\Program Files\Gateway\GWCares\GWCares.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"C:\Program Files\Microsoft Location Finder\LocationFinder.exe"


.
Contents of the 'Scheduled Tasks' folder
"2006-12-05 23:43:09 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-12-05 23:43:09 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-10-18 19:41:03 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-10-18 19:41:02 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 12:59:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-26 13:00:22 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-24 18:57
.
--- E O F ---



hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:55 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [885c465c] rundll32.exe "C:\WINDOWS\system32\jtocnkqi.dll",b
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 3527 bytes

#8 deir64

deir64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 26 October 2007 - 02:44 PM

winp.. log

WinPFind3 logfile created on: 10/26/2007 1:03:47 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Administrator\Desktop\Spyware\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

502.11 Mb Total Physical Memory | 253.09 Mb Available Physical Memory | 50.41% Memory free
1.20 Gb Paging File | 0.94 Gb Available in Paging File | 78.86% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.66 Gb Total Space | 58.32 Gb Free Space | 84.95% Space Free
Drive D: | 5.85 Gb Total Space | 2.97 Gb Free Space | 50.77% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-D552846388
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
adservice.exe -> %ProgramFiles%\Iomega\AutoDisk\ADService.exe -> Iomega Corporation [Ver = 3, 2, 1, 5 | Size = 151552 bytes | Modified Date = 9/24/2002 5:39:48 PM | Attr = ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 6:50:36 AM | Attr = R ]
appservices.exe -> %ProgramFiles%\Iomega\System32\AppServices.exe -> Iomega Corporation [Ver = 2, 0, 2, 5 | Size = 73728 bytes | Modified Date = 9/4/2002 3:11:04 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 3:25:42 AM | Attr = ]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.0.1.2200 | Size = 622653 bytes | Modified Date = 3/14/2006 3:42:18 PM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.2200 | Size = 266295 bytes | Modified Date = 3/14/2006 3:34:38 PM | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20 | Size = 434176 bytes | Modified Date = 8/2/2006 2:39:20 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 6:31:10 AM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.5.0.1035 | Size = 86140 bytes | Modified Date = 10/12/2005 2:30:24 PM | Attr = ]
imgicon.exe -> %ProgramFiles%\Iomega\DriveIcons\Imgicon.exe -> Iomega [Ver = 6, 3, 0, 56 | Size = 86016 bytes | Modified Date = 8/13/2002 3:30:58 PM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4 | Size = 327680 bytes | Modified Date = 8/2/2006 2:24:22 AM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.0.34 | Size = 937984 bytes | Modified Date = 8/2/2006 2:31:22 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\Spyware\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> File not found
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 6:50:36 AM | Attr = R ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 6:31:10 AM | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.2200 | Size = 266295 bytes | Modified Date = 3/14/2006 3:34:38 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20 | Size = 434176 bytes | Modified Date = 8/2/2006 2:39:20 AM | Attr = ]
(IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.5.0.1035 | Size = 86140 bytes | Modified Date = 10/12/2005 2:30:24 PM | Attr = ]
(Iomega Activity Disk2) Iomega Activity Disk2 [Win32_Own | Disabled | Stopped] -> -> File not found
(Iomega App Services) Iomega App Services [Win32_Own | Auto | Running] -> %ProgramFiles%\Iomega\System32\AppServices.exe -> Iomega Corporation [Ver = 2, 0, 2, 5 | Size = 73728 bytes | Modified Date = 9/4/2002 3:11:04 PM | Attr = ]
(PrismXL) PrismXL [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.3.30 | Size = 196608 bytes | Modified Date = 11/29/2006 6:14:50 PM | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4 | Size = 327680 bytes | Modified Date = 8/2/2006 2:24:22 AM | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.0.34 | Size = 937984 bytes | Modified Date = 8/2/2006 2:31:22 AM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 12:29:46 PM | Attr = ]
(_IOMEGA_ACTIVE_DISK_SERVICE_) Iomega Active Disk [Win32_Own | Auto | Running] -> %ProgramFiles%\Iomega\AutoDisk\ADService.exe -> Iomega Corporation [Ver = 3, 2, 1, 5 | Size = 151552 bytes | Modified Date = 9/24/2002 5:39:48 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 3:25:42 AM | Attr = ]
885c465c -> %System32%\jtocnkqi.DLL [rundll32.exe "C:\WINDOWS\system32\jtocnkqi.dll",b] -> File not found
Iomega Drive Icons -> %ProgramFiles%\Iomega\DriveIcons\Imgicon.exe -> Iomega [Ver = 6, 3, 0, 56 | Size = 86016 bytes | Modified Date = 8/13/2002 3:30:58 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.0.1.2200 | Size = 622653 bytes | Modified Date = 3/14/2006 3:42:18 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 6:29:58 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4543 | Size = 139264 bytes | Modified Date = 3/23/2006 2:12:42 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.msn.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.aol.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 3:56:50 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 5/29/2003 2:53:12 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{20A0AE0D-AB52-4F76-B17A-A802F393A5D9} -> () ->
{62C055F6-F63F-4065-862C-DAA7EE58B918} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{A8DAB202-9A62-41EC-967A-8027FAEF472E} -> (1394 Net Adapter) ->
{B4249BE6-CCF7-4CC7-9DFC-2B7F7C98B2A8} -> (Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{407408d4-94ed-4d86-ab69-a7f649d112ee} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
KB910393 -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall ->
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
[HKLM] -> Reg Data - Key not found [] -> File not found
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> %ProgramFiles%\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> File not found
{3AEEA5E5-1604-4C19-A91C-C049919C82EF} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [AlphaZip] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{44AD9C9A-62E6-49A8-9AE0-5EE7F4B91145} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [Alpha-Zip Drop Menu] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{5AD42C8A-F224-4113-9851-8A9A489A0CA6} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [Alpha-Zip Context Menu] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{6af09ec9-b429-11d4-a1fb-0090960218cb} [HKLM] -> %System32%\btneighborhood.dll [My Bluetooth Places] -> Broadcom Corporation. [Ver = 5.0.1.2200 | Size = 1065037 bytes | Modified Date = 3/14/2006 3:37:42 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7D5C4BDD-B015-4401-8731-1507B87DE297} [HKLM] -> %CommonProgramFiles%\Intuit\QuickBooks\QBVersionTool.dll [QBVersionTool] -> Intuit Inc. [Ver = 16.0D R3 | Size = 212992 bytes | Modified Date = 12/8/2005 10:30:44 AM | Attr = ]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} [HKLM] -> %System32%\ShellvRTF.dll [SampleView] -> XSS [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Modified Date = 9/21/2002 1:42:28 AM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
{C4995F03-3866-499C-9315-CE361502FE58} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [AlphaZip - UI Object] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{c7745760-8ead-11ce-b750-02608ca5202c} [HKLM] -> %ProgramFiles%\Iomega\Shell\IMGMENU.DLL [IomegaWare Shell Extension] -> Iomega Corp. [Ver = 8, 0, 2, 5 | Size = 61440 bytes | Modified Date = 9/25/2002 11:08:16 AM | Attr = ]
