Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Performanceoptimizer Error Box


  • This topic is locked This topic is locked
25 replies to this topic

#1 jackiemarie

jackiemarie

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 04 December 2007 - 02:52 PM

December 1st, I turned on my dv6135nr HP laptop, Windows XP Prof, and the color of the home page of msn.com had changed to red from my choice of blue, and there was a windows live search box on top of the home page (had not ever asked for any of this). Within seconds, an IE dialog box appeared "NOTICE: Errors in your PC can cause data loss, hardware or software failure and performance fail. Install PerformanceOptimizer to fix errors, monitor changes and maintain PC stability!" There was also a mini browser in lower right with an address of http://performanceop..... Because of the bad grammar and spelling, I assumed it was fraudulent; I clicked cancel rather than OK and kept using End Task and x'ing out as sites just kept appearing that were referring to servers; I never clicked OK; I never installed anything; I never saw an install box.

I ran Webroot spysweeper, and it was negative; tried to run Norton AV but it hung up; I would shut down and restart and the regular pages I go to would hang up/freeze. Tried to install and run a virus detection tool from symantec; the extraction wizard would not work, and got a Windows Explorer box that said: szAppName: explorer.exe szAppVer: 6.0.2900.3156 szModName: hungapp szModVer: 0.0.0.0 offsett: 000000000. Went to support at microsoft, did what they said but still had hang ups and shutdowns (IE has experienced a problem and has to close). Then went to add-ons and disabled anything to do with Windows Live. At that point was finally able to run symantec security check from their website; both viruses and threats said no problems. I was also able to run a regular Norton full scan, and it was OK. Then suddenly a DEP error; Data Execution Prevention shut down the whole system. In checking under General tab of Internet Options, it showed Windows Live as being my default search provider (which I have never asked for) but google was also listed and google was still on my browser; I deleted Windows Live and made google the default search (even though the browser had never changed). At different times, spysweeper keeps telling me that a BHO ieframe.dll and iexplore.exe are trying to access my computer. As of yesterday, Dec. 3rd, I ran a Norton scan in safe mode which was clean, and now IE will not access the internet in safe mode; a warn http error 12007 is displayed in the diagnostic log. The EventViewer Log shows red errors after WinLogon and Automatic Live Updates on Dec. 1 and afterwards, although not every time. Yesterday, I uninstalled and reinstalled Internet Explorer from Add/Remove Programs; still could not access internet in safe mode. I have performed all your outlined steps.

The laptop is a year old; out of curiosity, in July, I went into the Media Center to see what it was about. A bunch of garbage flooded onto my startup and c drive; some of it I was able to delete, but many would not let me delete because it said there was a process running in the background (example: peoplepc). The laptop was slow but never unstable. It took a long time to get the startup menu right. HP told me that doing a recovery would put the laptop back to pre-Media Center activation, so I did a recovery on November 21. It has taken a long time to get back where I was and all that stuff is STILL on my c drive; it did not put it back to like when you bring it home from the store. Since doing the recovery, the only new thing I've installed (and uninstalled now) was Glary Registry Repair (recommended by pcworld and free).

Thank you in advance for your help and assistance; below is the Hijack This log.
jackiemarie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:20 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9526 bytes

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 AM

Posted 20 December 2007 - 07:25 AM

Hi jackiemarie,

Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed.

If you have not done so already, please do the initial cleanup steps in the following instructions before posting your new log: Preparation Guide For Use Before Posting A Hijackthis Log

Then instead of just posting an HijackThis log, please only do the following that will include one:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

The thing about people

is they change

when they walk away.--Mipso


#3 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 20 December 2007 - 09:29 AM

Thank you for replying.
I did all the cleanup steps before posting on 12/4.

Just now, I downloaded the dss.dll to the desktop, closed all, clicked it to run, and about 2 minutes in, I got a notice that dss.dll had encounted a problem and needed to close. I printed the screen with the info but don't know how to include it in the email so you can see it (tried to download but it said not allowed); the info in the first box to come up was: dss.exe AppVer.3.2.8.1 ntdll.dll ModVer 5.1.2600.2810 offset 00010f29.

I have run all the scans since 12/4 and other than cookies, nothing has ever come up except Spybot S&D keeps giving me this in red:

Microsoft.WindowsSecurityCenter_disabled [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

I do not have any startup item at msconfig with this description; telling Spybot to fix this does not remove it.

I greatly appreciate your being able to help me; let me say that if you don't get an immediate reply, it is because we have a family member in ICU since 12/14 and it is a long trip for me to get there; I'm waiting on a call right now; please don't think I'm not responding to you.
jackiemarie

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


#4 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 20 December 2007 - 06:41 PM

Are you not able to respond to my reply from this morning?
I would really appreciate being able to follow your instructions and find out what might be wrong.
Do I delete the dss that is now on the desktop? I've tried to run it again; three times, it has had to close without finishing.
Thank you,
jackiemarie

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 AM

Posted 21 December 2007 - 12:33 AM

Hi jackiemarie,

First let me say, I'm sorry to hear about your family member's situation. This topic isn't going anywhere as long as I or somebody is handling your case, so don't worry about that. However, I'm not known for giving fast replies--this is not real time help, so I need for you to continue to have some patience.

Second, the problems you describe sound non-malware related and nothing is showing in your log, but that could be misleading. In the first paragraph of your first post you describe visiting an exploit site with behavior similar to what I've encountered before. DSS would have given us some more details to investigate, not sure why it won't run. Try this:

:) Disable TeaTimer

Spybot's TeaTimer is a protection mechanism recommended by many but it can interfere with some actions we might want to take, so this needs to be disabled until we are finished. I personally think it is more trouble than it is worth--plus you have SpySweeper's guard enabled which is more than enough secondary protection. So you have the option to not re-enable if you wish.

Right click here and click save link as.

Save it as resetteatimer.bat to your desktop

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

:blink: Let's try DSS again with your security programs disabled. Go offline--physically disconnect the cable if you are on high speed--from the internet. Now disable the following:

Norton
Sygate
SpySweeper

For some instructions on how to do that please refer to How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs. For Syagte you may have to open Task Manager and End Task on smc.exe.

:) If DSS still refuses to run, just scan again with HijackThis and post a new log. You might also try deleting the copy of DSS.exe on your desktop and the C:\Deckard folder and download a fresh copy--but no downloading while your security programs are disabled.

:wacko: Please perform this online scan: Kaspersky Webscan
Note that you need to run this scan with Internet Explorer for it to work correctly.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows Kaspersky to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. When the scan is complete choose save the results by clicking "Save Report As HTML" Give the Report a name and save it to your desktop. If you have any problem saving the report, copy its text to the clipboard, then paste it into an empty Notepad and save it to your desktop.
9. Post the Kaspersky scan results in your next reply.

If you have any problem running the scan to completion, disable your Antivirus and/or firewall temporarily, just refrain from surfing around while the scan is running and be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

:thumbsup: Run SpySweeper again and post its log as well.

Please post the logs requested (those logs can be long, so if it takes several posts to include them all that is fine), then we will get started on cleanup if there is any cleanup to do. It's possible that you successfully avoided infection or it's already been cleaned. It sounds like Norton could be corrupted--Sygate as well--and that could be what is giving you problems now.

BTW, what Spybot is finding just means that XP SP2s Security Center is disabled, not that there is a bad startup. The question is what disabled it--Norton is known to do that or it could have been done by malware. We'll deal with that when we know more about what is going on with your system.

The thing about people

is they change

when they walk away.--Mipso


#6 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 21 December 2007 - 09:41 PM

Thank you; just to let you know, I've been gone Friday since 4 AM and just got back home now at 9:30 PM.
Will do all your instructions tomorrow. I thank you for your patience and I have plenty - I'm just so unsure about getting around the BC site and following instructions.
Will be emailing tomorrow.
jackiemarie

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


#7 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 22 December 2007 - 03:55 PM

I turned off TeaTimer; deleted the Deckard stuff; downloaded a fresh Deckard; 4th try at a dss scan also failed and got shutdown.
Went offline, disabled Norton, SpySweeper and Sygate. I have no good explanation as to why I decided to uninstall Ad Aware, but I uninstalled it and then deleted files associated with it; when I went to Recycle Bin to clear Ad Aware stuff from there, I got a DEP shutdown; Windows closed Windows Explorer and then a DrWatson PostMortem Debugger box came up; even task manager couldn't end the tasks, so I manually turned the laptop off, took out the battery for a few minutes, put it back in, and started again.
Downloaded Kaspersky from your email; ran it for 1 hr 32 minutes, here is what came out of that: Scan complete No malware has been detected Sections that have been scanned are clean 70882 scanned objects---then this report:

