Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Bho.cvx + Generic9.xld


  • This topic is locked This topic is locked
18 replies to this topic

#1 jpmaurice

jpmaurice

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 22 December 2007 - 11:25 AM

Hello
In replacement of "FORUM Am I infected? What do I do? - Trojan Horse Generic9.xld - AVG resident shield message"


EVENT.
Using WinXp pro - more specific when I handle windows explorer and/or internet explorer I get always messages from AVG resident shield -

1.- TrojanHorse Generic 9.xld
and since complete reďnstall of AVG a new message (which seems to have replaced this mentioned under 1.)
2.- TrojanHorse BHO.CVX

Seems both are connected to = C:\windows\system32\cscuit.dll
Ist impossible to upload-copy-move-replace-or delete this DLL file.
The genuine file = C:\windows\system32\cscui.dll is still existing.

Multiple times I used in normal and if possible in safe mode following programs =

- Lavasoft Ad-Aware 2007 free edition
- Super AntiSpyware free edition
- CCleaner
- ATF-cleaner
- Spybot Search & Destroy
- Revo Uninstaller

- ZoneAlarm free edition firewall
- Avg 7.5 free edition virusscanner

While using Ad-Aware2007 total scan today I got a new AVG resident shield warning : (quote)

While opening file C:\SystemVolumeInformation\_restore{475315DE9-7B76-4761-8190-8D72AAA58ACF}\RP96\A0032745.dLL
Trojan Horse Generic9.XLD

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:31, on 22-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother's Keeper 6\Bk6w.exe
C:\WINDOWS\system32\W32MKDE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {A2510B92-6ECA-4D10-88E1-B027F29786A1} - C:\WINDOWS\system32\cscuit.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193020774116
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9157 bytes
Thanks for your co-operation. Kind Regards. JPMaurice

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:57 PM

Posted 02 January 2008 - 10:24 AM

Hello jpmaurice and welcome to the BC HijackThis forum. Let's see what else we can find.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Desktop Components
      Reg - Disabled MS Config Items
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 jpmaurice

jpmaurice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 02 January 2008 - 02:36 PM