{c7745761-8ead-11ce-b750-02608ca5202c} [HKLM] -> %ProgramFiles%\Iomega\Shell\IMGPROP.DLL [IomegaWare Shell Extension] -> Iomega Corp. [Ver = 7, 0, 2, 2 | Size = 49152 bytes | Modified Date = 7/16/2002 11:55:40 AM | Attr = ]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 948 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 6N+[-^Hk)db9e6dd4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> V4i ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 8 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> hԫ6IML ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> V% ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2896 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 4:20:02 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
{5AD42C8A-F224-4113-9851-8A9A489A0CA6} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [AlphaZipContextMenu] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 144944 bytes | Modified Date = 5/30/2007 6:29:46 AM | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
{5AD42C8A-F224-4113-9851-8A9A489A0CA6} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [AlphaZipContextMenu] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 144944 bytes | Modified Date = 5/30/2007 6:29:46 AM | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ ->
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4543 | Size = 143360 bytes | Modified Date = 3/23/2006 2:16:46 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
{5AD42C8A-F224-4113-9851-8A9A489A0CA6} [HKLM] -> %ProgramFiles%\AlphaZIP\AlphaZip.dll [AlphaZipContextMenu] -> Alpha ZIP [Ver = 1.3.0.441 | Size = 2416128 bytes | Modified Date = 7/31/2007 7:30:18 PM | Attr = ]
< ControlSets > -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk -> %ProgramFiles%\BigFix\bigfix.exe -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk -> %ProgramFiles%\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe -> File not found
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Gateway Extended Warranty -> %ProgramFiles%\Gateway\GWCares\GWCares.exe -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ->
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8194 - Reg Data - Key not found ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8192 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Windows Messenger ->
NextId -> 8195 ->
< Security Settings > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2896 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *; ->
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 -> ->
%SystemRoot% -> ->
%SystemRoot%\System32\Wbem -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> ->
.EXE -> ->
.BAT -> ->
.CMD -> ->
.VBS -> ->
.VBE -> ->
.JS -> ->
.JSE -> ->
.WSF -> ->
.WSH -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 5/27/2005 12:22:02 AM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Modified Date = 3/17/2006 5:03:54 AM | Attr = ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
htmlfile [edit] -> Reg Data - Key not found ->
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.2912 (xpsp.060519-0021) | Size = 3055104 bytes | Modified Date = 5/19/2006 4:06:04 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp.060529-0207) | Size = 1496576 bytes | Modified Date = 5/29/2006 4:32:10 PM | Attr = ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.2912 (xpsp.060519-0021) | Size = 3055104 bytes | Modified Date = 5/19/2006 4:06:04 PM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Modified Date = 3/17/2006 5:03:54 AM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> File not found
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^0OzIj
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> gԋ4:?Ӽdg ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xȓ܊݄} ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> *BV%M/g ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_ikj" ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} -> mLogView ->
{15377C3E-9655-400F-B441-E69F0A6BEAFE} -> Recovery Software Suite Gateway ->
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> DVD Solution ->
{23FB368F-1399-4EAC-817C-4B83ECBE3D83} -> mProSafe ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{3E9D596A-61D4-4239-BD19-2DB984D2A16F} -> mIWA ->
{3F4EC965-28EF-45C3-B063-04B25D4E9679} -> WIDCOMM Bluetooth Software ->
{40BF1E83-20EB-11D8-97C5-0009C5020658} -> Power2Go 4.0 ->
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD ->
{69B02159-7626-4DBB-B9EE-F933039830AD} -> QuickBooks Premier: Contractor Edition 2006 ->
{6D52C408-B09A-4520-9B18-475B81D393F1} -> Microsoft Works ->
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 ->
{7148F0A8-6813-11D6-A77B-00B0D0142000} -> Java 2 Runtime Environment, SE v1.4.2 ->
{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B} -> Microsoft Streets & Trips 2006 ->
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel® Graphics Media Accelerator Driver ->
{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} -> mPfMgr ->
{8C6BB412-D3A8-4AAE-A01B-35B681789D68} -> mHelp ->
{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} -> Intel Matrix Storage Manager ->
{90B0D222-8C21-4B35-9262-53B042F18AF9} -> mPfWiz ->
{90CC4231-94AC-45CD-991A-0253BFAC0650} -> mDrWiFi ->
{94658027-9F16-4509-BBD7-A59FE57C3023} -> mZConfig ->
{9875BF9C-8565-4085-B6A4-5D8D838FB5C3} -> HP Deskjet 460 ->
{9941F0AA-B903-4AF4-A055-83A9815CC011} -> Sonic Encoders ->
{9CC89556-3578-48DD-8408-04E66EBEF401} -> mXML ->
{9D18F7F8-B984-4249-8512-CC621BC59F12} -> Microsoft Location Finder ->
{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} -> mDriver ->
{A462213D-EED4-42C2-9A60-7BDD4D4B0B17} -> SigmaTel Audio ->
{AC76BA86-7AD7-1033-7B44-A70000000000} -> Adobe Reader 7.0 ->
{AD7914E1-6453-4440-AEC7-02C72AD6FE5F} -> TIPCI ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{E81667C6-2856-46D6-ABEA-6A2F42166779} -> mCore ->
{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} -> mMHouse ->
{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} -> mWlsSafe ->
Active Disk -> Active Disk ->
Adobe PageMaker 6.5 -> Adobe PageMaker 6.5 ->
AlphaZIP -> AlphaZIP ->
AOL Uninstaller -> AOL Uninstaller (Choose which Products to Remove) ->
AOLCoach -> AOL Coach Version 1.0(Build:20040229.1 en) ->
AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 ->
BoardGamesDeinstKey -> Board Game Classics ->
HijackThis -> HijackThis 2.0.2 ->
hp deskjet 460 series -> HP Deskjet 460 Series ->
InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F} -> Texas Instruments PCIxx21/x515/xx12 drivers. ->
IomegaWare -> IomegaWare 4.0.3 ->
KB834707 -> Windows XP Hotfix - KB834707 ->
KB867282 -> Windows XP Hotfix - KB867282 ->
KB873333 -> Windows XP Hotfix - KB873333 ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB883939 -> Security Update for Windows XP (KB883939) ->
KB885250 -> Windows XP Hotfix - KB885250 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB888111WXPSP2 -> High Definition Audio Driver Package - KB888111 ->
KB888113 -> Windows XP Hotfix - KB888113 ->
KB888239 -> Windows XP Hotfix - KB888239 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB888795 -> Hotfix for Windows XP (KB888795) ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890047 -> Windows XP Hotfix - KB890047 ->
KB890175 -> Windows XP Hotfix - KB890175 ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB890923 -> Windows XP Hotfix - KB890923 ->
KB891593 -> Hotfix for Windows XP (KB891593) ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB893066 -> Windows XP Hotfix - KB893066 ->
KB893086 -> Windows XP Hotfix - KB893086 ->
KB893357 -> Hotfix for Windows XP (KB893357) ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803 -> Windows Installer 3.1 (KB893803) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894391 -> Update for Windows XP (KB894391) ->
KB895953 -> Hotfix for Windows XP (KB895953) ->
KB895961 -> Hotfix for Windows XP (KB895961) ->
KB896256 -> Hotfix for Windows XP (KB896256) ->
KB896344 -> Hotfix for Windows XP (KB896344) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896422 -> Security Update for Windows XP (KB896422) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896424 -> Security Update for Windows XP (KB896424) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB896688 -> Security Update for Windows XP (KB896688) ->
KB896727 -> Update for Windows XP (KB896727) ->
KB898458 -> Security Update for Step By Step Interactive Training (KB898458) ->
KB899337 -> Hotfix for Windows XP (KB899337) ->
KB899510 -> Hotfix for Windows XP (KB899510) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899588 -> Security Update for Windows XP (KB899588) ->