Kaspersky Online Scanner Report
Saturday, December 22, 2007 3:14:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/12/2007
Kaspersky Anti-Virus database records: 491874
Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerC:\
D:\
E:\
Scan StatisticsTotal number of scanned objects70882Number of viruses found0Number of infected objects0Number of suspicious objects0Duration of the scan process01:32:29
Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-22_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\ACE1040F.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS05FC05F0-35AE-4E16-89C4-79875492F560.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS06400AD5-87A6-4B1C-A81F-64C51AC0BD43.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0AAF301E-5CF7-4DE7-8EA4-47F52F766673.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0CE62E4D-399F-4DD3-9CF1-7FE205793367.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0EBBD92B-5ADE-40BF-8081-6B1F804ED1DB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0F0AA357-DA67-4AA4-8665-BE224AA3E05F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1531F5C3-5A2F-4ADD-A3E2-DC660F92E204.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS16E39C0B-652E-47A1-AFB1-04F50394CF50.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS17A63B89-D69C-419D-A874-9FEDD6424A67.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1805CC3A-57AD-455B-9025-08E642786568.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS183FCEFA-9AFC-4FB2-AB62-BE899B1BD8BC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1BF8FF82-8E16-45EA-B344-4045C17708DA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D46BB52-AD01-4A20-BB1D-3216CFDCEA36.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1F86476F-D886-43D7-944D-DCFEE132A280.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS21A3C1A4-0002-431E-9DB5-FBA7C0DB7135.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2A8FA910-38D7-4F0D-9637-07759567CDF6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2D6FED94-4485-4207-B179-74B2F354AFB5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2E9C1B0A-1D64-4201-924F-FEFFAFC68C2E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS318EA624-8856-4A1C-AC5E-68A17D65C4F4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS34086C4A-C250-4061-97D6-EF00DEA06796.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS37A87016-7CE8-496C-8D53-CC285E66E509.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3A273A78-8D5D-4618-96DE-39C2D75EED13.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3BF12203-6D7A-4DCD-B7C0-384D2B953A7C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS44266ECC-3692-41D5-882C-4FC8F6FAFB87.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS477CDB40-051B-4AF0-BD0D-CFE28625DA4A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS517DD36C-BA54-4A02-A9B5-12504A0728CE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS53261157-CF52-4D76-953F-8841DC164599.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS56250308-38E9-4EF8-8380-DFF47D2162A7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS594E8EC6-65BA-4B7B-A58F-3867C8EC18E3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5D207B82-C907-4D08-8CF7-6AB0555BF9DE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5E689AD3-DCD8-48DC-9D6E-F412999D7197.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5F578A7D-F49C-4231-ADBA-E3CC30008728.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6092B613-57D8-43E3-8D10-2FFE5CD00B90.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS609963E3-28F1-4BD9-BF7E-36E6C0AC1B64.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS622A37BE-C0AF-44D4-976C-6EDCCDB0E032.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6301C47F-2186-4E02-853C-D82742C00B57.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS69AEA2D9-A2ED-4A4B-BA00-3D6A09917AC7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS69B28ABD-07ED-42B2-9767-5ECF027FA2D6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6A33ECE0-45E0-497B-9FD5-1D7C1119FC87.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6AB583F8-833A-4CD7-AA08-3B642DD15BF0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D885D81-BC59-441F-93ED-5F1998328709.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS74CE0816-0686-4806-A777-311327AC3CA5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7B23419F-5754-4F50-8ABC-5279AA5B866F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7CB28F19-A1F5-4FD6-BE30-07CA6B10C2D7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS82E001FC-0D2B-451D-B2E9-E27025FEBE87.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS83C77CA6-5E99-4A8B-BC30-0506757FBCEB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS86440615-0DF1-4EA9-A11D-990E0E447296.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS88E11286-A6B9-4451-83CC-7FAEAC8A9ECB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8A339627-846C-44E0-A175-A7634B4927E6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8A766052-DAA5-4C0F-99D9-C94958AB48C1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8B157EEA-D459-4F27-9392-2A16774563A5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS913EADAE-A549-43AC-8F3E-5A2C127E61A7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9428A8BA-0836-49FE-9B1D-FD922F7E5271.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9459958E-846F-4F07-BF7F-3C26270DB05B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9478C324-30BE-4863-B2AC-06C1EFA2FD63.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA094F03E-EB20-4614-851E-2592CA185BFB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA74E4469-96FE-4019-A457-260B66C4D837.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA7635BDE-E071-419D-806E-5743866CE082.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA77D1AC6-6612-4B2F-95F5-AB2704703F9E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAB4A3EC1-675C-4DF9-96D0-2BA9DAC5C2EA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB1274A54-16E7-403A-8C64-AFE78A152D31.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB1C549F0-459F-4261-ACE0-0C4C0BDF0C78.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB6131290-2D00-4221-B125-E46D809EC351.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB66B7222-C3B4-4C9C-9839-EE91A0CF75A0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBA935396-A905-45FA-AC3E-0E004C1FD0C9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBB219ABD-5925-47B8-A7ED-E9125E0D5746.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBC671933-FDD1-4330-80F6-83C76BE77F9B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBE9226A0-0BC7-4C89-A7CC-F11244BDE7C1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBF6718AD-0DE3-4B50-8B4C-62DC7171DEC0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC444D5EE-CF8E-4EF2-A51F-D474ABD9A5C0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC5464FC0-68BC-4606-8E7E-C9C9F8AFBCFD.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC69566A8-CBE2-41DC-84C0-11F0A873653B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC7BB2079-6991-438D-9D73-186EB3A8886C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCD3F43C4-D0B1-4EA1-BB9E-D69D6840AE63.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD0405E87-ECF7-4ADD-9E67-BCCEA38DD6AB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD0FAB122-2877-4F4C-B930-4CB8ED35AB42.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD143B21B-0E1F-4BC7-BFEE-EC152DD5EF43.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5BE1893-13D2-4AD1-A7DD-B4356860D7B3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD77DBE23-A476-4F69-853A-E709F24C9305.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD8D91295-790D-4E65-A79A-E1A7D6392DE3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDA6D9650-0635-4646-B572-E6D2A69F9868.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDAE74453-2EE7-4C89-9982-42182C1291BA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE0B9B7CC-5249-4225-A102-7D2BB8F47B56.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE54F4175-6702-465E-8F31-F15BB7D0F98A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF3E96D69-8241-4D53-9345-A0CD772D44A9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF45DD0BC-F19C-446A-8EEC-B6B9451613E0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF6A8B1E2-BF71-4FF0-A1C3-7B9B1027A002.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF9B27F2E-F428-4CB3-8F45-1F8DD2BFAFFF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFB260ED6-C2AD-4AB6-960B-5B00E9335C7C.tmp Object is locked [size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\LocalService\Cookies\index.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\LocalService\ntuser.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\LocalService\ntuser.dat.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\NetworkService\NTUSER.DAT [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\NetworkService\ntuser.dat.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\owner\Application Data\Webroot\Spy Sweeper\Logs\071222131513.ses [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\owner\Cookies\index.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\owner\History\History.IE5\index.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\owner\History\History.IE5\MSHist012007122220071223\index.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\owner\ntuser.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\owner\ntuser.dat.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Documents and Settings\owner\Temporary Internet Files\Content.IE5\index.dat [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\ec9098043cea2d1b662bab9605\update\update.exe [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Common Files\Symantec Shared\SNDALRT.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Common Files\Symantec Shared\SNDCON.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Common Files\Symantec Shared\SNDDBG.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Common Files\Symantec Shared\SNDFW.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Common Files\Symantec Shared\SNDIDS.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Common Files\Symantec Shared\SNDSYS.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Norton AntiVirus\AVApp.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Norton AntiVirus\AVError.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Norton AntiVirus\AVVirus.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Sygate\SPF\debug.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Sygate\SPF\rawlog.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Sygate\SPF\seclog.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Sygate\SPF\syslog.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Sygate\SPF\tralog.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\Program Files\Webroot\Spy Sweeper\Masters.base [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\System Volume Information\MountPointManagerRemoteDatabase [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP69\change.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\Debug\PASSWD.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{803EF222-56D9-4198-9612-8F174686D11C}.crmlog [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\SchedLgU.Txt [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\SoftwareDistribution\ReportingEvents.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\Sti_Trace.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\CatRoot2\edb.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\CatRoot2\tmp.edb [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\AppEvent.Evt [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\default [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\default.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\Internet.evt [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\Media Ce.evt [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\ODiag.evt [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\OSession.evt [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\SAM [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\SAM.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\SecEvent.Evt [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\SECURITY [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\SECURITY.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\software [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\software.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\SysEvent.Evt [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\system [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\config\system.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\h323log.txt [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\MsDtc\MSDTC.LOG [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\msmq\storage\QMLog [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\wiadebug.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\wiaservc.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size=1]C:\WINDOWS\WindowsUpdate.log [/size][size=1]Object is locked [/size][size=1]skipped [/size][size=1][/size][size="1"]Scan process completed.[/size][size=1]I am the only user for this laptop; I have locked nothing as far as I know; I am owner, user and administrator.

Here is the HijackThis log I got after this Kaspersky fiasco:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:11 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal[/size]

[size=1]Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[/size]

[size=1]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [/size][size=1]http://g.msn.com/1me10enus/2[/size]
[size=1]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [/size][size=1]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop[/size]
[size=1]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [/size][size=1]http://go.microsoft.com/fwlink/?LinkId=69157[/size]
[size=1]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [/size][size=1]http://go.microsoft.com/fwlink/?LinkId=54896[/size]
[size=1]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [/size][size=1]http://go.microsoft.com/fwlink/?LinkId=54896[/size]
[size=1]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [/size][size=1]http://go.microsoft.com/fwlink/?LinkId=69157[/size]
[size=1]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - [/size][size=1]http://favorites.live.com/quickadd.aspx[/size]
[size=1]O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - [/size][size=1]http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab[/size]
[size=1]O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [/size][size=1]http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[/size]
[size=1]O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - [/size][size=1]http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab[/size]
[size=1]O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - [/size][size=1]http://www.worldwinner.com/games/v50/pool/pool.cab[/size]
[size=1]O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [/size][size=1]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/size]
[size=1]O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [/size][size=1]https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[/size]
[size=1]O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [/size][size=1]http://www.worldwinner.com/games/shared/wwlaunch.cab[/size]
[size=1]O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [/size][size=1]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/size]
[size=1]O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [/size][size=1]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[/size]
[size=1]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444543540000} - [/size][size=1]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/size]
[size=1]O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[/size][size=1]--
End of file - 10217 bytes

Thanks for your help, awaiting your reply,
jackiemarie
[/size]

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


#8 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 28 December 2007 - 11:02 PM

Spy Sweeper Log Full Scan 12 28 07
10:54 PM: None
10:54 PM: Traces Found: 0
10:54 PM: Full Sweep has completed. Elapsed time 00:16:38
10:54 PM: File Sweep Complete, Elapsed Time: 00:12:55
10:50 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
10:50 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsff5f8474-9715-4b88-9ee3-222ec7ce22c4.tmp". The operation completed successfully
10:50 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsfe0d9855-66cc-4523-9162-396d768202fc.tmp". The operation completed successfully
10:50 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms875bf8d9-6297-407b-965e-309cf8c2a23e.tmp". The operation completed successfully
10:50 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9e934c01-a0f1-4480-96c5-a79fd8069ee1.tmp". The operation completed successfully
10:50 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf1dfada8-a104-43fd-8e7b-55f14127e7c0.tmp". The operation completed successfully
10:50 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms2baa7568-9735-4c25-b24e-4be44041dbb0.tmp". The operation completed successfully
10:50 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa828b157-f59d-4091-a004-2932bf43d190.tmp". The operation completed successfully
10:50 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsfa16cc49-7d78-432f-b0cc-cfa0b351958d.tmp". The operation completed successfully
10:50 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms94779418-0afc-458e-b0cb-91225093b23a.tmp". The operation completed successfully
10:50 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms986108bb-4596-42d1-9729-cb996df138a2.tmp". The operation completed successfully
10:42 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\symantec\shared\qbackup\index.qbs". The operation completed successfully
10:41 PM: Starting File Sweep
10:41 PM: Registry Sweep Complete, Elapsed Time:00:00:15
10:41 PM: Starting Registry Sweep
10:41 PM: Memory Sweep Complete, Elapsed Time: 00:03:22
10:37 PM: Starting Memory Sweep
10:37 PM: Start Full Sweep
10:37 PM: Sweep initiated using definitions version 1057
10:36 PM: ApplicationMinimized - EXIT
10:36 PM: ApplicationMinimized - ENTER
10:30 PM: Warning: GetUrlHistory: Access violation at address 0061800D in module 'SpySweeper.exe'. Read of address FFFFFFFF
10:06 AM: Access to Hosts file blocked for C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
10:06 AM: Access to Hosts file blocked for C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
Operation: File Access
Target:
Source: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
9:51 AM: Tamper Detection
Keylogger: Off
E-mail Attachment: Off
BHO Shield: On
IE Security Shield: On

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


#9 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 AM

Posted 29 December 2007 - 12:10 PM

Hi jackiemarie,

My sincerest apologies for the delay. The holidays have been extremely busy and so I've only had time to do some simple things here at BC. Plus this case is a bit time consuming to figure out what exactly is going on.

First I want you to know that nothing malicious is showing in your logs. Don't worry about those files Kaspersky found to be locked--your system and some other programs do that for various reasons, among them self-protection. Kaspersky just gives information, in case malware has locked some files to protect itself, but that rarely shows up in the log as locked.

Unfortunately, I'm not very familiar with DEP, but my research indicates that when you have problems with it, the best way to deal with it is to do a repair install of Windows. Also unfortunately, given the description of all that has happened (in your first post and later) it looks like there is a good bit of system corruption that may only be remedied by a reformat and reinstall of Windows. There is still the possibility that DEP is protecting you from some malicious activity that can't be found by normal means so I'm going to ask you to run a different scanner for more information. If I can determine that there is no malware present, then I'll turn you over to the techs in the XP forum who have more experience dealing with your type of issues--this logs forum is for malware removal and security only.

As far as malware, I can just tell you that in some previous threads where there was a similar dodgy website visited, uninstalling Sygate fixed the problem. I was not able to document what exactly happened but it could be that Sygate has been attacked and taken over. I'm leaning toward recommending that you uninstall both Sygate and Norton (perhaps SpySweeper as well), substituting freeware apps temporarily, but I hesitate to do that at this point, given your experience with uninstalling AdAware.

So right off the bat, the most important thing you need to do now is back up all your important data. I will only recommend that you do tasks that are safe, but can't guarantee that the whole thing won't go south and you will have to reformat anyway. You should also consider that as a solution to all these issues--a reformat is a pain, but may be easier and less time consuming than trying to fix it all. The media center activation, which I am not familar with at all, makes any solution even more complex.

I realize that you have already done a restore. Was that done from a partition? I'm not sure what you mean by "all that stuff is STILL on my c drive", but would imagine that files and folders for media center should normally be there. In any event, I don't believe a restore would completely wipe your drive. Before we get started on any repairs, you should contact HP to find out for sure and if you do not have restore CD's, see if you can get them. If it comes to a repair install you will need a CD--installation disk would be better.

BTW;

Since doing the recovery, the only new thing I've installed (and uninstalled now) was Glary Registry Repair (recommended by pcworld and free).


That could be your problem with DEP right there. No matter who recommends it, avoid reg cleaners unless you know very well what you are doing in the registry. General reg cleaners make educated guesses and may do fine most of the time, but when they guess wrong, you have problems like what you describe.

Anyway let's try another scanner.

Download WinPFind3U.exe and save it to your Desktop. Double-click to open then click Extract then OK. This will create a folder named WinPFind3u on your desktop.

-Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
-Under Basic Scan Options, click in the radio button (circle next to 60 days.
-On the middle right, click Select All next to Additional Scans.
-Now click the Run Scan button on the toolbar.
-When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

If you have any problems, try again in Safe Mode--don't use the msconfig method and chose without networking.

If still having problems, I still would like to see the errors in Event Viewer most of all. WinPfind will show those going back seven days. So even if you run it successfully, go into Event Viewer when this problem first occurred. Double click any errors and in the dialogue box that pops up, click the icon under the up and down arrows. That will copy the entire error message to your clipboard. Paste those into your next reply please. Plus your more recent ones if WinPfind won't run.