WinPFind35 logfile created on: 2-1-2008 20:30:02
WinPFind35U Version Beta18 Folder = C:\Documents and Settings\Jp\Bureaublad\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,49% Memory free
3,85 Gb Paging File | 3,30 Gb Available in Paging File | 85,69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32,82 Gb Total Space | 15,72 Gb Free Space | 47,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: IBM-20DD82AB5D8
Current User Name: Jp
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> Lenovo [Ver = 1.43 | Size = 36400 bytes | Modified Date = 31-5-2007 19:02:06 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 1-6-2007 10:48:24 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29-10-2007 13:27:04 | Attr = ]
brss01a.exe -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12-12-2001 17:01:00 | Attr = ]
acprfmgrsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.42 | Size = 65536 bytes | Modified Date = 5-7-2007 15:05:04 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24-10-2007 8:15:56 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-10-2007 1:06:14 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21-12-2007 14:12:53 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 647168 bytes | Modified Date = 1-6-2007 11:00:20 | Attr = ]
rrpcsb.exe -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-3-2004 21:21:10 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0 | Size = 327680 bytes | Modified Date = 1-6-2007 10:41:30 | Attr = ]
suservice.exe -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 24-10-2007 12:58:00 | Attr = ]
tphdexlg.exe -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.53.0.1 | Size = 37424 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
tpkmpsvc.exe -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12-7-2003 2:19:22 | Attr = ]
tvtsched.exe -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 1126400 bytes | Modified Date = 1-8-2007 11:07:38 | Attr = ]
acsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.42 | Size = 184320 bytes | Modified Date = 5-7-2007 15:03:32 | Attr = ]
svcguihlpr.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> Lenovo [Ver = 4.42 | Size = 114688 bytes | Modified Date = 5-7-2007 15:04:18 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 16-6-2004 18:53:34 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 16-6-2004 18:53:02 | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 12-1-2006 19:52:32 | Attr = ]
scheduler_proxy.exe -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 540672 bytes | Modified Date = 1-8-2007 11:07:46 | Attr = ]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 2-10-2006 10:19:48 | Attr = ]
actray.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.42 | Size = 413696 bytes | Modified Date = 5-7-2007 14:58:40 | Attr = ]
acwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.42 | Size = 126976 bytes | Modified Date = 5-7-2007 14:51:48 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21-12-2007 19:19:26 | Attr = ]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 5-7-2005 14:57:12 | Attr = ]
tpscrex.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe -> Lenovo Group Limited [Ver = 1.17 | Size = 86016 bytes | Modified Date = 30-5-2006 15:05:42 | Attr = ]
acrobat.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe -> Adobe Systems Incorporated [Ver = 7.0.8.2006051600 | Size = 75376 bytes | Modified Date = 16-5-2006 21:12:59 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 422912 bytes | Modified Date = 1-1-2008 19:28:46 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29-10-2007 13:27:04 | Attr = ]
(AcPrfMgrSvc) Ac Profile Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.42 | Size = 65536 bytes | Modified Date = 5-7-2007 15:05:04 | Attr = ]
(AcSvc) Access Connections Main Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.42 | Size = 184320 bytes | Modified Date = 5-7-2007 15:03:32 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24-10-2007 8:15:56 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-10-2007 1:06:14 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21-12-2007 14:12:53 | Attr = ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Stopped] -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Modified Date = 27-8-2003 17:00:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative-service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 4-8-2004 9:03:28 | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 647168 bytes | Modified Date = 1-6-2007 11:00:20 | Attr = ]
(IBM Rapid Restore Ultra Service) IBM Rapid Restore Ultra Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-3-2004 21:21:10 | Attr = ]
(IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> Lenovo [Ver = 1.43 | Size = 36400 bytes | Modified Date = 31-5-2007 19:02:06 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Disabled | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0 | Size = 327680 bytes | Modified Date = 1-6-2007 10:41:30 | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 1-6-2007 10:48:24 | Attr = ]
(SUService) System Update [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 24-10-2007 12:58:00 | Attr = ]
(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Win32_Own | Auto | Running] -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.53.0.1 | Size = 37424 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12-7-2003 2:19:22 | Attr = ]
(TVT Scheduler) TVT Scheduler [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 1126400 bytes | Modified Date = 1-8-2007 11:07:38 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 18-8-2001 4:20:04 | Attr = ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.4 | Size = 116176 bytes | Modified Date = 7-4-2004 15:41:38 | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.7.4.0 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Cisco Systems, Inc. [Ver = 3.7.4.0 | Size = 21393 bytes | Modified Date = 2-12-2007 7:16:56 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 18-8-2001 5:51:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 4-8-2004 7:07:44 | Attr = ]
(ANC) ANC [Kernel | System | Running] -> %System32%\drivers\ANC.sys -> IBM Corp. [Ver = 8.3 | Size = 11520 bytes | Modified Date = 8-11-2005 9:27:20 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 18-8-2001 5:52:00 | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 18-8-2001 5:51:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6547 | Size = 1133568 bytes | Modified Date = 6-2-2007 23:38:32 | Attr = ]