KB899589 -> Security Update for Windows XP (KB899589) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900325 -> Update Rollup 2 for Windows XP Media Center Edition 2005 ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB902841 -> Hotfix for Windows XP (KB902841) ->
KB903157 -> Hotfix for Windows Media Player 10 (KB903157) ->
KB903235 -> Security Update for Windows XP (KB903235) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB905915 -> Security Update for Windows XP (KB905915) ->
KB906569 -> Hotfix for Windows XP (KB906569) ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908531 -> Security Update for Windows XP (KB908531) ->
KB909095 -> Hotfix for Windows XP (KB909095) ->
KB910393 -> Update for Windows Media Player 10 (KB910393) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB910728 -> Hotfix for Windows XP (KB910728) ->
KB911280 -> Security Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB911565 -> Security Update for Windows Media Player 10 (KB911565) ->
KB911567 -> Security Update for Windows XP (KB911567) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912024 -> Hotfix for Windows XP (KB912024) ->
KB912812 -> Security Update for Windows XP (KB912812) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB912945 -> Update for Windows XP (KB912945) ->
KB913433 -> Security Update for Windows XP (KB913433) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB913800 -> Update for Windows Media Player 10 (KB913800) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB914548 -> Windows XP Media Center Edition 2005 KB914548 ->
KB914906 -> Hotfix for Windows XP (KB914906) ->
KB916281 -> Security Update for Windows XP (KB916281) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917159 -> Security Update for Windows XP (KB917159) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917537 -> Security Update for Windows XP (KB917537) ->
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918439 -> Security Update for Windows XP (KB918439) ->
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 ->
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 ->
ProInst -> Intel® PROSet/Wireless Software ->
QuickTime -> QuickTime ->
QuickTime32 -> QuickTime for Windows (32-bit) ->
RealPlayer 6.0 -> RealPlayer Basic ->
SMSERIAL -> Motorola SM56 Data Fax Modem ->
StreetPlugin -> Learn2 Player (Uninstall Only) ->
SynTPDeinstKey -> Synaptics Pointing Device Driver ->
ViewpointMediaPlayer -> Viewpoint Media Player ->
WGA -> Windows Genuine Advantage Validation Tool ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
WinPhlash -> WinPhlash ->
< WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW ->
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< EventViewer Logs > -> Errors and Warnings -> Description
Application - Warning - 10/15/2007 9:25:16 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/16/2007 7:16:50 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/19/2007 9:05:32 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/19/2007 4:04:16 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/20/2007 10:55:10 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/31/2007 10:10:31 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 11/2/2007 9:24:38 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/5/2007 5:12:43 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/6/2007 11:04:19 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/6/2007 3:16:36 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/7/2007 4:16:15 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/8/2007 7:20:21 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/9/2007 7:03:53 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/11/2007 6:04:49 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/13/2007 12:49:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Hang -> Description = Hanging application aolphxexe version 9001 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 10/13/2007 7:50:21 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/14/2007 1:00:15 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/14/2007 2:04:01 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/14/2007 7:40:37 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/15/2007 2:18:53 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/15/2007 5:10:29 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/16/2007 12:41:04 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/16/2007 5:41:27 PM -> Computer Name = YOUR-D552846388 - User Name = YOUR-D552846388\Administrator - Source = MsiInstaller -> Description = Product Adobe Common File Installer -- Error 1500Another installation is in progress You must complete that installation before continuing this one
Application - Error - 10/16/2007 5:41:28 PM -> Computer Name = YOUR-D552846388 - User Name = YOUR-D552846388\Administrator - Source = MsiInstaller -> Description = Product Adobe Common File Installer -- Error 1500Another installation is in progress You must complete that installation before continuing this one
Application - Error - 10/16/2007 5:41:29 PM -> Computer Name = YOUR-D552846388 - User Name = YOUR-D552846388\Administrator - Source = MsiInstaller -> Description = Product Adobe Common File Installer -- Error 1500Another installation is in progress You must complete that installation before continuing this one
Application - Error - 10/16/2007 7:24:43 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Hang -> Description = Hanging application msiexecexe version 3140001823 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 10/16/2007 7:47:38 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 11:48:49 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 11:54:57 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 1:07:10 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 2:01:48 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 2:32:33 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/18/2007 7:25:21 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 10/18/2007 8:22:35 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/18/2007 10:50:21 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/19/2007 2:21:10 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/19/2007 2:29:55 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Error -> Description =
Application - Warning - 10/19/2007 2:47:37 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/19/2007 3:09:11 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/19/2007 3:46:46 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = EventSystem -> Description = The COM Event System detected a bad return code during its internal processing HRESULT was 800706BF from line 44 of dqxpslpcomcom1xsrceventstier1eventsystemobjcpp Please contact Microsoft Product Support Services to report this error
Application - Warning - 10/19/2007 3:46:50 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/19/2007 3:48:44 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/19/2007 7:53:38 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = EventSystem -> Description = The COM Event System detected a bad return code during its internal processing HRESULT was 800706BA from line 44 of dqxpslpcomcom1xsrceventstier1eventsystemobjcpp Please contact Microsoft Product Support Services to report this error
Application - Warning - 10/19/2007 7:53:42 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/21/2007 2:05:06 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Winlogon -> Description = A critical system process CWINDOWSsystem32lsassexe failed with status code 00000000 The machinemust now be restarted
Application - Error - 10/21/2007 3:15:07 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Windows Product Activation -> Description = The Windows license was restored due to a system error You might need to reactivate your Windows product
Application - Error - 10/21/2007 3:32:22 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Windows Product Activation -> Description = The Windows license was restored due to a system error You might need to reactivate your Windows product