To see how you have DEP set, please do the following:

1. Click Start, right-click My Computer, and then click Properties.
2. Click the Advanced tab, and then click Settings under the Startup and Recovery field.
3. In the System startup field, click Edit. The Boot.ini file opens in Notepad. Copy the entire contents of the Notepad file to your clipboard and post them in your next reply. IMPORTANT: make no changes to the Notepad boot.ini file at this point. Simply close it when done.

The thing about people

is they change

when they walk away.--Mipso


#10 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 29 December 2007 - 06:36 PM

Thank you for replying, Papakid.
After over an hour of preparation, I emailed all you asked for and it came back as not sent since too large, so I'll have to prepare it all again.
jackiemarie

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


#11 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 29 December 2007 - 06:48 PM

Will break the next emails up before sending--

DEP info:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Event Viewer info
Event viewer on 12/3, when I wasn't even home, the day before the event:
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/3/2007
Time: 11:41:47 AM
User: ANNIEHANNAH\owner
Computer: ANNIEHANNAH
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service ntmssvc with arguments "-Service" in order to run the server:
{D61A27C6-8F53-11D0-BFA0-00A024151983}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event

Another 12/3 error:
Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 12/3/2007
Time: 2:37:54 PM
User: NT AUTHORITY\SYSTEM
Computer: ANNIEHANNAH
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

There are 12 red errors on 12/3 between 4:13PM and 4:18PM; I was not at home. (ipsec and message queuing)
There are 18 red errors on 12/3 between 4:26PM and 4:43PM; I was not at home. (mostly dealing with service cannot be started in safe mode)

There are 14 red errors on 12/3 between 9:20PM and 9:44PM:
one example is:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 12/3/2007
Time: 9:22:27 PM
User: N/A
Computer: ANNIEHANNAH
Description:
The following boot-start or system-start driver(s) failed to load:
AFD
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SPBBCDrv
SRTSPX
SYMTDI
Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Another example is:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 12/3/2007
Time: 9:22:27 PM
User: N/A
Computer: ANNIEHANNAH
Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The following are the two red error events around the time of the 12/4 starting up of the computer and the event happening:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 12/4/2007
Time: 12:45:00 PM
User: N/A
Computer: ANNIEHANNAH
Description:
The Microsoft TV/Video Connection service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Next one:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 12/4/2007
Time: 12:45:00 PM
User: N/A
Computer: ANNIEHANNAH
Description:
The Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I cannot correlate the two above with a changed home page and redirection popups and websites.
jackiemarie

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


#12 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 29 December 2007 - 06:57 PM

The WinPFind3U log is too large for one, so here is some of it:

WinPFind3 logfile created on: 12/29/2007 4:48:56 PM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\owner\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)