(AtmelTpm) AtmelTpm [Kernel | On_Demand | Running] -> %System32%\drivers\AtmelTpm.sys -> Atmel, Inc. [Ver = 2.1.0.56 built by: WinDDK | Size = 40704 bytes | Modified Date = 21-10-2007 16:23:42 | Attr = ]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 24-10-2007 8:15:50 | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 22-10-2007 1:06:19 | Attr = ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 22-10-2007 1:06:20 | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21-12-2007 19:19:45 | Attr = ]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 22-10-2007 1:06:20 | Attr = ]
(BrPar) BrPar [Kernel | Auto | Running] -> %System32%\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Modified Date = 24-7-2000 1:01:00 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | On_Demand | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 7-9-2001 3:02:58 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 18-8-2001 5:52:16 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 4-8-2004 8:57:22 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153856 bytes | Modified Date = 4-8-2004 8:57:24 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 7-9-2001 15:00:00 | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94c | Size = 87168 bytes | Modified Date = 17-8-2004 11:21:00 | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.45a | Size = 40448 bytes | Modified Date = 14-7-2004 10:56:00 | Attr = ]
(E1000) Intel® PRO/1000 Network Connection Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 8.7.9.0 built by: WinDDK | Size = 170392 bytes | Modified Date = 24-10-2006 10:28:48 | Attr = ]
(E100B) Intel® PRO Adapter-stuurprogramma [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 7-9-2001 3:49:42 | Attr = ]
(EGATHDRV) IBM Access Support [Kernel | Auto | Running] -> %System32%\egathdrv.sys -> IBM Corporation [Ver = 2.04 | Size = 5120 bytes | Modified Date = 19-3-2004 20:03:58 | Attr = ]
(fdpteznk) fdpteznk [Kernel | Boot | Running] -> %System32%\drivers\dohqarui.dat -> [Ver = | Size = 18688 bytes | Modified Date = 25-10-2007 8:39:21 | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\drivers\hpzid412.sys -> HP [Ver = 6, 0, 0, 0 | Size = 51024 bytes | Modified Date = 9-3-2003 6:31:00 | Attr = ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 16080 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZius12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 21456 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 | Size = 197888 bytes | Modified Date = 22-7-2004 23:25:58 | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 | Size = 1041152 bytes | Modified Date = 22-7-2004 23:24:20 | Attr = ]
(ibmfilter) ibmfilter [Kernel | Auto | Running] -> %System32%\drivers\ibmfilter.sys -> IBM [Ver = 3.01 built by: WinDDK | Size = 64256 bytes | Modified Date = 24-9-2004 1:39:58 | Attr = ]
(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %System32%\drivers\ibmpmdrv.sys -> Lenovo. [Ver = 1.43 | Size = 21424 bytes | Modified Date = 31-5-2007 19:01:30 | Attr = ]
(IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> %System32%\drivers\IBMBLDID.sys -> [Ver = | Size = 4224 bytes | Modified Date = 2-4-2007 11:24:08 | Attr = ]
(KLIF) KLIF [File_System | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19-7-2007 15:10:28 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LucentSoftModem) Lucent Technologies Soft Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\LTSM.sys -> Lucent Technologies [Ver = 3.1.92.1 3.1.92.1 07/18/2001 12:51:10 | Size = 802683 bytes | Modified Date = 18-8-2001 5:28:10 | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 9-4-2003 22:48:08 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 18-8-2001 5:52:12 | Attr = ]
(NSCIRDA) Stuurprogramma voor NSC-infraroodapparaat [Kernel | On_Demand | Running] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 4-8-2004 7:00:52 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(psadd) Lenovo Parties Service Access Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\psadd.sys -> Lenovo (United States) Inc. [Ver = 6.1.1009.0 | Size = 21376 bytes | Modified Date = 19-2-2007 6:56:46 | Attr = ]
(Ptilink) Stuurprogramma voor Directe parallelle verbinding [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 7-9-2001 15:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.22a | Size = 20576 bytes | Modified Date = 8-12-2004 13:03:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 18-8-2001 5:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 18-8-2001 5:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 18-8-2001 5:52:18 | Attr = ]
(s24trans) WLAN-transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 11, 1, 1, 0 | Size = 12416 bytes | Modified Date = 29-5-2007 15:29:30 | Attr = ]
(S3SSavage) S3SSavage [Kernel | On_Demand | Stopped] -> %System32%\drivers\s3ssavm.sys -> S3 Graphics, Inc. [Ver = 6.13.10.1236-12.90.36 | Size = 95104 bytes | Modified Date = 1-11-2001 10:57:14 | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10-10-2006 13:53:48 | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-2-2006 17:51:08 | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27-2-2007 12:39:26 | Attr = ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %System32%\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 33052 bytes | Modified Date = 7-8-2007 1:15:07 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13-11-2007 11:25:55 | Attr = ]
(Shockprf) Shockprf [Kernel | Boot | Running] -> %System32%\drivers\ApsX86.sys -> Lenovo. [Ver = 1.53.0.1 | Size = 103472 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 4-8-2004 7:07:44 | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5160 | Size = 266880 bytes | Modified Date = 23-6-2004 18:42:46 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 18-8-2001 6:07:44 | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 187, 0 | Size = 51176 bytes | Modified Date = 18-10-2007 20:18:44 | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 14-7-2004 19:29:04 | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 14-7-2004 19:28:50 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 18-8-2001 6:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 18-8-2001 6:07:36 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 18-8-2001 6:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 18-8-2001 6:07:42 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 270928 bytes | Modified Date = 16-6-2004 18:47:28 | Attr = ]
(TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> %System32%\drivers\tcusb.sys -> UPEK Inc. [Ver = 1.9.2.99 | Size = 47376 bytes | Modified Date = 14-8-2007 14:25:52 | Attr = ]
(TDSMAPI) TDSMAPI [Kernel | System | Running] -> %System32%\drivers\TDSMAPI.SYS -> [Ver = | Size = 9341 bytes | Modified Date = 29-7-2004 9:36:00 | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2271 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86202 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(TPDIGIMN) TPDIGIMN [Kernel | Boot | Running] -> %System32%\drivers\ApsHM86.sys -> Lenovo. [Ver = 1.53.0.1 built by: WinDDK | Size = 19504 bytes | Modified Date = 28-9-2007 16:28:00 | Attr = ]
(TPHKDRV) TPHKDRV [Kernel | System | Running] -> %System32%\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 17699 bytes | Modified Date = 5-7-2005 14:57:06 | Attr = ]
(TPPWR) TPPWR [Kernel | System | Running] -> %System32%\drivers\TPPWR.SYS -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 16384 bytes | Modified Date = 29-7-2004 9:37:00 | Attr = ]
(TSMAPIP) TSMAPIP [Kernel | System | Running] -> %System32%\drivers\TSMAPIP.SYS -> [Ver = | Size = 7168 bytes | Modified Date = 15-7-2004 10:31:00 | Attr = ]
(TwoTrack) Stuurprogramma voor IBM PS/2 TrackPoint Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\TwoTrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Modified Date = 18-8-2001 5:48:14 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Versie 0603) | Size = 36736 bytes | Modified Date = 18-8-2001 5:52:22 | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Modified Date = 14-11-2007 16:05:16 | Attr = ]
(w22n51) Stuurprogramma Intel® PRO/Wireless 2200-adapter voor Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w22n51.sys -> Intel® Corporation [Ver = 8010-28 Driver | Size = 3151232 bytes | Modified Date = 30-8-2004 1:26:58 | Attr = ]
(w29n51) Stuurprogramma voor Intel® PRO/Wireless 2200BG-netwerkverbinding onder Windows XP [Kernel | On_Demand | Running] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9.0.4.36 Driver | Size = 2210048 bytes | Modified Date = 4-4-2007 13:46:52 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 built by: WinDDK | Size = 676096 bytes | Modified Date = 22-7-2004 23:24:52 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 12-1-2006 19:52:32 | Attr = ]
ACTray -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.42 | Size = 413696 bytes | Modified Date = 5-7-2007 14:58:40 | Attr = ]
ACWLIcon -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.42 | Size = 126976 bytes | Modified Date = 5-7-2007 14:51:48 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 6-2-2007 21:00:00 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21-12-2007 19:19:26 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 16-6-2004 18:53:02 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 16-6-2004 18:53:34 | Attr = ]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 2-10-2006 10:19:48 | Attr = ]
TVT Scheduler Proxy -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 540672 bytes | Modified Date = 1-8-2007 11:07:46 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< Jp Startup Folder > -> C:\Documents and Settings\Jp\Menu Start\Programma's\Opstarten ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20-12-2006 13:55:48 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19-4-2007 13:41:36 | Attr = ]
ACNotify -> ACNotify.dll -> File not found
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 6-2-2007 23:34:40 | Attr = ]
tpfnf2 -> %System32%\notifyf2.dll -> [Ver = | Size = 28672 bytes | Modified Date = 5-7-2005 23:45:08 | Attr = ]
tphotkey -> %System32%\tphklock.dll -> [Ver = | Size = 24576 bytes | Modified Date = 30-11-2005 20:16:02 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (773 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.be/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> www.google.be[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12-1-2006 19:38:22 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
{A2510B92-6ECA-4D10-88E1-B027F29786A1} [HKEY_LOCAL_MACHINE] -> %System32%\cscuit.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 104960 bytes | Modified Date = 4-8-2004 9:03:08 | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 23-9-2005 20:41:42 | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 23-9-2005 20:41:42 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\InprocServer32 does not exist or could not be opened. [Reg Error: Key SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478} does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32 does not exist or could not be opened. [Reg Error: Key SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} does not exist or could not be opened.] -> File not found
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\InprocServer32 does not exist or could not be opened. [Adobe PDF] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263} does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683} does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Convert link target to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert link target to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0D2EB075-9467-4A92-9E48-4572BA71008E} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{1295A813-C2E2-4BB5-9441-3903327B7317} -> (Intel® PRO/1000 MT Mobile Connection) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\\InprocServer32 does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\\InprocServer32 does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[Symantec AntiVirus scanner] ->
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> http://www-307.ibm.com/pc/support/acpir.cab[IASRunner Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupd...b?1193020774116[WUWebControl Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[Symantec RuFSI Utility Class] ->
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.4.1/...all-141-win.cab[Java Plug-in 1.4.1] ->