Application - Error - 10/21/2007 4:14:23 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = EventSystem -> Description = The COM Event System detected a bad return code during its internal processing HRESULT was 800706BA from line 44 of dqxpslpcomcom1xsrceventstier1eventsystemobjcpp Please contact Microsoft Product Support Services to report this error
Application - Warning - 10/21/2007 4:14:27 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/21/2007 5:02:57 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Hang -> Description = Hanging application WinPFind3Uexe version 10420 hang module hungapp version 0000 hang address 0x00000000
Application - Warning - 10/21/2007 5:04:29 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/21/2007 5:50:41 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/23/2007 10:02:44 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Winlogon -> Description = A critical system process CWINDOWSsystem32lsassexe failed with status code 00000000 The machinemust now be restarted
Application - Warning - 10/23/2007 10:03:46 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/23/2007 10:28:58 AM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Warning - 10/24/2007 5:55:19 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description =
Application - Error - 10/24/2007 5:57:15 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Error -> Description =
Application - Error - 10/24/2007 8:38:12 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Application Error -> Description =
System - Warning - 10/15/2007 9:14:58 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized
System - Warning - 10/15/2007 9:25:12 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/19/2007 9:05:32 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/20/2007 10:55:10 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 11/4/2007 2:58:22 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = W32Time -> Description = The time service has detected that the system time needs to be changed by -2591945 seconds The time service will not change the system time by more than -54000 seconds Verify that your time and time zone are correct and that the time source timewindowscom (ntpm0x1192168065123->20746130100123) is working properly
System - Warning - 10/5/2007 3:18:18 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Warning - 10/5/2007 3:51:52 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Warning - 10/5/2007 5:12:43 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/6/2007 8:40:52 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DEB1973F The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 10/6/2007 11:04:20 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/7/2007 1:15:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of IWMSWindow
System - Warning - 10/7/2007 1:15:21 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DEB1973F The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 10/7/2007 3:25:29 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DEB1973F The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 10/7/2007 4:16:18 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/8/2007 7:20:20 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/9/2007 4:47:03 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0018DEB1973F The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Warning - 10/9/2007 7:03:52 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/11/2007 5:54:04 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Warning - 10/14/2007 1:00:16 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/14/2007 2:03:57 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/14/2007 7:04:40 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Warning - 10/14/2007 7:40:39 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/16/2007 12:41:04 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 10/16/2007 6:50:08 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = System Error -> Description = Error code 10000050 parameter1 d5957048 parameter2 00000008 parameter3 d5957048 parameter4 00000000
System - Error - 10/16/2007 6:51:22 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = System Error -> Description = Error code 10000050 parameter1 d5957048 parameter2 00000008 parameter3 d5957048 parameter4 00000000
System - Error - 10/16/2007 6:54:44 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = System Error -> Description = Error code 10000050 parameter1 d5957048 parameter2 00000008 parameter3 d5957048 parameter4 00000000
System - Warning - 10/16/2007 7:47:37 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Warning - 10/18/2007 11:42:02 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Error - 10/18/2007 11:48:51 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = W32Time -> Description = Time Provider NtpClient An error occurred during DNS lookup of the manuallyconfigured peer timewindowscom0x1 NtpClient will try the DNS lookup again in 15minutesThe error was A socket operation was attempted to an unreachable host (0x80072751)
System - Error - 10/18/2007 11:48:51 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = W32Time -> Description = The time provider NtpClient is configured to acquire time from one or moretime sources however none of the sources are currently accessible No attempt to contact a source will be made for 14 minutesNtpClient has no source of accurate time
System - Warning - 10/18/2007 1:07:08 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 10/18/2007 1:58:26 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 10/18/2007 1:59:29 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Warning - 10/18/2007 2:32:32 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 10/18/2007 7:55:39 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:55:49 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:55:58 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:56:08 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The WAN Miniport (ATW) Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:56:34 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:57:20 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Receiver Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/18/2007 7:57:37 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Receiver Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/18/2007 7:58:25 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/18/2007 7:58:31 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The AOL Connectivity Service service terminated unexpectedly It has done this 1 time(s)
System - Warning - 10/18/2007 8:01:22 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = PlugPlayManager -> Description = The service ehSched may not have unregistered for device event notifications before it was stopped
System - Error - 10/18/2007 8:01:25 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Scheduler Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:20:50 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DomainService service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 0 milliseconds Restart the service
System - Error - 10/19/2007 2:20:58 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DomainService service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 0 milliseconds Restart the service
System - Error - 10/19/2007 2:20:58 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the DomainService service to connect
System - Error - 10/19/2007 2:38:31 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Extender Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/19/2007 2:38:39 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:39:00 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The WAN Miniport (ATW) Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:39:26 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:39:32 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:40:58 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 2:41:09 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Event Log service terminated unexpectedly It has done this 1 time(s)