1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.90% Memory free
3.84 Gb Paging File | 3.43 Gb Available in Paging File | 89.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 75.29 Gb Free Space | 75.99% Space Free
Drive D: | 11.67 Gb Total Space | 1.17 Gb Free Space | 10.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ANNIEHANNAH
Current User Name: owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.2.00.7 | Size = 45664 bytes | Modified Date = 2/11/2007 5:24:28 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.2.6 | Size = 116328 bytes | Modified Date = 6/4/2007 9:05:44 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.2.6 | Size = 109160 bytes | Modified Date = 6/4/2007 9:05:02 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/22/2006 3:13:40 PM | Attr = ]
hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 5/2/2006 5:41:28 PM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.97.1 | Size = 49152 bytes | Modified Date = 5/18/2006 6:52:06 PM | Attr = ]
qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> Hewlett-Packard Development Company, L.P. [Ver = 6, 1, 1, 2 | Size = 163840 bytes | Modified Date = 6/19/2006 1:33:12 PM | Attr = ]
qpservice.exe -> %ProgramFiles%\HP\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 7/19/2006 5:14:20 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 11/21/2007 7:57:26 PM | Attr = ]
smc.exe -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,91 | Size = 3567928 bytes | Modified Date = 10/1/2007 4:40:40 PM | Attr = ]
spysweeperui.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,7,103 | Size = 5367608 bytes | Modified Date = 10/1/2007 4:40:44 PM | Attr = ]
ssu.exe -> %ProgramFiles%\Webroot\Spy Sweeper\ssu.exe -> [Ver = | Size = 210232 bytes | Modified Date = 10/1/2007 4:24:36 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/21/2007 3:54:06 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 794713 bytes | Modified Date = 6/17/2006 12:22:46 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AddFiltr) AddFiltr [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1.0.0.1 | Size = 126976 bytes | Modified Date = 6/12/2006 3:27:28 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.2.6 | Size = 109160 bytes | Modified Date = 6/4/2007 9:05:02 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.2.6 | Size = 109160 bytes | Modified Date = 6/4/2007 9:05:02 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.2.6 | Size = 109160 bytes | Modified Date = 6/4/2007 9:05:02 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 5/2/2006 5:41:28 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 2:41:10 AM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\isPwdSvc.exe -> Symantec Corporation [Ver = 10.4.0.10 | Size = 80240 bytes | Modified Date = 6/26/2007 12:00:04 AM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.97.1 | Size = 49152 bytes | Modified Date = 5/18/2006 6:52:06 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.2.6 | Size = 109160 bytes | Modified Date = 6/4/2007 9:05:02 PM | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 7:51:12 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/21/2007 3:54:06 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.2.00.7 | Size = 45664 bytes | Modified Date = 2/11/2007 5:24:28 AM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,91 | Size = 3567928 bytes | Modified Date = 10/1/2007 4:40:40 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.2.6 | Size = 116328 bytes | Modified Date = 6/4/2007 9:05:44 PM | Attr = ]
High Definition Audio Property Page Shortcut -> %System32%\CHDAudPropShortcut.exe -> Windows ® Server 2003 DDK provider [Ver = 5.10.00.5010 built by: WinDDK | Size = 61952 bytes | Modified Date = 7/26/2006 10:44:56 PM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/22/2006 3:13:40 PM | Attr = ]
osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe -> Symantec Corporation [Ver = 10.4.0.10 | Size = 771440 bytes | Modified Date = 6/26/2007 12:00:08 AM | Attr = ]
QlbCtrl -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> Hewlett-Packard Development Company, L.P. [Ver = 6, 1, 1, 2 | Size = 163840 bytes | Modified Date = 6/19/2006 1:33:12 PM | Attr = ]
QPService -> %ProgramFiles%\HP\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 7/19/2006 5:14:20 PM | Attr = ]
RecGuard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 6, 0, 66, 5 | Size = 1187840 bytes | Modified Date = 10/11/2005 12:23:50 PM | Attr = ]
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,7,103 | Size = 5367608 bytes | Modified Date = 10/1/2007 4:40:44 PM | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 7:51:12 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 794713 bytes | Modified Date = 6/17/2006 12:22:46 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 11/21/2007 7:57:26 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4543 | Size = 139264 bytes | Modified Date = 3/22/2006 3:12:42 PM | Attr = ]
WRNotifier -> %System32%\WRLogonNTF.dll -> Webroot Software, Inc. [Ver = 3,5,6,91 | Size = 219448 bytes | Modified Date = 10/1/2007 4:24:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (213867 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> http://g.msn.com/1me10enus/2 ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.msn.com/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.522 | Size = 370296 bytes | Modified Date = 11/21/2007 7:57:38 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 11:22:10 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 11:22:10 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 11:22:10 PM | Attr = ]
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{202A6285-BBF5-4D77-9AAF-EABE10CFBF72} -> () ->
{5D726F0E-C5E8-402B-BE73-54716B17A29B} -> (1394 Net Adapter) ->
{634446B4-F72A-4DA6-B3D7-68BA9C9BBB7C} -> (Intel® PRO/100 VE Network Connection) ->
{FACD65F5-1742-4583-A3CB-FB309EA1CA84} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> ScrabbleCubes Control - CodeBase = http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab ->
{1A1F56AA-3401-46F9-B277-D57F3421F821} -> FunGamesLoader Object - CodeBase = http://www.worldwinner.com/games/v47/share...GamesLoader.cab ->
{33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -> Pool Control - CodeBase = http://www.worldwinner.com/games/v50/pool/pool.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC} -> HP Download Manager - CodeBase = https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> Wwlaunch Control - CodeBase = http://www.worldwinner.com/games/shared/wwlaunch.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> MSN Games - Installer - CodeBase = http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444543540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{407408d4-94ed-4d86-ab69-a7f649d112ee} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
{8b15971b-5355-4c82-8c07-7e181ea07608} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ->
{94de52c8-2d59-4f1b-883e-79663d2d9a8c} -> ->
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->
>{287dca3d-b540-4efd-bed7-fbba9406be3c} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
KB910393 -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall ->
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ->
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> %ProgramFiles%\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 6139993 bytes | Modified Date = 6/17/2006 12:03:18 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> Webroot Software, Inc. [Ver = 5,5,7,103 | Size = 480568 bytes | Modified Date = 10/1/2007 4:40:42 PM | Attr = ]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} [HKLM] -> %System32%\ShellvRTF.dll [ShellViewRTF] -> XSS [Ver = 1, 1, 0, 4 | Size = 237568 bytes | Modified Date = 10/10/2005 2:03:00 PM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.3001 | Size = 63040 bytes | Modified Date = 11/21/2007 7:57:30 PM | Attr = ]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 828 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 4 ͫMLp7718e9b9
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 
#Q ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> F"%f ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> &shy;=#T4?r ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 1Z7 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1040 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mqsvc.exe -> C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mqsvc.exe -> C:\WINDOWS\system32\mqsvc.exe:*:Disabled:Message Queuing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\LMI25B3.tmp\rescue.exe -> C:\WINDOWS\LMI25B3.tmp\rescue.exe:*:Enabled:LogMeIn Rescue ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\fxsclnt.exe -> C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 8.1.0.0 | Size = 372736 bytes | Modified Date = 5/10/2007 10:54:08 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
{CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 61440 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ]
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NavShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 14.4.0.12 | Size = 173416 bytes | Modified Date = 6/26/2007 3:27:00 AM | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ ->
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,5,7,103 | Size = 480568 bytes | Modified Date = 10/1/2007 4:40:42 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
{CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 61440 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ ->
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4543 | Size = 143360 bytes | Modified Date = 3/22/2006 3:16:46 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,5,7,103 | Size = 480568 bytes | Modified Date = 10/1/2007 4:40:42 PM | Attr = ]
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NavShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 14.4.0.12 | Size = 173416 bytes | Modified Date = 6/26/2007 3:27:00 AM | Attr = ]
< ControlSets > -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
Vongo Service -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %SystemDrive%\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/11/2005 11:23:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 060.000.155.000 | Size = 73728 bytes | Modified Date = 9/24/2005 11:39:30 AM | Attr = ]
C:^Documents and Settings^owner^Start Menu^Programs^StartUp^Vongo Tray.lnk -> Reg Data - Value does not exist -> File not found
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Cpqset -> %ProgramFiles%\Hewlett-Packard\Default Settings\Cpqset.exe -> [Ver = | Size = 40960 bytes | Modified Date = 6/19/2006 12:50:40 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/11/2005 11:12:54 PM | Attr = ]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 7, 2 | Size = 458752 bytes | Modified Date = 5/4/2006 12:58:26 AM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/22/2006 3:17:50 PM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 3/22/2006 3:17:04 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 6:30:30 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 6:30:30 PM | Attr = ]
MsmqIntCert -> regsvr32 /s mqrt.dll -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 11:03:52 PM | Attr = ]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8195 ->
< Security Settings > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1040 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mqsvc.exe -> C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mqsvc.exe -> C:\WINDOWS\system32\mqsvc.exe:*:Disabled:Message Queuing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\LMI25B3.tmp\rescue.exe -> C:\WINDOWS\LMI25B3.tmp\rescue.exe:*:Enabled:LogMeIn Rescue ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\fxsclnt.exe -> C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *; ->
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 -> ->
%SystemRoot% -> ->
%SystemRoot%\System32\Wbem -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> ->
.EXE -> ->
.BAT -> ->
.CMD -> ->
.VBS -> ->
.VBE -> ->
.JS -> ->
.JSE -> ->
.WSF -> ->
.WSH -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 5/26/2005 6:22:02 PM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:02 PM | Attr = ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 7.00.5730.13 (longhorn(wmbla).070711-1130) | Size = 45568 bytes | Modified Date = 8/13/2007 6:32:30 PM | Attr = ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\Office12\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 67896 bytes | Modified Date = 10/26/2006 8:12:34 PM | Attr = ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 5:59:52 AM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 5:59:52 AM | Attr = ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\Office12\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 67896 bytes | Modified Date = 10/26/2006 8:12:34 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 5:59:52 AM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 5:59:52 AM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 6:55:54 PM | Attr = ]
InternetShortcut [print] -> rundll32.exe %System32%\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 7.00.6000.16587 (vista_gdr.071026-1500) | Size = 3590656 bytes | Modified Date = 10/30/2007 6:42:28 PM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:02 PM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:08 AM | Attr = ]
Directory [OneNote.Open] -> %SystemDrive%\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 1022840 bytes | Modified Date = 8/28/2007 11:43:30 PM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:08 AM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:08 AM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:08 AM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 5:59:52 AM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 5:59:52 AM | Attr = ]
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\NetCache\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^0OzIj
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> gԋ4:?Ӽdg ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xȓ܊݄} ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> *BV%M/g ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> ; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_ikj" ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
< Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0732A22F-584C-4D7A-B925-EF3CDD608D19} -> SymNet ->
{075473F5-846A-448B-BCB3-104AA1760205} -> Sonic Data Module ->
{09D8492A-C8E2-421E-927D-46800FB327A3} -> Wireless Home Network Setup ->
{0B33B738-AD79-4E32-90C5-E67BFB10BBFF} -> AiO_Scan ->
{10D2EF1D-7B09-468C-A0E5-F592FACD6AFC} -> Symantec Real Time Storage Protection Component ->
{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5} -> CP_CalendarTemplates1 ->
{21657574-BD54-48A2-9450-EB03B2C7FC29} -> Sonic MyDVD Plus ->
{228F6876-A313-40A3-91C0-C3CBE6997D09} -> Symantec ->
{23012310-3E05-46A5-88A9-C6CBCABCAC79} -> Customer Experience Enhancement ->
{23B35809-5E4A-4F14-8332-1CDEDDFAC089} -> CP_Package_Variety2 ->
{2466E904-7E48-4597-9321-722CF02930EB} -> 5600 ->
{24BEBF2E-73F3-4599-840B-EDC612CCDD0D} -> Destinations ->
{2818095F-FB6C-42C8-827E-0A406CC9AFF5} -> Quicken 2006 ->
{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} -> Internet Worm Protection ->
{2A548002-9042-4083-A270-B67473DE1073} -> SkinsHP1 ->
{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} -> Rhapsody Player Engine ->
{30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Sonic Update Manager ->
{30C19FF2-7FBA-4d09-B9DE-1659977F64F6} -> TrayApp ->
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6 ->
{34D2AB40-150D-475D-AE32-BD23FB5EE355} -> HP Quick Launch Buttons 6.10 A2 ->
{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} -> Norton AntiVirus Help ->
{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0} -> Unload ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{36D620AD-EEBA-4973-BA86-0C9AE6396620} -> OptionalContentQFolder ->
{3CCAD2EF-CFF2-4637-82AA-AABF370282D3} -> ccCommon ->
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting ->
{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308} -> RandMap ->
{4041C245-7099-4C96-9738-5EBC23827B3C} -> BufferChm ->
{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} -> Microsoft Works ->
{4302B2DD-D958-40E3-BAF3-B07FFE1978CE} -> HP Wireless Assistant 2.00 G2 ->
{45D707E9-F3C4-11D9-A373-0050BAE317E1} -> HP QuickPlay 2.3 ->
{47D2103B-FD51-4017-9C20-DD408B17D726} -> Office 2003 Trial Assistant ->
{494D17B5-3369-4905-8C4B-80C972C5E0FF} -> CP_Panorama1Config ->
{4DA4012B-39AF-48c2-B23B-A4D570D233A6} -> cp_LightScribeConfig ->
{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1} -> CP_Package_Variety1 ->
{52FBAE98-D389-4281-8C14-21B4046CCB4E} -> SonicAC3Encoder ->
{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C} -> FullDPAppQFolder ->
{54E3707F-808E-4fd4-95C9-15D1AB077E5D} -> NewCopy ->
{54F0998F-73C8-4b51-8286-FE903C231BED} -> cp_PosterPrintConfig ->
{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE} -> WebReg ->
{5B79CFD1-6845-4158-9D7D-6BE89DF2C135} -> HP PSC & OfficeJet 5.3.B ->
{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} -> Sonic Express Labeler ->
{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder ->
{6815FCDD-401D-481E-BA88-31B4754C2B46} -> Macromedia Flash Player 8 ->
{6A28AB0B-22B1-494C-AF61-B386EA1736C0} -> LightScribe 1.4.97.1 ->
{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724} -> DocProc ->
{766633B3-1AFA-44B6-A3FC-1DE991CD9C52} -> CP_Package_Basic1 ->
{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1 -> Spy Sweeper ->
{77772678-817F-4401-9301-ED1D01A8DA56} -> SPBBC 32bit ->
{7850A6D2-CBEA-4728-9877-F1BEDEA9F619} -> AiOSoftware ->
{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} -> Windows Live Favorites for Windows Live Toolbar ->
{79F8E1D4-36C1-439C-95FA-F695050B5B07} -> Sonic_PrimoSDK ->
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX ->
{7C9B95B7-B598-4398-B30F-7F6827192E6C} -> ProductContext ->
{80AE27BA-B0ED-4288-A8B9-D8194BCF4115} -> cp_UpdateProjectsConfig ->
{8105684D-8CA6-440D-8F58-7E5FD67A499D} -> Easy Internet Sign-up ->
{830D8CBD-C668-49E2-A969-C2C2106332E0} -> Norton AntiVirus ->
{838A1BC9-95CA-4880-9BE3-2A7D23600A2B} -> Macromedia Shockwave Player ->
{869C3062-4745-4949-B6C9-98AF24D89030} -> PhotoGallery ->
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel® Graphics Media Accelerator Driver ->
{90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders (English) 12 ->
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007 ->
{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) ->
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007 ->
{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) ->
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007 ->
{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) ->
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007 ->
{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) ->
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007 ->
{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) ->
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007 ->
{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) ->
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007 ->
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007 ->
{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) ->
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007 ->
{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) ->
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007 ->
{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) ->
{91120000-002F-0000-0000-0000000FF1CE} -> Microsoft Office Home and Student 2007 ->
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) ->
{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F} -> Readme ->
{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB} -> ->
{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8} -> Norton Protection Center ->
{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9} -> CueTour ->
{A01FC76F-CC09-4658-9E37-5C2F635EE708} -> TourSetup ->
{A195B13E-A5E3-4BAF-A995-7F70F445CD06} -> ScannerCopy ->
{A93C4E94-1005-489D-BEAA-B873C1AA6CFC} -> HP Help and Support ->
{AB708C9B-97C8-4AC9-899B-DBF226AC9382} -> Sonic Audio Module ->
{AC76BA86-7AD7-1033-7B44-A81100000003} -> Adobe Reader 8.1.1 ->
{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61} -> CP_AtenaShokunin1Config ->
{B12665F4-4E93-4AB4-B7FC-37053B524629} -> Sonic Copy Module ->
{B16AF568-A644-483C-A6DA-5028CD019C8C} -> SonicMPEGEncoder ->
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy ->
{B57F2FF0-5A25-4332-B503-4592B370C02F} -> CP_Package_Variety3 ->
{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} -> HP Update ->
{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290} -> cp_OnlineProjectsConfig ->
{BE247E71-C143-40BB-ADF2-A465DF062BAB} -> HP User Guides 0035 ->
{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18} -> 5600Trb ->
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181) ->
{C506A18C-1469-4678-B094-F4EC9DAE6DB7} -> Scan ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{CC7984C5-020D-4944-85A0-58D09D4A8BFB} -> 5600_Help ->
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition ->
{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC} -> Fax ->
{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} -> Norton AntiVirus SYMLT MSI ->
{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38} -> HpSdpAppCoreApp ->
{DB7E00C9-6DEF-489A-8112-D8F81614F45A} -> Vongo ->
{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} -> LiveUpdate Notice (Symantec Corporation) ->
{DDC63227-BA06-4855-B002-BDB49E9F677E} -> Symantec Technical Support Web Controls ->
{E3F90083-80D4-4b5a-87C7-E97E12F5516D} -> HPProductAssistant ->
{E5EE9939-259F-4DE2-8023-5C49E16A4F43} -> Norton AntiVirus Parent MSI ->
{EA103B64-C0E4-4C0E-A506-751590E1653D} -> SolutionCenter ->
{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} -> AppCore ->
{F34D9A5F-484A-4E31-A9D3-908CB265B289} -> Sygate Personal Firewall ->
{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4} -> Status ->
{F4DB525F-A986-4249-B98B-42A8066251CA} -> AV ->
{FB09F05F-85C6-4205-B28D-5BF071D276C3} -> muvee autoProducer 5.0 ->
{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0} -> InstantShareDevices ->
{FE64AE29-0883-4C70-8388-DC026019C900} -> HP Image Zone Express ->
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX ->
CNXT_HDAUDIO -> Conexant HD Audio ->
CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m -> Soft Data Fax Modem with SmartCP ->
HijackThis -> HijackThis 2.0.2 ->
HOMESTUDENTR -> Microsoft Office Home and Student 2007 Trial ->
HP Imaging Device Functions -> HP Imaging Device Functions 6.0 ->
HP Photo & Imaging -> HP Photosmart Premier Software 6.0 ->
HP Rhapsody -> HP Rhapsody ->
HP Solution Center & Imaging Support Tools -> HP Solution Center & Imaging Support Tools 5.3 ->
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ->
ie7 -> Windows Internet Explorer 7 ->
InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79} -> Customer Experience Enhancement ->
InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D} -> Easy Internet Sign-up ->
Kaspersky Online Scanner -> Kaspersky Online Scanner ->
KB873333 -> Windows XP Hotfix - KB873333 ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB883667 -> Windows XP Hotfix - KB883667 ->
KB885250 -> Windows XP Hotfix - KB885250 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB885855 -> Windows XP Hotfix - KB885855 ->
KB886185 -> Windows XP Hotfix - KB886185 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB888113 -> Windows XP Hotfix - KB888113 ->
KB888239 -> Windows XP Hotfix - KB888239 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB888795 -> Hotfix for Windows XP (KB888795) ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890546 -> Windows XP Hotfix - KB890546 ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB891220 -> Windows XP Hotfix - KB891220 ->
KB891593 -> Hotfix for Windows XP (KB891593) ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) ->
KB892559 -> Windows XP Hotfix - KB892559 ->
KB893066 -> Security Update for Windows XP (KB893066) ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894391 -> Update for Windows XP (KB894391) ->
KB895961 -> Hotfix for Windows XP (KB895961) ->
KB896256 -> Hotfix for Windows XP (KB896256) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896422 -> Security Update for Windows XP (KB896422) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB896727 -> Update for Windows XP (KB896727) ->
KB898461 -> Update for Windows XP (KB898461) ->
KB899337 -> Hotfix for Windows XP (KB899337) ->
KB899510 -> Hotfix for Windows XP (KB899510) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900325 -> Update Rollup 2 for Windows XP Media Center Edition 2005 ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901190 -> Security Update for Windows XP (KB901190) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB902841 -> Hotfix for Windows XP (KB902841) ->
KB903157 -> Hotfix for Windows Media Player 10 (KB903157) ->
KB903235 -> Security Update for Windows XP (KB903235) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB904942 -> Update for Windows XP (KB904942) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908531 -> Update for Windows XP (KB908531) ->
KB909095 -> Hotfix for Windows XP (KB909095) ->
KB910393 -> Update for Windows Media Player 10 (KB910393) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB910728 -> Hotfix for Windows XP (KB910728) ->
KB911164 -> Update for Windows XP (KB911164) ->
KB911280 -> Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB911565 -> Security Update for Windows Media Player 10 (KB911565) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912436 -> Hotfix for Windows XP (KB912436) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB912945 -> Update for Windows XP (KB912945) ->
KB913446 -> Security Update for Windows XP (KB913446) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB913800 -> Update for Windows Media Player 10 (KB913800) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB914440 -> Hotfix for Windows XP (KB914440) ->
KB915865 -> Hotfix for Windows XP (KB915865) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918118 -> Security Update for Windows XP (KB918118) ->
KB918439 -> Security Update for Windows XP (KB918439) ->
KB919007 -> Security Update for Windows XP (KB919007) ->
KB920213 -> Security Update for Windows XP (KB920213) ->
KB920670 -> Security Update for Windows XP (KB920670) ->
KB920683 -> Security Update for Windows XP (KB920683) ->
KB920685 -> Security Update for Windows XP (KB920685) ->
KB920872 -> Update for Windows XP (KB920872) ->
KB921503 -> Security Update for Windows XP (KB921503) ->
KB922582 -> Update for Windows XP (KB922582) ->
KB922819 -> Security Update for Windows XP (KB922819) ->
KB923191 -> Security Update for Windows XP (KB923191) ->
KB923414 -> Security Update for Windows XP (KB923414) ->
KB923689 -> Security Update for Windows XP (KB923689) ->
KB923723 -> Security Update for Step By Step Interactive Training (KB923723) ->
KB923980 -> Security Update for Windows XP (KB923980) ->
KB924270 -> Security Update for Windows XP (KB924270) ->
KB924496 -> Security Update for Windows XP (KB924496) ->
KB924667 -> Security Update for Windows XP (KB924667) ->
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) ->
KB925766 -> Windows XP Media Center Edition 2005 KB925766 ->
KB925902 -> Security Update for Windows XP (KB925902) ->
KB926239 -> Hotfix for Windows XP (KB926239) ->
KB926251 -> Update for Windows Media Player 10 (KB926251) ->
KB926255 -> Security Update for Windows XP (KB926255) ->
KB926436 -> Security Update for Windows XP (KB926436) ->
KB927779 -> Security Update for Windows XP (KB927779) ->
KB927802 -> Security Update for Windows XP (KB927802) ->
KB927891 -> Update for Windows XP (KB927891) ->
KB928255 -> Security Update for Windows XP (KB928255) ->
KB928843 -> Security Update for Windows XP (KB928843) ->
KB929123 -> Security Update for Windows XP (KB929123) ->
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) ->
KB930178 -> Security Update for Windows XP (KB930178) ->
KB930494 -> Microsoft .NET Framework 1.0 Hotfix (KB930494) ->
KB930916 -> Update for Windows XP (KB930916) ->
KB931261 -> Security Update for Windows XP (KB931261) ->
KB931784 -> Security Update for Windows XP (KB931784) ->
KB932168 -> Security Update for Windows XP (KB932168) ->
KB933360 -> Update for Windows XP (KB933360) ->
KB933729 -> Security Update for Windows XP (KB933729) ->
KB935839 -> Security Update for Windows XP (KB935839) ->
KB935840 -> Security Update for Windows XP (KB935840) ->
KB936021 -> Security Update for Windows XP (KB936021) ->
KB936357 -> Update for Windows XP (KB936357) ->
KB936782_WMP10 -> Security Update for Windows Media Player 10 (KB936782) ->
KB937894 -> Security Update for Windows XP (KB937894) ->
KB938127 -> Security Update for Windows XP (KB938127) ->
KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127) ->
KB938828 -> Update for Windows XP (KB938828) ->
KB938829 -> Security Update for Windows XP (KB938829) ->
KB939653 -> Security Update for Windows XP (KB939653) ->
KB939653-IE7 -> Security Update for Windows Internet Explorer 7 (KB939653) ->
KB941202 -> Security Update for Windows XP (KB941202) ->
KB941568 -> Security Update for Windows XP (KB941568) ->
KB941569 -> Security Update for Windows XP (KB941569) ->
KB942615-IE7 -> Security Update for Windows Internet Explorer 7 (KB942615) ->
KB942763 -> Update for Windows XP (KB942763) ->
KB943460 -> Security Update for Windows XP (KB943460) ->
KB944653 -> Security Update for Windows XP (KB944653) ->
LiveUpdate -> LiveUpdate 3.2 (Symantec Corporation) ->
M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366) ->
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 ->
Money2006b -> Microsoft Money 2006 ->
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP ->
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs ->
Panda ActiveScan -> Panda ActiveScan ->
PROSet -> Intel® PRO Network Connections Drivers ->
RealPlayer 6.0 -> RealPlayer ->
SymSetup.{830D8CBD-C668-49E2-A969-C2C2106332E0} -> Norton AntiVirus (Symantec Corporation) ->
SynTPDeinstKey -> Synaptics Pointing Device Driver ->
WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->
Windows Media Format Runtime -> Windows Media Format 11 runtime ->
Windows Media Player -> Windows Media Player 11 ->
WMCSetup -> Windows Media Connect ->
WMFDist11 -> Windows Media Format 11 runtime ->
wmp11 -> Windows Media Player 11 ->
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 ->
< WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW ->
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< EventViewer Logs > -> Errors and Warnings -> Description
System - Warning - 12/23/2007 5:20:02 PM -> Computer Name = ANNIEHANNAH - User Name = (blank) - Source = Tcpip -> Description =
System - Warning - 12/24/2007 3:41:16 PM -> Computer Name = ANNIEHANNAH - User Name = (blank) - Source = Tcpip -> Description =
System - Warning - 12/28/2007 8:01:05 AM -> Computer Name = ANNIEHANNAH - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description =
System - Warning - 12/28/2007 8:01:07 AM -> Computer Name = ANNIEHANNAH - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description =
System - Warning - 12/28/2007 8:01:08 AM -> Computer Name = ANNIEHANNAH - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description =