[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = Mijn huidige introductiepagina ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\NetCache\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\\NonBestEffortLimit -> 50 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 399360 bytes | Modified Date = 4-8-2004 9:03:28 | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 18-4-2007 17:15:26 | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 56832 bytes | Modified Date = 4-8-2004 9:03:36 | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 11-10-2007 0:53:58 | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
ĺ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Homepage -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserOptions -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 21-12-2007 20:13:10 | Attr = RH ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146357248 bytes | Created Date = 22-12-2007 5:04:02 | Attr = HS]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI -> [Ver = | Size = 40 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 0 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
Brownie.ini -> %SystemRoot%\Brownie.ini -> [Ver = | Size = 23 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 26 bytes | Created Date = 13-12-2007 11:52:31 | Attr = ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI -> [Ver = | Size = 145 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 462 bytes | Created Date = 13-12-2007 11:52:31 | Attr = ]
bw6050.ini -> %SystemRoot%\bw6050.ini -> [Ver = | Size = 0 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
hl-6050.ini -> %SystemRoot%\hl-6050.ini -> [Ver = | Size = 8634 bytes | Created Date = 13-12-2007 11:52:50 | Attr = ]
BRDIAG.HLP -> %System32%\BRDIAG.HLP -> [Ver = | Size = 173868 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
Brdiag2.exe -> %System32%\Brdiag2.exe -> brother Industries, Ltd [Ver = 2.53 | Size = 184320 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRDIAG2.HLP -> %System32%\BRDIAG2.HLP -> [Ver = | Size = 162057 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRGSRC16.DLL -> %System32%\BRGSRC16.DLL -> [Ver = | Size = 4608 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRGSRC32.DLL -> %System32%\BRGSRC32.DLL -> [Ver = | Size = 26624 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
brlm03a.dll -> %System32%\brlm03a.dll -> brother Industries Ltd [Ver = 0, 0, 1, 2 | Size = 21583 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BROSNMP.DLL -> %System32%\BROSNMP.DLL -> [Ver = | Size = 77824 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
brrbtool.exe -> %System32%\brrbtool.exe -> Brother Industries Ltd [Ver = 1.16 | Size = 65536 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRSPL03D.DLL -> %System32%\BRSPL03D.DLL -> Brother Industries, Ltd [Ver = 1.05 | Size = 163840 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRSPL03D.EXE -> %System32%\BRSPL03D.EXE -> Brother Industries,ltd [Ver = 3.70 | Size = 131072 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRSS01A.EXE -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
brss01a.ini -> %System32%\brss01a.ini -> [Ver = | Size = 30 bytes | Created Date = 13-12-2007 11:52:30 | Attr = ]
brsvc01a.bsi -> %System32%\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Created Date = 13-12-2007 11:52:29 | Attr = ]
BRSVC01A.EXE -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRVPD95A.DLL -> %System32%\BRVPD95A.DLL -> brother industries, ltd [Ver = 1.03 | Size = 40960 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRVPDNTA.DLL -> %System32%\BRVPDNTA.DLL -> brother Industries Ltd [Ver = 1, 0, 2, 0 | Size = 49152 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BrWebIns.dll -> %System32%\BrWebIns.dll -> brother [Ver = 1, 0, 9, 1 | Size = 81920 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRWEBUP.EXE -> %System32%\BRWEBUP.EXE -> brother [Ver = 1, 0, 8, 2 | Size = 65536 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