System - Warning - 10/19/2007 2:47:38 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 10/19/2007 3:22:01 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 3:44:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The WAN Miniport (ATW) Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 3:44:32 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 3:44:52 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 3:45:43 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Remote Procedure Call (RPC) service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 60000 milliseconds Reboot the machine
System - Error - 10/19/2007 3:45:57 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Warning - 10/19/2007 3:48:44 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Win32k -> Description =
System - Error - 10/19/2007 7:52:56 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/19/2007 7:53:03 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Remote Procedure Call (RPC) service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 60000 milliseconds Reboot the machine
System - Warning - 10/19/2007 8:03:35 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =
System - Error - 10/21/2007 1:32:36 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 1:33:00 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DCOM Server Process Launcher service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 60000 milliseconds Reboot the machine
System - Error - 10/21/2007 1:33:00 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Terminal Services service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 1:36:52 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DomainService service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 0 milliseconds Restart the service
System - Error - 10/21/2007 1:59:31 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Ntfs -> Description = The file system structure on the disk is corrupt and unusablePlease run the chkdsk utility on the volume C
System - Error - 10/21/2007 2:04:19 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 2:04:25 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 2:04:52 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Extender Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/21/2007 3:27:34 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The WAN Miniport (ATW) Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:27:34 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:33:02 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 3:35:22 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:35:30 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:35:39 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Extender Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/21/2007 3:36:47 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 3:38:01 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The SSDP Discovery Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:38:08 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DCOM Server Process Launcher service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 60000 milliseconds Reboot the machine
System - Error - 10/21/2007 3:38:08 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Terminal Services service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:38:31 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:40:02 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 3:53:14 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 3:53:34 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The WAN Miniport (ATW) Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 4:11:07 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 4:13:15 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/21/2007 4:13:21 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Remote Procedure Call (RPC) service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 60000 milliseconds Reboot the machine
System - Error - 10/21/2007 4:15:39 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 4:37:22 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 10/21/2007 4:37:25 PM -> Computer Name = YOUR-D552846388 - User Name = YOUR-D552846388\Administrator - Source = DCOM -> Description =
System - Error - 10/21/2007 4:38:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error 31
System - Error - 10/21/2007 4:38:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31
System - Error - 10/21/2007 4:38:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The TCPIP NetBIOS Helper service depends on the AFD service which failed to start because of the following error 31
System - Error - 10/21/2007 4:38:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31
System - Error - 10/21/2007 4:38:17 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AFDAVG Anti-Spyware DriverAvgAsClnFipsintelppmIPSecMRxSmbNetBIOSNetBTRasAcdRdbssTcpip
System - Error - 10/21/2007 5:00:24 PM -> Computer Name = YOUR-D552846388 - User Name = YOUR-D552846388\Administrator - Source = DCOM -> Description =
System - Error - 10/21/2007 5:00:32 PM -> Computer Name = YOUR-D552846388 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description =
System - Error - 10/21/2007 5:01:32 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/21/2007 5:05:31 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AvgAsCln
System - Error - 10/23/2007 9:42:58 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The PrismXL service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/23/2007 9:43:07 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/23/2007 9:43:20 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/23/2007 9:45:25 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Event Log service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/23/2007 9:45:44 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/23/2007 9:45:50 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The AOL Connectivity Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/23/2007 10:01:44 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Extender Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/23/2007 10:02:02 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Extender Service service terminated unexpectedly It has done this 2 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/23/2007 10:02:11 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Receiver Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/23/2007 10:02:17 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Scheduler Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/23/2007 10:02:38 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Extender Service service terminated unexpectedly It has done this 3 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/23/2007 10:06:21 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/23/2007 10:06:40 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Intel® PROSetWireless Registry Service service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/23/2007 10:06:45 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Iomega Active Disk service terminated unexpectedly It has done this 1 time(s)
System - Error - 10/23/2007 10:06:52 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The Media Center Extender Service service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/23/2007 10:07:48 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The COM System Application service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 1000 milliseconds Restart the service
System - Error - 10/23/2007 10:14:05 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The COM System Application service terminated unexpectedly It has done this 1 time(s) The following corrective action will be taken in 1000 milliseconds Restart the service
System - Error - 10/23/2007 10:14:13 AM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The COM System Application service terminated unexpectedly It has done this 2 time(s) The following corrective action will be taken in 5000 milliseconds Restart the service
System - Error - 10/24/2007 5:55:00 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the combofix service to connect
System - Error - 10/24/2007 5:55:00 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Service Control Manager -> Description = The combofix service failed to start due to the following error 1053
System - Warning - 10/24/2007 8:41:16 PM -> Computer Name = YOUR-D552846388 - User Name = (blank) - Source = Tcpip -> Description =