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


#13 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 29 December 2007 - 06:59 PM

Balance of the WinPFind3U log:

[Files/Folders - Created Within 60 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 11/21/2007 4:05:03 PM | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2137051136 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 11/21/2007 3:45:56 PM | Attr = ]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 12/12/2007 3:11:24 PM | Attr = RH ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 11/21/2007 2:29:44 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 10/20/1823 11:30:17 PM | Attr = HS]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 11/22/2007 7:47:24 AM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 11/22/2007 7:47:03 AM | Attr = H ]
$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 11/21/2007 6:07:33 PM | Attr = H ]
$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 11/21/2007 6:09:45 PM | Attr = H ]
$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 11/21/2007 6:09:38 PM | Attr = H ]
$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 11/21/2007 5:46:48 PM | Attr = H ]
$NtUninstallKB887472$ -> %SystemRoot%\$NtUninstallKB887472$ -> [Folder | Created Date = 11/21/2007 5:47:21 PM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 11/21/2007 6:02:15 PM | Attr = H ]
$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Created Date = 11/21/2007 6:03:39 PM | Attr = H ]
$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Created Date = 11/21/2007 6:00:01 PM | Attr = H ]
$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Created Date = 11/21/2007 6:08:40 PM | Attr = H ]
$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Created Date = 11/21/2007 6:06:35 PM | Attr = H ]
$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Created Date = 11/21/2007 6:00:30 PM | Attr = H ]
$NtUninstallKB898461$ -> %SystemRoot%\$NtUninstallKB898461$ -> [Folder | Created Date = 11/21/2007 5:34:52 PM | Attr = H ]
$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Created Date = 11/21/2007 6:40:52 PM | Attr = H ]
$NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Created Date = 11/21/2007 6:09:07 PM | Attr = H ]
$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 11/21/2007 6:07:47 PM | Attr = H ]
$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Created Date = 11/21/2007 6:02:08 PM | Attr = H ]
$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Created Date = 11/21/2007 6:09:14 PM | Attr = H ]
$NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Created Date = 11/21/2007 6:04:44 PM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 11/22/2007 7:44:20 AM | Attr = H ]
$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Created Date = 11/21/2007 6:02:59 PM | Attr = H ]
$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Created Date = 11/21/2007 6:00:53 PM | Attr = H ]
$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Created Date = 11/21/2007 6:00:59 PM | Attr = H ]
$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 11/21/2007 6:06:09 PM | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 11/21/2007 6:08:33 PM | Attr = H ]
$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Created Date = 11/21/2007 6:08:20 PM | Attr = H ]
$NtUninstallKB913800$ -> %SystemRoot%\$NtUninstallKB913800$ -> [Folder | Created Date = 11/21/2007 6:05:43 PM | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 11/21/2007 6:03:11 PM | Attr = H ]
$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 11/21/2007 6:00:11 PM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Created Date = 11/22/2007 7:44:30 AM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 11/22/2007 7:46:32 AM | Attr = H ]
$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 11/21/2007 6:01:38 PM | Attr = H ]
$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 11/21/2007 6:03:05 PM | Attr = H ]
$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Created Date = 11/21/2007 6:02:53 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 11/21/2007 5:46:57 PM | Attr = H ]
$NtUninstallKB918439$ -> %SystemRoot%\$NtUninstallKB918439$ -> [Folder | Created Date = 11/21/2007 6:05:09 PM | Attr = H ]
$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Created Date = 11/21/2007 6:03:17 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 11/21/2007 6:01:55 PM | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 11/21/2007 6:05:16 PM | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 11/21/2007 6:00:18 PM | Attr = H ]
$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 11/21/2007 6:08:47 PM | Attr = H ]
$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 11/21/2007 6:03:25 PM | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 11/21/2007 6:06:48 PM | Attr = H ]
$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 11/21/2007 6:02:35 PM | Attr = H ]
$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 11/21/2007 6:09:53 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 11/21/2007 6:02:41 PM | Attr = H ]
$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 11/21/2007 6:09:30 PM | Attr = H ]
$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Created Date = 11/21/2007 6:00:48 PM | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Created Date = 11/21/2007 6:09:01 PM | Attr = H ]
$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Created Date = 11/21/2007 5:47:29 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 11/22/2007 6:22:23 PM | Attr = H ]
$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Created Date = 11/21/2007 6:07:26 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 11/21/2007 6:07:53 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 11/21/2007 6:06:28 PM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Created Date = 11/28/2007 10:12:35 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 11/21/2007 6:06:00 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 11/28/2007 10:16:19 PM | Attr = H ]
$NtUninstallKB926251$ -> %SystemRoot%\$NtUninstallKB926251$ -> [Folder | Created Date = 11/21/2007 6:07:06 PM | Attr = H ]
$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 11/21/2007 6:02:20 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 11/21/2007 6:03:33 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 11/21/2007 5:47:50 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 11/21/2007 6:40:39 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 11/21/2007 6:07:19 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 11/21/2007 6:09:21 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 11/21/2007 5:59:23 PM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 11/21/2007 5:47:12 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 11/29/2007 8:01:56 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 11/21/2007 5:47:06 PM | Attr = H ]
$NtUninstallKB930494$ -> %SystemRoot%\$NtUninstallKB930494$ -> [Folder | Created Date = 11/21/2007 6:01:22 PM | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 11/21/2007 6:01:30 PM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 11/21/2007 6:07:39 PM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 11/21/2007 5:47:38 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 11/21/2007 6:02:48 PM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 11/21/2007 6:01:50 PM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 11/21/2007 6:08:56 PM | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 11/21/2007 6:00:25 PM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 11/21/2007 6:01:44 PM | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 11/21/2007 6:08:26 PM | Attr = H ]
$NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Created Date = 11/21/2007 6:07:11 PM | Attr = H ]
$NtUninstallKB936782_WMP10$ -> %SystemRoot%\$NtUninstallKB936782_WMP10$ -> [Folder | Created Date = 11/21/2007 5:59:53 PM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 11/29/2007 8:01:01 PM | Attr = H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Created Date = 12/12/2007 8:35:12 AM | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 11/21/2007 6:02:02 PM | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 11/21/2007 6:08:14 PM | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 11/21/2007 6:06:42 PM | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Created Date = 11/21/2007 6:08:00 PM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 11/29/2007 8:01:34 PM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 11/21/2007 6:02:25 PM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 12/12/2007 8:33:40 AM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 12/12/2007 8:34:48 AM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 12/12/2007 8:34:58 AM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 11/21/2007 6:10:02 PM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 12/12/2007 8:33:26 AM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 11/28/2007 10:16:02 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 11/28/2007 10:14:00 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 11/28/2007 10:15:21 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 11/28/2007 10:13:22 PM | Attr = H ]
AWMODEM.INF -> %SystemRoot%\AWMODEM.INF -> [Ver = | Size = 1071 bytes | Created Date = 12/4/2007 4:57:57 PM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 12/6/2007 10:19:02 AM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 12/20/2007 9:02:31 AM | Attr = ]
F34D9A5F484A4E31A9D3908CB265B289.TMP -> %SystemRoot%\F34D9A5F484A4E31A9D3908CB265B289.TMP -> [Folder | Created Date = 12/22/2007 12:40:58 PM | Attr = ]
hpoins07.dat -> %SystemRoot%\hpoins07.dat -> [Ver = | Size = 112897 bytes | Created Date = 11/21/2007 4:03:52 PM | Attr = ]
hpomdl07.dat -> %SystemRoot%\hpomdl07.dat -> [Ver = | Size = 21124 bytes | Created Date = 11/21/2007 4:03:52 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 11/22/2007 7:47:37 AM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 11/22/2007 7:48:38 AM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 12/29/2007 4:41:11 PM | Attr = ]
msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Created Date = 11/22/2007 7:48:55 AM | Attr = H ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 11/22/2007 7:44:31 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 11/21/2007 2:29:18 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 11/21/2007 6:19:40 PM | Attr = ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 12/12/2007 3:12:14 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 11/21/2007 9:27:44 PM | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 12/1/2007 2:48:19 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 11/22/2007 7:48:03 AM | Attr = ]
WRSetup.dll -> %SystemRoot%\WRSetup.dll -> Webroot Software, Inc. [Ver = 5,5,7,103 | Size = 1526072 bytes | Created Date = 11/30/2007 11:23:57 AM | Attr = ]
Easy Internet Sign-up.job -> %SystemRoot%\tasks\Easy Internet Sign-up.job -> [Ver = | Size = 458 bytes | Created Date = 11/21/2007 2:49:41 PM | Attr = ]
Norton AntiVirus - Run Full System Scan - owner.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - owner.job -> [Ver = | Size = 556 bytes | Created Date = 11/21/2007 3:29:15 PM | Attr = ]
wrSpySweeper_LA393199B75D04E48AA12A678E68F2D64.job -> %SystemRoot%\tasks\wrSpySweeper_LA393199B75D04E48AA12A678E68F2D64.job -> [Ver = | Size = 1596 bytes | Created Date = 11/30/2007 11:27:42 AM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 12/3/2007 7:46:05 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 11/21/2007 9:36:38 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 12/3/2007 7:46:35 PM | Attr = ]
c_10004.nls -> %System32%\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 11/21/2007 2:08:41 PM | Attr = ]
c_10005.nls -> %System32%\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 11/21/2007 2:08:41 PM | Attr = ]
c_10021.nls -> %System32%\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 11/21/2007 2:08:40 PM | Attr = ]
C_28596.NLS -> %System32%\C_28596.NLS -> [Ver = | Size = 66082 bytes | Created Date = 11/21/2007 2:08:41 PM | Attr = ]
c_708.nls -> %System32%\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 11/21/2007 2:08:41 PM | Attr = ]
c_720.nls -> %System32%\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 11/21/2007 2:08:41 PM | Attr = ]
c_862.nls -> %System32%\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 11/21/2007 2:08:41 PM | Attr = ]
c_864.nls -> %System32%\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 11/21/2007 2:08:41 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Created Date = 11/22/2007 7:48:01 AM | Attr = ]
fxscount.h -> %System32%\fxscount.h -> [Ver = | Size = 1361 bytes | Created Date = 12/4/2007 4:41:50 PM | Attr = ]
fxsperf.ini -> %System32%\fxsperf.ini -> [Ver = | Size = 1793 bytes | Created Date = 12/4/2007 4:41:50 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Created Date = 12/4/2007 4:41:58 PM | Attr = ]
GroupPolicy -> %System32%\GroupPolicy -> [Folder | Created Date = 12/23/2007 7:38:41 AM | Attr = H ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 12/3/2007 7:46:09 PM | Attr = ]
HPZidr12.dll -> %System32%\HPZidr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 278584 bytes | Created Date = 11/21/2007 4:10:57 PM | Attr = ]
HPZinw12.exe -> %System32%\HPZinw12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 61440 bytes | Created Date = 11/21/2007 4:10:57 PM | Attr = ]
HPZipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Created Date = 11/21/2007 4:10:57 PM | Attr = ]
HPZipr12.dll -> %System32%\HPZipr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 204800 bytes | Created Date = 11/21/2007 4:10:57 PM | Attr = ]
HPZipt12.dll -> %System32%\HPZipt12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 94208 bytes | Created Date = 11/21/2007 4:10:57 PM | Attr = ]
HPZisn12.dll -> %System32%\HPZisn12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 57344 bytes | Created Date = 11/21/2007 4:10:57 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 12/22/2007 1:30:10 PM | Attr = ]
lfbmp13n.dll -> %System32%\lfbmp13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 57344 bytes | Created Date = 12/23/2007 7:58:28 AM | Attr = ]
lfcmp13n.dll -> %System32%\lfcmp13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 401408 bytes | Created Date = 12/23/2007 7:58:28 AM | Attr = ]
lfgif13n.dll -> %System32%\lfgif13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 69632 bytes | Created Date = 12/23/2007 7:58:29 AM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 11/28/2007 10:13:29 PM | Attr = ]
ltdis13n.dll -> %System32%\ltdis13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 299008 bytes | Created Date = 12/23/2007 7:58:28 AM | Attr = ]
ltefx13n.dll -> %System32%\ltefx13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.068 | Size = 206336 bytes | Created Date = 12/23/2007 7:58:28 AM | Attr = ]
ltfil13n.dll -> %System32%\ltfil13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 163840 bytes | Created Date = 12/23/2007 7:58:28 AM | Attr = ]