PDRVINST.DLL -> %System32%\PDRVINST.DLL -> brother [Ver = 1, 2, 3, 0 | Size = 184320 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 21-12-2007 19:19:45 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 21-12-2007 19:19:44 | Attr = ]
BRPAR.SYS -> %System32%\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Created Date = 13-12-2007 11:52:51 | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 18-12-2007 6:55:51 | Attr = ]
[File Created- Additional Folder Scans - Non-Microsoft Only]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Created Date = 21-12-2007 18:44:13 | Attr = ]
SecTaskMan -> %AllUsersAppData%\SecTaskMan -> [Folder | Created Date = 12-12-2007 13:32:45 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Created Date = 21-12-2007 19:20:02 | Attr = ]
Brother -> %UserAppData%\Brother -> [Folder | Created Date = 13-12-2007 11:53:45 | Attr = R ]
Help -> %UserAppData%\Help -> [Folder | Created Date = 18-12-2007 6:50:23 | Attr = ]
Smart PC Solutions -> %UserAppData%\Smart PC Solutions -> [Folder | Created Date = 12-12-2007 13:16:29 | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 20-12-2007 23:35:54 | Attr = ]
VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Created Date = 20-12-2007 23:53:35 | Attr = ]
Help -> %LocalAppData%\Help -> [Folder | Created Date = 18-12-2007 6:50:23 | Attr = ]
5 Wynthein-Seynaeve.pdf -> %UserDocuments%\5 Wynthein-Seynaeve.pdf -> [Ver = | Size = 29960 bytes | Created Date = 14-12-2007 16:49:51 | Attr = ]
Baeckelandt-DeSnijder.pdf -> %UserDocuments%\Baeckelandt-DeSnijder.pdf -> [Ver = | Size = 9114 bytes | Created Date = 14-12-2007 16:46:58 | Attr = ]
Brother's Keeper 6 .pdf -> %UserDocuments%\Brother's Keeper 6 .pdf -> [Ver = | Size = 65281 bytes | Created Date = 2-1-2008 1:20:54 | Attr = ]
Creative Natuurfotografie.pps -> %UserDocuments%\Creative Natuurfotografie.pps -> [Ver = | Size = 4511744 bytes | Created Date = 7-12-2007 11:17:47 | Attr = ]
Desc Masschaele - DeSopper.pdf -> %UserDocuments%\Desc Masschaele - DeSopper.pdf -> [Ver = | Size = 19381 bytes | Created Date = 16-12-2007 4:42:36 | Attr = ]
Desc Petrus Jacobus Seynaeve.pdf -> %UserDocuments%\Desc Petrus Jacobus Seynaeve.pdf -> [Ver = | Size = 26133 bytes | Created Date = 14-12-2007 19:04:08 | Attr = ]
DeSnijder-Seynaeve.pdf -> %UserDocuments%\DeSnijder-Seynaeve.pdf -> [Ver = | Size = 8080 bytes | Created Date = 14-12-2007 16:11:10 | Attr = ]
Doc1.doc -> %UserDocuments%\Doc1.doc -> [Ver = | Size = 285184 bytes | Created Date = 30-12-2007 7:36:53 | Attr = ]
HSeynaeveBens1919.jpg -> %UserDocuments%\HSeynaeveBens1919.jpg -> [Ver = | Size = 248076 bytes | Created Date = 14-12-2007 17:09:16 | Attr = ]
HSeynaeveBensbis1919.jpg -> %UserDocuments%\HSeynaeveBensbis1919.jpg -> [Ver = | Size = 132058 bytes | Created Date = 14-12-2007 17:09:22 | Attr = ]
List Baeckelandt.pdf -> %UserDocuments%\List Baeckelandt.pdf -> [Ver = | Size = 7088 bytes | Created Date = 14-12-2007 17:05:00 | Attr = ]
Masschaele Henri.pdf -> %UserDocuments%\Masschaele Henri.pdf -> [Ver = | Size = 36611 bytes | Created Date = 15-12-2007 13:45:15 | Attr = ]
Masschaele-DeSopper HK.pdf -> %UserDocuments%\Masschaele-DeSopper HK.pdf -> [Ver = | Size = 19994 bytes | Created Date = 14-12-2007 19:12:19 | Attr = ]
Masschaele-Velle Desc reg.pdf -> %UserDocuments%\Masschaele-Velle Desc reg.pdf -> [Ver = | Size = 30341 bytes | Created Date = 15-12-2007 0:05:46 | Attr = ]