[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526569472 bytes | Created Date = 1/1/1601 7:00:00 AM | Attr = HS]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 10/24/2007 5:53:10 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 10/24/2007 5:52:45 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 10/24/2007 5:57:33 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 10/24/2007 5:52:45 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 10/21/2007 4:10:39 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 10/26/2007 12:00:44 PM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 356 bytes | Created Date = 10/18/2007 12:41:03 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 348 bytes | Created Date = 10/18/2007 12:41:01 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 10/21/2007 3:47:27 PM | Attr = ]
din.ip -> %System32%\din.ip -> [Ver = | Size = 13 bytes | Created Date = 10/21/2007 4:25:56 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 159544 bytes | Created Date = 10/21/2007 3:32:05 PM | Attr = ]
iqkncotj.ini -> %System32%\iqkncotj.ini -> [Ver = | Size = 479535 bytes | Created Date = 10/24/2007 5:45:08 PM | Attr = HS]
jvskjfsh.ini -> %System32%\jvskjfsh.ini -> [Ver = | Size = 693430 bytes | Created Date = 10/19/2007 2:25:36 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 10/23/2007 9:37:21 AM | Attr = ]
navwanvd.ini -> %System32%\navwanvd.ini -> [Ver = | Size = 4 bytes | Created Date = 10/21/2007 4:25:56 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 139776 bytes | Created Date = 10/24/2007 5:52:45 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 10/24/2007 5:52:45 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 10/24/2007 5:52:45 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 10/24/2007 5:52:45 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Created Date = 10/21/2007 3:32:21 PM | Attr = ]
ztvunacev2.dll -> %System32%\ztvunacev2.dll -> [Ver = | Size = 75264 bytes | Created Date = 10/16/2007 6:38:39 PM | Attr = ]
ztvunrar3.dll -> %System32%\ztvunrar3.dll -> [Ver = | Size = 156160 bytes | Created Date = 10/16/2007 6:38:39 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 10/21/2007 5:50:19 PM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 10/21/2007 3:16:13 PM | Attr = ]
McAfee -> %AllUsersAppData%\McAfee -> [Folder | Created Date = 10/18/2007 12:24:34 PM | Attr = ]
McAfee.com Personal Firewall -> %AllUsersAppData%\McAfee.com Personal Firewall -> [Folder | Created Date = 10/18/2007 2:02:26 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Created Date = 10/23/2007 9:38:30 AM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 10/18/2007 7:42:25 PM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 10/18/2007 7:42:19 PM | Attr = ]
backups -> %UserDesktop%\backups -> [Folder | Created Date = 10/26/2007 11:51:14 AM | Attr = ]
ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1393213 bytes | Created Date = 10/24/2007 5:51:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier ->
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 10/24/2007 6:06:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HiJackThis.exe:Zone.Identifier ->
Spyware -> %UserDesktop%\Spyware -> [Folder | Created Date = 10/24/2007 6:11:56 PM | Attr = ]
vice city.rtf -> %UserDesktop%\vice city.rtf -> [Ver = | Size = 4134 bytes | Created Date = 10/6/2007 3:08:19 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 10/21/2007 4:25:33 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Created Date = 10/18/2007 2:04:16 PM | Attr = ]
McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Created Date = 10/18/2007 12:40:17 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526569472 bytes | Modified Date = 10/26/2007 12:59:20 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/26/2007 12:58:00 PM | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 10/26/2007 1:00:24 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/26/2007 1:00:46 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/26/2007 12:59:22 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/20/2007 6:03:32 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/21/2007 5:00:30 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 10/24/2007 6:57:34 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/18/2007 1:49:22 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/18/2007 1:49:00 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/21/2007 4:47:28 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/24/2007 6:55:02 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 10/26/2007 12:59:30 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 10/21/2007 4:32:52 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 10/26/2007 12:58:00 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 10/24/2007 6:55:02 PM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 10/26/2007 1:00:46 PM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 356 bytes | Modified Date = 10/18/2007 1:41:04 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 348 bytes | Modified Date = 10/18/2007 1:41:04 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/26/2007 12:59:26 PM | Attr = H ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 10/21/2007 4:47:30 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 10/18/2007 3:16:02 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/24/2007 6:55:26 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 10/18/2007 3:05:02 PM | Attr = ]