ltimg13n.dll -> %System32%\ltimg13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 450560 bytes | Created Date = 12/23/2007 7:58:28 AM | Attr = ]
ltkrn13n.dll -> %System32%\ltkrn13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 462848 bytes | Created Date = 12/23/2007 7:58:28 AM | Attr = ]
mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 535 bytes | Created Date = 12/4/2007 4:41:51 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 12/3/2007 7:46:08 PM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 11/21/2007 7:57:26 PM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 11/21/2007 7:57:27 PM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 11/21/2007 7:57:27 PM | Attr = ]
PreInstall -> %System32%\PreInstall -> [Folder | Created Date = 11/21/2007 5:34:54 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.3084 | Size = 185944 bytes | Created Date = 11/21/2007 7:57:34 PM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Created Date = 11/21/2007 3:23:29 PM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Created Date = 11/21/2007 12:54:34 PM | Attr = ]
ssiefr.EXE -> %System32%\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.91 | Size = 16184 bytes | Created Date = 11/30/2007 11:23:57 AM | Attr = ]
SSSensor.dll -> %System32%\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Created Date = 12/4/2007 12:44:51 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 12/3/2007 7:46:09 PM | Attr = ]
WRLogonNtf.dll -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,91 | Size = 219448 bytes | Created Date = 11/30/2007 11:24:00 AM | Attr = ]
wrlzma.dll -> %System32%\wrlzma.dll -> [Ver = | Size = 26424 bytes | Created Date = 11/30/2007 11:23:57 AM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 12/3/2007 7:46:35 PM | Attr = ]
apphelp.sdb -> %System32%\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Created Date = 11/28/2007 10:16:08 PM | Attr = ]
apph_sp.sdb -> %System32%\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Created Date = 11/28/2007 10:16:08 PM | Attr = ]
sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 11/28/2007 10:16:07 PM | Attr = ]
103C_HP_NTBK_HP Pavilion dv6000 (RG364UA#ABA)_YN_0Pavi_QCNF64551HV_E419857002_46_I30BB_SQuanta_V66.21_BF.08_T061106_WXP2_L409_M2039_J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG364UA#ABA)_XMOBILE_CN10_Z.MRK -> %System32%\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG364UA#ABA)_YN_0Pavi_QCNF64551HV_E419857002_46_I30BB_SQuanta_V66.21_BF.08_T061106_WXP2_L409_M2039_J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG364UA#ABA)_XMOBILE_CN10_Z.MRK -> [Ver = | Size = 1792 bytes | Created Date = 11/21/2007 2:33:36 PM | Attr = RHS]
COH_Mon.cat -> %System32%\drivers\COH_Mon.cat -> [Ver = | Size = 10592 bytes | Created Date = 12/1/2007 5:44:39 PM | Attr = ]
COH_Mon.inf -> %System32%\drivers\COH_Mon.inf -> [Ver = | Size = 705 bytes | Created Date = 12/1/2007 5:44:39 PM | Attr = ]
COH_Mon.sys -> %System32%\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,2,3 | Size = 22112 bytes | Created Date = 12/1/2007 5:44:39 PM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 12/1/2007 6:26:13 PM | Attr = ]
HPZid412.sys -> %System32%\drivers\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Created Date = 11/21/2007 4:15:01 PM | Attr = R ]
HPZipr12.sys -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Created Date = 11/21/2007 4:15:03 PM | Attr = R ]
HPZius12.sys -> %System32%\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Created Date = 11/21/2007 4:14:34 PM | Attr = R ]
srtsp.cat -> %System32%\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.inf -> %System32%\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.sys -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspl.cat -> %System32%\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.inf -> %System32%\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.sys -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspx.cat -> %System32%\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.inf -> %System32%\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.sys -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
SSFS0BB9.sys -> %System32%\drivers\SSFS0BB9.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.91 | Size = 20280 bytes | Created Date = 11/30/2007 11:24:01 AM | Attr = ]
sshrmd.sys -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.91 | Size = 21816 bytes | Created Date = 11/30/2007 11:24:01 AM | Attr = ]
ssidrv.sys -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.91 | Size = 163640 bytes | Created Date = 11/30/2007 11:24:01 AM | Attr = ]
sskbfd.sys -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.91 | Size = 23864 bytes | Created Date = 11/30/2007 11:24:01 AM | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Created Date = 11/21/2007 3:23:29 PM | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Created Date = 11/21/2007 3:23:29 PM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Created Date = 11/21/2007 3:23:29 PM | Attr = ]
Teefer.sys -> %System32%\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Created Date = 12/4/2007 12:44:59 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 11/28/2007 10:13:29 PM | Attr = ]
wg3n.sys -> %System32%\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 12/4/2007 12:45:00 PM | Attr = ]
wg4n.sys -> %System32%\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 12/4/2007 12:45:01 PM | Attr = ]
wg5n.sys -> %System32%\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 12/4/2007 12:45:01 PM | Attr = ]
wg6n.sys -> %System32%\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 12/4/2007 12:45:02 PM | Attr = ]
wpsdrvnt.sys -> %System32%\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Created Date = 12/4/2007 12:44:57 PM | Attr = ]
hosts.20071204-010114.backup -> %System32%\drivers\etc\hosts.20071204-010114.backup -> [Ver = | Size = 734 bytes | Created Date = 12/4/2007 1:01:14 AM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 11/28/2007 10:13:31 PM | Attr = H ]
Adobe -> %AllUsersAppData%\Adobe -> [Folder | Created Date = 12/29/2007 4:33:02 PM | Attr = ]
FunGames -> %AllUsersAppData%\FunGames -> [Folder | Created Date = 11/28/2007 2:50:42 PM | Attr = ]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Created Date = 12/22/2007 1:30:11 PM | Attr = ]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Created Date = 12/12/2007 3:11:43 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 12/4/2007 12:40:58 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 12/24/2007 3:14:04 PM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Created Date = 11/21/2007 3:23:15 PM | Attr = ]
Webroot -> %AllUsersAppData%\Webroot -> [Folder | Created Date = 11/30/2007 11:23:56 AM | Attr = ]
Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Created Date = 11/21/2007 5:36:08 PM | Attr = ]
Windows Live Toolbar -> %AllUsersAppData%\Windows Live Toolbar -> [Folder | Created Date = 11/22/2007 7:35:22 AM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Created Date = 11/21/2007 7:01:18 PM | Attr = ]
AdobeUM -> %UserAppData%\AdobeUM -> [Folder | Created Date = 12/10/2007 10:24:35 PM | Attr = ]
desktop.ini -> %UserAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 11/21/2007 2:32:57 PM | Attr = HS]
GlarySoft -> %UserAppData%\GlarySoft -> [Folder | Created Date = 11/21/2007 5:23:37 PM | Attr = ]
HP -> %UserAppData%\HP -> [Folder | Created Date = 11/21/2007 4:01:19 PM | Attr = ]
Identities -> %UserAppData%\Identities -> [Folder | Created Date = 11/21/2007 2:32:55 PM | Attr = ]
Intuit -> %UserAppData%\Intuit -> [Folder | Created Date = 11/21/2007 2:32:55 PM | Attr = ]
Leadertech -> %UserAppData%\Leadertech -> [Folder | Created Date = 11/23/2007 12:05:01 PM | Attr = ]
Macromedia -> %UserAppData%\Macromedia -> [Folder | Created Date = 11/21/2007 2:32:55 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Created Date = 11/21/2007 2:32:55 PM | Attr = S]
Real -> %UserAppData%\Real -> [Folder | Created Date = 11/21/2007 7:57:19 PM | Attr = ]
Sonic -> %UserAppData%\Sonic -> [Folder | Created Date = 11/23/2007 12:06:18 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Created Date = 11/21/2007 1:31:31 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 12/8/2007 12:03:32 PM | Attr = ]
Symantec -> %UserAppData%\Symantec -> [Folder | Created Date = 11/21/2007 2:32:55 PM | Attr = ]
Template -> %UserAppData%\Template -> [Folder | Created Date = 11/21/2007 2:40:21 PM | Attr = ]
Webroot -> %UserAppData%\Webroot -> [Folder | Created Date = 11/30/2007 11:23:56 AM | Attr = ]
WholeSecurity -> %UserAppData%\WholeSecurity -> [Folder | Created Date = 12/1/2007 6:23:08 PM | Attr = ]
wklnhst.dat -> %UserAppData%\wklnhst.dat -> [Ver = | Size = 25130 bytes | Created Date = 11/21/2007 2:40:20 PM | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Created Date = 11/21/2007 7:01:19 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Created Date = 11/21/2007 2:32:55 PM | Attr = ]
BVRP Software -> %LocalAppData%\BVRP Software -> [Folder | Created Date = 11/21/2007 2:32:55 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 6144 bytes | Created Date = 11/21/2007 1:34:58 PM | Attr = ]
fusioncache.dat -> %LocalAppData%\fusioncache.dat -> [Ver = | Size = 128 bytes | Created Date = 11/21/2007 2:32:56 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 51192 bytes | Created Date = 11/21/2007 2:32:56 PM | Attr = ]
HP -> %LocalAppData%\HP -> [Folder | Created Date = 11/21/2007 2:32:55 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4804156 bytes | Created Date = 11/22/2007 7:49:07 AM | Attr = H ]
Identities -> %LocalAppData%\Identities -> [Folder | Created Date = 11/21/2007 5:42:51 PM | Attr = ]
IsolatedStorage -> %LocalAppData%\IsolatedStorage -> [Folder | Created Date = 11/21/2007 2:32:54 PM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Created Date = 11/21/2007 2:32:54 PM | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Created Date = 12/12/2007 3:11:53 PM | Attr = ]
PCHealth -> %LocalAppData%\PCHealth -> [Folder | Created Date = 12/12/2007 3:47:08 PM | Attr = ]
QuickPlay -> %LocalAppData%\QuickPlay -> [Folder | Created Date = 11/24/2007 8:35:01 PM | Attr = ]
WorldWinner.com -> %LocalAppData%\WorldWinner.com -> [Folder | Created Date = 11/25/2007 10:33:48 PM | Attr = ]
{3248F0A6-6813-11D6-A77B-00B0D0150060} -> %LocalAppData%\{3248F0A6-6813-11D6-A77B-00B0D0150060} -> [Folder | Created Date = 11/21/2007 2:32:54 PM | Attr = ]
desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 76 bytes | Created Date = 11/21/2007 2:32:55 PM | Attr = HS]
Fax -> %UserDocuments%\Fax -> [Folder | Created Date = 12/4/2007 4:49:57 PM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Created Date = 11/21/2007 2:32:54 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Created Date = 11/21/2007 2:32:54 PM | Attr = R ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Created Date = 11/21/2007 2:32:54 PM | Attr = R ]
OneNote Notebooks -> %UserDocuments%\OneNote Notebooks -> [Folder | Created Date = 12/12/2007 3:47:44 PM | Attr = ]
RealPlayer.lnk -> %AllUsersDesktop%\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Created Date = 11/21/2007 7:59:03 PM | Attr = ]
2 17 09 Conversion.wps -> %UserDesktop%\2 17 09 Conversion.wps -> [Ver = | Size = 25600 bytes | Created Date = 12/16/2007 11:08:20 AM | Attr = ]
Bill & Marsha Burns 12 24.wps -> %UserDesktop%\Bill & Marsha Burns 12 24.wps -> [Ver = | Size = 23040 bytes | Created Date = 12/24/2007 3:53:59 PM | Attr = ]
Bleeping Computer Help -> %UserDesktop%\Bleeping Computer Help -> [Folder | Created Date = 12/23/2007 8:43:10 AM | Attr = ]
Communion.wps -> %UserDesktop%\Communion.wps -> [Ver = | Size = 13824 bytes | Created Date = 12/24/2007 11:02:39 AM | Attr = ]
Dorothy -> %UserDesktop%\Dorothy -> [Folder | Created Date = 12/29/2007 4:31:15 PM | Attr = ]
Dreams Complete -> %UserDesktop%\Dreams Complete -> [Folder | Created Date = 11/24/2007 4:20:24 PM | Attr = ]
Family -> %UserDesktop%\Family -> [Folder | Created Date = 11/21/2007 6:56:31 PM | Attr = ]
His Story in my Life -> %UserDesktop%\His Story in my Life -> [Folder | Created Date = 11/21/2007 7:03:33 PM | Attr = ]
HP Pavilion -> %UserDesktop%\HP Pavilion -> [Folder | Created Date = 11/24/2007 4:21:42 PM | Attr = ]
JAB -> %UserDesktop%\JAB -> [Folder | Created Date = 11/21/2007 7:01:59 PM | Attr = ]
Janis 2006 -> %UserDesktop%\Janis 2006 -> [Folder | Created Date = 11/24/2007 4:22:06 PM | Attr = ]
Janis Docs 2008 -> %UserDesktop%\Janis Docs 2008 -> [Folder | Created Date = 12/10/2007 6:49:59 PM | Attr = ]
Janis Documents -> %UserDesktop%\Janis Documents -> [Folder | Created Date = 11/24/2007 4:22:48 PM | Attr = ]
JCB Medical -> %UserDesktop%\JCB Medical -> [Folder | Created Date = 11/21/2007 7:03:55 PM | Attr = ]
Kelly 2007.xlr -> %UserDesktop%\Kelly 2007.xlr -> [Ver = | Size = 15360 bytes | Created Date = 11/24/2007 5:05:57 PM | Attr = ]
MSN software errors etc -> %UserDesktop%\MSN software errors etc -> [Folder | Created Date = 12/13/2007 10:07:03 AM | Attr = ]
Music -> %UserDesktop%\Music -> [Folder | Created Date = 11/23/2007 7:22:44 PM | Attr = ]
Never Before -> %UserDesktop%\Never Before -> [Folder | Created Date = 11/24/2007 4:22:35 PM | Attr = ]
Personal Ministry Word -> %UserDesktop%\Personal Ministry Word -> [Folder | Created Date = 11/24/2007 4:24:08 PM | Attr = ]
Quotable & Pleasures -> %UserDesktop%\Quotable & Pleasures -> [Folder | Created Date = 11/24/2007 4:31:29 PM | Attr = ]
Royal Crown Downloads -> %UserDesktop%\Royal Crown Downloads -> [Folder | Created Date = 12/22/2007 10:55:00 AM | Attr = ]
Security -> %UserDesktop%\Security -> [Folder | Created Date = 12/4/2007 8:15:21 PM | Attr = ]
Security Logs -> %UserDesktop%\Security Logs -> [Folder | Created Date = 12/13/2007 2:10:24 PM | Attr = ]
SSIASW 12 24.wps -> %UserDesktop%\SSIASW 12 24.wps -> [Ver = | Size = 12288 bytes | Created Date = 12/24/2007 8:23:01 AM | Attr = ]
Sygate shutdown 12 24.wps -> %UserDesktop%\Sygate shutdown 12 24.wps -> [Ver = | Size = 903168 bytes | Created Date = 12/20/2007 10:23:16 AM | Attr = ]
The Word -> %UserDesktop%\The Word -> [Folder | Created Date = 11/24/2007 5:03:31 PM | Attr = ]
Wallnau & Addison -> %UserDesktop%\Wallnau & Addison -> [Folder | Created Date = 11/24/2007 4:20:52 PM | Attr = ]
Website_living_will.pdf -> %UserDesktop%\Website_living_will.pdf -> [Ver = | Size = 70494 bytes | Created Date = 12/27/2007 11:26:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Website_living_will.pdf:Zone.Identifier ->
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 12/29/2007 4:45:14 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 404656 bytes | Created Date = 12/29/2007 3:04:22 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
desktop.ini -> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 11/21/2007 2:32:55 PM | Attr = HS]
OneNote 2007 Screen Clipper and Launcher.lnk -> %UserStartup%\OneNote 2007 Screen Clipper and Launcher.lnk -> [Ver = | Size = 947 bytes | Created Date = 12/12/2007 3:47:43 PM | Attr = ]