din.ip -> %System32%\din.ip -> [Ver = | Size = 13 bytes | Modified Date = 10/21/2007 5:25:58 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/18/2007 3:25:28 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/26/2007 12:57:04 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 159544 bytes | Modified Date = 10/21/2007 4:32:06 PM | Attr = ]
iqkncotj.ini -> %System32%\iqkncotj.ini -> [Ver = | Size = 479535 bytes | Modified Date = 10/26/2007 12:56:30 PM | Attr = HS]
jvskjfsh.ini -> %System32%\jvskjfsh.ini -> [Ver = | Size = 693430 bytes | Modified Date = 10/19/2007 3:34:18 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 10/23/2007 10:37:22 AM | Attr = ]
navwanvd.ini -> %System32%\navwanvd.ini -> [Ver = | Size = 4 bytes | Modified Date = 10/21/2007 5:25:58 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63264 bytes | Modified Date = 10/6/2007 8:42:40 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 402508 bytes | Modified Date = 10/6/2007 8:42:40 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 472596 bytes | Modified Date = 10/6/2007 8:42:40 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 10/18/2007 12:54:46 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 10/18/2007 3:04:52 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 10/26/2007 12:48:28 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/26/2007 12:59:34 PM | Attr = ]
AOL -> %AllUsersAppData%\AOL -> [Folder | Modified Date = 10/21/2007 4:01:56 PM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 10/21/2007 4:16:16 PM | Attr = ]
McAfee -> %AllUsersAppData%\McAfee -> [Folder | Modified Date = 10/18/2007 1:44:00 PM | Attr = ]
McAfee.com Personal Firewall -> %AllUsersAppData%\McAfee.com Personal Firewall -> [Folder | Modified Date = 10/18/2007 3:02:28 PM | Attr = ]
Active Disk -> %UserAppData%\Active Disk -> [Folder | Modified Date = 10/23/2007 10:38:58 AM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 10/23/2007 10:38:32 AM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 10/18/2007 8:42:26 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 10/21/2007 3:35:08 PM | Attr = S]
Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 10/16/2007 6:33:54 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 35456 bytes | Modified Date = 10/21/2007 2:44:36 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4299884 bytes | Modified Date = 10/24/2007 10:06:10 PM | Attr = H ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 10/21/2007 6:50:22 PM | Attr = ]
backups -> %UserDesktop%\backups -> [Folder | Modified Date = 10/26/2007 12:51:16 PM | Attr = ]
canada -> %UserDesktop%\canada -> [Folder | Modified Date = 10/18/2007 1:52:14 PM | Attr = ]
ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1393213 bytes | Modified Date = 10/24/2007 6:52:12 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier ->
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 10/24/2007 7:06:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HiJackThis.exe:Zone.Identifier ->
mrtile -> %UserDesktop%\mrtile -> [Folder | Modified Date = 10/18/2007 1:52:14 PM | Attr = R ]
Spyware -> %UserDesktop%\Spyware -> [Folder | Modified Date = 10/24/2007 7:12:16 PM | Attr = ]
vice city.rtf -> %UserDesktop%\vice city.rtf -> [Ver = | Size = 4134 bytes | Modified Date = 10/6/2007 4:08:20 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 10/21/2007 5:25:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 10/23/2007 11:15:32 AM | Attr = ]
Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Modified Date = 10/18/2007 3:04:18 PM | Attr = ]
McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Modified Date = 10/18/2007 10:06:38 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\GTW1.exe -> Leader Technologies [Ver = 1.07 | Size = 743936 bytes | Modified Date = 4/4/2006 3:38:44 PM | Attr = ]
aspack , -> %System32%\jesterss.dll -> [Ver = | Size = 23552 bytes | Modified Date = 7/3/2003 5:48:02 PM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft Corp. [Ver = 1.5.0512.0 | Size = 550120 bytes | Modified Date = 2/14/2006 5:20:14 PM | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 3/15/2007 12:22:38 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 139776 bytes | Modified Date = 4/2/2007 2:21:28 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 3/15/2007 12:19:58 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 3/15/2007 12:23:16 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1393213 bytes | Modified Date = 10/24/2007 6:52:12 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HiJackThis.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 10/24/2007 7:06:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
PEC2 , PECompact2 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.05 | Size = 107008 bytes | Modified Date = 6/17/2007 7:07:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