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 12/29/2007 4:32:52 PM | Attr = ]
DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 12/12/2007 3:14:07 PM | Attr = ]
Hewlett-Packard -> %CommonProgramFiles%\Hewlett-Packard -> [Folder | Created Date = 11/21/2007 4:15:45 PM | Attr = ]
Real -> %CommonProgramFiles%\Real -> [Folder | Created Date = 11/21/2007 7:57:24 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 11/21/2007 3:22:35 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 12/3/2007 10:32:22 PM | Attr = ]
xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 11/21/2007 7:59:07 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 12/14/2007 6:49:16 AM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 12/29/2007 4:40:32 PM | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 11/30/2007 11:20:28 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2137051136 bytes | Modified Date = 12/29/2007 4:40:34 PM | Attr = HS]
hpqp.ini -> %SystemDrive%\hpqp.ini -> [Ver = | Size = 898 bytes | Modified Date = 12/29/2007 4:41:30 PM | Attr = ]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 11/30/2007 11:23:38 AM | Attr = ]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 12/12/2007 3:11:26 PM | Attr = RH ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 12/12/2007 3:13:42 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 12/3/2007 2:37:54 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 12/4/2007 12:43:40 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 12/29/2007 4:41:12 PM | Attr = ]
XP_TV.ini -> %SystemDrive%\XP_TV.ini -> [Ver = | Size = 39 bytes | Modified Date = 12/29/2007 4:41:18 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 12/12/2007 8:30:38 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 12/3/2007 12:04:30 AM | Attr = H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Modified Date = 12/12/2007 8:35:14 AM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 12/12/2007 8:33:42 AM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 12/12/2007 8:34:50 AM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 12/12/2007 8:35:00 AM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 12/12/2007 8:33:28 AM | Attr = H ]
addins -> %SystemRoot%\addins -> [Folder | Modified Date = 12/4/2007 4:41:52 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 12/6/2007 9:57:42 PM | Attr = ]
AWMODEM.INF -> %SystemRoot%\AWMODEM.INF -> [Ver = | Size = 1071 bytes | Modified Date = 12/4/2007 4:57:58 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/29/2007 4:40:38 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 12/6/2007 10:19:04 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 12/29/2007 11:25:24 AM | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 12/6/2007 9:58:40 PM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 12/20/2007 9:02:32 AM | Attr = ]
F34D9A5F484A4E31A9D3908CB265B289.TMP -> %SystemRoot%\F34D9A5F484A4E31A9D3908CB265B289.TMP -> [Folder | Modified Date = 12/22/2007 12:41:00 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/12/2007 3:13:52 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/15/2007 12:20:20 AM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 12/12/2007 8:33:54 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1943 bytes | Modified Date = 12/12/2007 1:17:16 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 12/29/2007 4:41:12 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 12/29/2007 4:34:48 PM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 12/29/2007 4:41:12 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 12/23/2007 10:54:44 AM | Attr = ]
pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 12/12/2007 3:13:42 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 12/29/2007 4:32:20 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/29/2007 4:41:04 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 12/5/2007 9:37:22 PM | Attr = ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 12/12/2007 3:12:16 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 12/6/2007 10:02:38 PM | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 12/1/2007 2:57:10 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 327 bytes | Modified Date = 12/14/2007 6:49:16 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 12/29/2007 4:32:12 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 12/3/2007 3:44:42 PM | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 12/29/2007 4:46:12 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1123 bytes | Modified Date = 12/14/2007 6:49:16 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/29/2007 4:33:06 PM | Attr = ]
Easy Internet Sign-up.job -> %SystemRoot%\tasks\Easy Internet Sign-up.job -> [Ver = | Size = 458 bytes | Modified Date = 12/29/2007 4:49:02 PM | Attr = ]
Norton AntiVirus - Run Full System Scan - owner.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - owner.job -> [Ver = | Size = 556 bytes | Modified Date = 12/24/2007 8:00:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 12/29/2007 4:40:40 PM | Attr = H ]
wrSpySweeper_LA393199B75D04E48AA12A678E68F2D64.job -> %SystemRoot%\tasks\wrSpySweeper_LA393199B75D04E48AA12A678E68F2D64.job -> [Ver = | Size = 1596 bytes | Modified Date = 12/28/2007 7:00:02 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 12/6/2007 10:02:42 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 12/4/2007 7:39:42 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 12/4/2007 7:41:30 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 12/29/2007 4:41:12 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/12/2007 3:15:10 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/12/2007 8:35:18 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 12/22/2007 12:59:20 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 282928 bytes | Modified Date = 12/12/2007 3:23:42 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 12/29/2007 3:47:54 PM | Attr = ]
GroupPolicy -> %System32%\GroupPolicy -> [Folder | Modified Date = 12/23/2007 7:38:42 AM | Attr = H ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 12/6/2007 9:09:22 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 12/22/2007 1:30:12 PM | Attr = ]
mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 535 bytes | Modified Date = 12/4/2007 4:41:52 PM | Attr = ]
MsDtc -> %System32%\MsDtc -> [Folder | Modified Date = 12/6/2007 10:05:14 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 12/4/2007 7:39:42 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 12/6/2007 9:09:22 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 56796 bytes | Modified Date = 12/4/2007 4:41:52 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 392980 bytes | Modified Date = 12/4/2007 4:41:52 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 455070 bytes | Modified Date = 12/4/2007 4:41:52 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 12/4/2007 12:43:40 PM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 12/5/2007 9:59:30 AM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 12/6/2007 9:09:22 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 12/6/2007 10:06:18 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 12/28/2007 7:51:12 AM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 12/1/2007 6:26:16 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 12/6/2007 10:04:30 PM | Attr = ]
srtsp.cat -> %System32%\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.inf -> %System32%\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.sys -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspl.cat -> %System32%\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.inf -> %System32%\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.sys -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspx.cat -> %System32%\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.inf -> %System32%\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.sys -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 12/5/2007 9:59:30 AM | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 12/5/2007 9:59:30 AM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 12/5/2007 9:59:30 AM | Attr = ]
hosts.20071204-010114.backup -> %System32%\drivers\etc\hosts.20071204-010114.backup -> [Ver = | Size = 734 bytes | Modified Date = 11/30/2007 11:26:28 AM | Attr = ]
Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 12/29/2007 4:34:48 PM | Attr = ]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Modified Date = 12/22/2007 1:30:12 PM | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 12/12/2007 3:13:42 PM | Attr = S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Modified Date = 12/28/2007 8:02:14 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 12/4/2007 1:49:30 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 12/24/2007 3:14:06 PM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Modified Date = 12/20/2007 8:30:44 AM | Attr = ]
Webroot -> %AllUsersAppData%\Webroot -> [Folder | Modified Date = 11/30/2007 11:23:58 AM | Attr = ]
WildTangent -> %AllUsersAppData%\WildTangent -> [Folder | Modified Date = 12/1/2007 4:24:04 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 12/10/2007 10:25:24 PM | Attr = ]
AdobeUM -> %UserAppData%\AdobeUM -> [Folder | Modified Date = 12/10/2007 10:28:04 PM | Attr = ]
HP -> %UserAppData%\HP -> [Folder | Modified Date = 12/17/2007 11:16:10 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 12/12/2007 3:48:40 PM | Attr = S]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 12/24/2007 3:13:56 PM | Attr = ]
Symantec -> %UserAppData%\Symantec -> [Folder | Modified Date = 12/2/2007 11:58:40 PM | Attr = ]
Webroot -> %UserAppData%\Webroot -> [Folder | Modified Date = 11/30/2007 11:23:58 AM | Attr = ]
WholeSecurity -> %UserAppData%\WholeSecurity -> [Folder | Modified Date = 12/1/2007 6:23:10 PM | Attr = ]
wklnhst.dat -> %UserAppData%\wklnhst.dat -> [Ver = | Size = 25130 bytes | Modified Date = 12/29/2007 3:47:54 PM | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 12/29/2007 4:34:48 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 12/1/2007 4:22:16 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 6144 bytes | Modified Date = 12/28/2007 11:25:26 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4804156 bytes | Modified Date = 12/29/2007 4:39:30 PM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 12/12/2007 3:48:42 PM | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Modified Date = 12/12/2007 3:11:54 PM | Attr = ]
PCHealth -> %LocalAppData%\PCHealth -> [Folder | Modified Date = 12/12/2007 3:47:10 PM | Attr = ]
Fax -> %UserDocuments%\Fax -> [Folder | Modified Date = 12/4/2007 4:49:58 PM | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 12/23/2007 4:39:16 PM | Attr = R ]
OneNote Notebooks -> %UserDocuments%\OneNote Notebooks -> [Folder | Modified Date = 12/12/2007 3:47:46 PM | Attr = ]
2 17 09 Conversion.wps -> %UserDesktop%\2 17 09 Conversion.wps -> [Ver = | Size = 25600 bytes | Modified Date = 12/16/2007 11:08:22 AM | Attr = ]
Bill & Marsha Burns 12 24.wps -> %UserDesktop%\Bill & Marsha Burns 12 24.wps -> [Ver = | Size = 23040 bytes | Modified Date = 12/24/2007 3:54:00 PM | Attr = ]
Bleeping Computer Help -> %UserDesktop%\Bleeping Computer Help -> [Folder | Modified Date = 12/24/2007 12:40:22 PM | Attr = ]
Communion.wps -> %UserDesktop%\Communion.wps -> [Ver = | Size = 13824 bytes | Modified Date = 12/24/2007 11:02:42 AM | Attr = ]
Dorothy -> %UserDesktop%\Dorothy -> [Folder | Modified Date = 12/29/2007 4:31:28 PM | Attr = ]
Dreams Complete -> %UserDesktop%\Dreams Complete -> [Folder | Modified Date = 12/15/2007 3:04:00 PM | Attr = ]
HP Pavilion -> %UserDesktop%\HP Pavilion -> [Folder | Modified Date = 12/23/2007 8:45:34 AM | Attr = ]
JAB -> %UserDesktop%\JAB -> [Folder | Modified Date = 12/22/2007 10:55:50 AM | Attr = ]
Janis Docs 2008 -> %UserDesktop%\Janis Docs 2008 -> [Folder | Modified Date = 12/10/2007 6:50:14 PM | Attr = ]
Janis Documents -> %UserDesktop%\Janis Documents -> [Folder | Modified Date = 12/23/2007 5:17:26 PM | Attr = ]
Kelly 2007.xlr -> %UserDesktop%\Kelly 2007.xlr -> [Ver = | Size = 15360 bytes | Modified Date = 12/18/2007 9:17:02 AM | Attr = ]
MSN software errors etc -> %UserDesktop%\MSN software errors etc -> [Folder | Modified Date = 12/13/2007 2:11:46 PM | Attr = ]
Never Before -> %UserDesktop%\Never Before -> [Folder | Modified Date = 12/2/2007 8:48:26 AM | Attr = ]
Quotable & Pleasures -> %UserDesktop%\Quotable & Pleasures -> [Folder | Modified Date = 12/23/2007 5:16:00 PM | Attr = ]
Royal Crown Downloads -> %UserDesktop%\Royal Crown Downloads -> [Folder | Modified Date = 12/22/2007 10:55:24 AM | Attr = ]
Security -> %UserDesktop%\Security -> [Folder | Modified Date = 12/24/2007 3:38:36 PM | Attr = ]
Security Logs -> %UserDesktop%\Security Logs -> [Folder | Modified Date = 12/29/2007 11:03:50 AM | Attr = ]
SSIASW 12 24.wps -> %UserDesktop%\SSIASW 12 24.wps -> [Ver = | Size = 12288 bytes | Modified Date = 12/24/2007 8:23:02 AM | Attr = ]
Sygate shutdown 12 24.wps -> %UserDesktop%\Sygate shutdown 12 24.wps -> [Ver = | Size = 903168 bytes | Modified Date = 12/20/2007 10:23:18 AM | Attr = ]
Wallnau & Addison -> %UserDesktop%\Wallnau & Addison -> [Folder | Modified Date = 12/11/2007 10:56:46 PM | Attr = ]
Website_living_will.pdf -> %UserDesktop%\Website_living_will.pdf -> [Ver = | Size = 70494 bytes | Modified Date = 12/27/2007 11:26:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Website_living_will.pdf:Zone.Identifier ->
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 12/29/2007 4:45:16 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 404656 bytes | Modified Date = 12/29/2007 3:04:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
OneNote 2007 Screen Clipper and Launcher.lnk -> %UserStartup%\OneNote 2007 Screen Clipper and Launcher.lnk -> [Ver = | Size = 947 bytes | Modified Date = 12/12/2007 3:47:44 PM | Attr = ]
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 12/29/2007 4:33:10 PM | Attr = ]
DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 12/12/2007 3:14:08 PM | Attr = ]
LightScribe -> %CommonProgramFiles%\LightScribe -> [Folder | Modified Date = 12/6/2007 9:34:04 PM | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 12/28/2007 8:00:20 AM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 12/17/2007 9:07:42 PM | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 12/12/2007 1:50:58 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 12/22/2007 12:59:24 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Modified Date = 9/21/2004 7:26:40 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.3084 | Size = 185944 bytes | Modified Date = 11/21/2007 7:57:36 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/15/2006 11:00:00 PM | Attr = ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 213867 bytes | Modified Date = 12/4/2007 1:01:16 AM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Website_living_will.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