< End of report >

#9 deir64

deir64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 26 October 2007 - 02:46 PM

thanks again for your help.

When I start windows I get and error message that says error loading C:\windows\system\jtocnkqi.dll

Also when I run AVG it still says I have downloader.purityscan.ej and downloader.alphabet

Here is my last AVG log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:37:03 PM 10/26/2007

+ Scan result:



C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP27\A0024533.exe -> Adware.UltimateDefender : Cleaned.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP27\A0024534.exe -> Adware.UltimateDefender : Cleaned.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP27\A0024535.exe -> Adware.UltimateDefender : Cleaned.
C:\qoobox\Quarantine\C\WINDOWS\system32\fkmdvbtn\fkmdvbtn1.exe.vir -> Adware.UltimateDefender : Cleaned.
C:\qoobox\Quarantine\C\WINDOWS\system32\fkmdvbtn\fkmdvbtn2.exe.vir -> Adware.UltimateDefender : Cleaned.
C:\qoobox\Quarantine\C\WINDOWS\system32\fkmdvbtn\fkmdvbtn3.exe.vir -> Adware.UltimateDefender : Cleaned.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP26\A0024429.exe -> Downloader.Alphabet : Cleaned.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP28\A0024631.exe -> Downloader.Alphabet : Cleaned.
C:\qoobox\Quarantine\C\Program Files\hlpsrv.exe.vir -> Downloader.Alphabet : Cleaned.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP27\A0024543.exe -> Downloader.PurityScan.ej : Cleaned.
C:\qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\SMANTE~1\wowexec.exe.vir -> Downloader.PurityScan.ej : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@cpocommerceinc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@nhl.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-triseptsoultions.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@search.live[2].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.


::Report end

#10 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 PM

Posted 28 October 2007 - 02:12 PM

Hello again,

Step 1
Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 885c465c -> %System32%\jtocnkqi.DLL [rundll32.exe "C:\WINDOWS\system32\jtocnkqi.dll",b]
[Files/Folders - Created Within 30 days]
NY -> iqkncotj.ini -> %System32%\iqkncotj.ini
NY -> jvskjfsh.ini -> %System32%\jvskjfsh.ini
NY -> navwanvd.ini -> %System32%\navwanvd.ini


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step 2
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    • Posted Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
Step 3
I notice that your system doesn’t have an anti-virus program running. This can be suicidal in today’s digital age. :thumbsup:

So, let’s set you up with a FREE and excellent anti-virus program called avast! 4 Home Edition.

First go HERE and download avast! 4 Home Edition to your Desktop.

Steps for installing avast! 4 Home Edition:

Locate the file for installing avast! double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choicing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, you will see two new tray icons Posted Image right click on the a icon in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan.
Posted Image

Next, choose
  • Scan all local disks
  • scan archive files
    Posted Image
  • click on Schedule
On the next dialog Operating system restart needed select Yes

Posted Image

Now avast! will restart your computer and start to scan before Windows fully loads. If detects infections while boot time scaning, you will be given choices for actions, choose move to chest actions and don't delete anything.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

Finally when the scan will finish the computer will boot in Normal Mode, then using Windows Explorer navigate to C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt double click on aswBoot.txt it will open Notepad with report of the scan, please copy and paste the report in this thread.

Note:

If you are not able to use Normal Mode, to download programs and to update avast! use Safe Mode with Networking. To run scans reboot to Safe Mode. Do NOT use "Safe Mode with Networking" for running scans!

If you have installed avast! from Safe Mode, when the setup is done, you will not see the two icons in the tray, instead of that use the icon at the desktop for updating and scheduling boot time scan Posted Image

The icons in the tray are visible in Normal Mode!


Please post back with avast! scan report and new HijackThis log. Let me know if you have any problems with above instructions, or you have any questions

Note: You must use only 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.


Posted Image


#11 deir64

deir64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 03 November 2007 - 07:31 PM

sorry for the delay in responding, I have been out of town. I did what you said and I no longer have an error message when starting. My computer is running great and now sighs of any virus. Thanks for all your help.

Here are my reports,

Hijack this:
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\885c465c deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\iqkncotj.ini moved successfully.
C:\WINDOWS\SYSTEM32\jvskjfsh.ini moved successfully.
C:\WINDOWS\SYSTEM32\navwanvd.ini moved successfully.
< End of log >
Created on 11/01/2007 11:21:02



Asw report:
11/01/2007 11:28
Scan of all local drives
File C:\Documents and Settings\Administrator\Desktop\backups\backup-20071026-125114-681.dll is infected by Win32:Obfuscated-BQK [Trj], Deleted

Number of searched folders: 3533
Number of tested files: 44908
Number of infected files: 1

----------------------------------------
11/01/2007 11:52
Scan of all local drives

----------------------------------------
11/03/2007 16:56
Scan of all local drives

Number of searched folders: 3533
Number of tested files: 122732
Number of infected files: 0

#12 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 PM

Posted 04 November 2007 - 12:31 PM

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Posted Image


#13 deir64

deir64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 08 November 2007 - 10:14 PM

heres the new report

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 08, 2007 8:12:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/11/2007
Kaspersky Anti-Virus database records: 454683
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 51884
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:40:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y9ET8PS3\CAYNF412.htm Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2AF21368-B7CC-4607-839D-E2F85F950A67}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_780.dat Object is locked skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#14 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 PM

Posted 10 November 2007 - 04:23 AM

Nice job your log looks clean!
How is it running?
Please use the following suggestion to help prevent reinfection.

I highly recommend downloading the following programs, to keep malware of your computer to begin with.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.
**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.
DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.
**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little Posted Image How did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing :thumbsup:


Posted Image


#15 deir64

deir64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 10 November 2007 - 05:22 PM

thanks againfor all your help. I did notice that I don't have a dvd player any more. When I click my divice manager there is a ! by my dvd player and when I click on it I get this message:

Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Did I delete something I shouldn't?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users