< End of report >

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


#14 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 29 December 2007 - 07:42 PM

Answering some of the points you brought up:

I did the 11/21/07 recovery from the Recovery Partition as no disks came with unit when I purchased it 11/30/06. HP had said this would reformat the hard drive but it did not; they say Partition was most likely corrupt. I just received a recovery disk yesterday which I'd asked them to send me since Partition didn't do what they said it would do.
This laptop was a gift and I was instructed to buy Media Center Edition which I never would have done. It is basically a TIVO and using an s-cable will play tv, music, online movies etc etc on laptop screen. I don't even have an up-to-date tv that could use an s cable much less desire to watch online movies, but it was what I had to buy. When I browsed the Media Center in 7/07, many online services and folders and connections came onto the c drive which slowed me down and were worse than useless and could not be deleted at their root because "a process was running in the background" and messed up the startup menu. Before HP sent the recovery disk, we did a disk scan and a BIOS scan and both passed and were good.

Getting back up to speed after the recovery was a nightmare; the updates got wouldn't install correctly. Windows Media Player wouldn't let me update to v.11; I had to sign up for an HP Customer Enhancement Experience when it finally let me update. Now that Customer Enhancement Experience cannot be removed from the Add/Remove Programs even though HP said it could be removed at any time. The Microsoft Malicious Software Removal Tool wouldn't install correctly; the icon would say I had updates available; I'd click to update; it would say successful, I'd restart or even turn off and then, there it would be again. I went to Microsoft update site itself and downloaded the update 3 times in a row, and it is finally correct (I hope).

The only security I've ever had since 11/30/06 is Spy Sweeper, Norton AV and the Windows firewall. The Sygate was installed while I was performing the steps to submit to Hijack This. I am OK with un-installing Sygate since it shut me down last week with a Dr Watson (Sygate has to close box) and all I was doing was viewing the traffic log and a backtrace.

I had learned about registry cleaners from pc world, but I know now to stay away from such as that. Somewhere in my heart, I believe these problems are somehow related to being on pc world's daily email list; it is just a feeling but a strong one. I'm #1 in the world (Barcelona) with the espgame.org "phetch", and have never ever had any woes of this nature until signing up for that daily info email.

Thanks again, will await your next instructions; just an aside, we're planning a funeral now after 21 days of ICU, so it is possible for a not so speedy reply to you during the next week.
jackiemarie

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.


#15 jackiemarie

jackiemarie
  • Topic Starter

  • Members
  • 426 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:05 AM

Posted 29 December 2007 - 07:54 PM

Papakid, I have no excuses to offer except distraction to do with the many, many days in ICU. Please forgive me.

You will notice I posted Event Viewer info about 12/3 and 12/4; the event that spurred me enlist BC's help occurred December 1st! Checking just now, the logs don't go back to 12/1; if there is a way to access this info, let me know.
jackiemarie

EAM, Malware Bytes Premium

HP g7- Windows 7 Home Prem 64-bit - Intel i3 - 6 GB Ram

What you value is your reward.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users