revosetup.rar -> %UserDocuments%\revosetup.rar -> [Ver = | Size = 217996 bytes | Created Date = 7-12-2007 8:34:53 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\revosetup.rar:Zone.Identifier
Seynaeve-Baeckelandt H.pdf -> %UserDocuments%\Seynaeve-Baeckelandt H.pdf -> [Ver = | Size = 8861 bytes | Created Date = 14-12-2007 16:33:10 | Attr = ]
Seynaeve-DeCleir.pdf -> %UserDocuments%\Seynaeve-DeCleir.pdf -> [Ver = | Size = 35310 bytes | Created Date = 15-12-2007 18:59:01 | Attr = ]
Seynaeve-DeKeyser.pdf -> %UserDocuments%\Seynaeve-DeKeyser.pdf -> [Ver = | Size = 8030 bytes | Created Date = 14-12-2007 16:28:19 | Attr = ]
Seynaeve-Scheldeman-Myny.pdf -> %UserDocuments%\Seynaeve-Scheldeman-Myny.pdf -> [Ver = | Size = 31910 bytes | Created Date = 14-12-2007 17:08:15 | Attr = ]
VANGHELUWE_BMB_20071216.pdf -> %UserDocuments%\VANGHELUWE_BMB_20071216.pdf -> [Ver = | Size = 8354 bytes | Created Date = 16-12-2007 17:07:59 | Attr = ]
Verzoekschrift-Grondwettelijk-Hof.pdf -> %UserDocuments%\Verzoekschrift-Grondwettelijk-Hof.pdf -> [Ver = | Size = 531246 bytes | Created Date = 5-12-2007 20:25:23 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1801 bytes | Created Date = 21-12-2007 0:29:34 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1801 bytes | Created Date = 21-12-2007 0:29:33 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1543 bytes | Created Date = 21-12-2007 19:19:46 | Attr = ]
HL-6050 Interactieve Help.lnk -> %AllUsersDesktop%\HL-6050 Interactieve Help.lnk -> [Ver = | Size = 1782 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 791 bytes | Created Date = 22-12-2007 4:16:30 | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 22-12-2007 4:13:24 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 22-12-2007 1:54:05 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 22-12-2007 1:53:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 928 bytes | Created Date = 7-12-2007 8:39:14 | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 944 bytes | Created Date = 21-12-2007 17:01:54 | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 22-12-2007 4:15:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 2-1-2008 20:27:51 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 592910 bytes | Created Date = 2-1-2008 20:25:45 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 1-1-2008 8:43:21 | Attr = RH ]
BK6DATA.ZIP -> %SystemDrive%\BK6DATA.ZIP -> [Ver = | Size = 1459286 bytes | Modified Date = 11-12-2007 18:49:46 | Attr = ]
BKEVENT.DT6 -> %SystemDrive%\BKEVENT.DT6 -> [Ver = | Size = 2874368 bytes | Modified Date = 1-1-2008 4:03:11 | Attr = ]
BKFIXFLE.SAV -> %SystemDrive%\BKFIXFLE.SAV -> [Ver = | Size = 696232 bytes | Modified Date = 1-1-2008 4:11:19 | Attr = ]
BKLOCATE.DT6 -> %SystemDrive%\BKLOCATE.DT6 -> [Ver = | Size = 487424 bytes | Modified Date = 1-1-2008 4:01:41 | Attr = ]
BKMARR.DT6 -> %SystemDrive%\BKMARR.DT6 -> [Ver = | Size = 568320 bytes | Modified Date = 1-1-2008 4:02:31 | Attr = ]
BKMESSG.DT6 -> %SystemDrive%\BKMESSG.DT6 -> [Ver = | Size = 131072 bytes | Modified Date = 1-1-2008 3:55:15 | Attr = ]
BKOTHER.DT6 -> %SystemDrive%\BKOTHER.DT6 -> [Ver = | Size = 846848 bytes | Modified Date = 1-1-2008 4:02:26 | Attr = ]
BKPERSON.DT6 -> %SystemDrive%\BKPERSON.DT6 -> [Ver = | Size = 2723840 bytes | Modified Date = 1-1-2008 4:11:18 | Attr = ]
BKSOURCE.DT6 -> %SystemDrive%\BKSOURCE.DT6 -> [Ver = | Size = 32768 bytes | Modified Date = 27-12-2007 13:46:44 | Attr = ]
BKSOURPT.DT6 -> %SystemDrive%\BKSOURPT.DT6 -> [Ver = | Size = 15360 bytes | Modified Date = 27-12-2007 13:46:44 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 22-12-2007 4:16:33 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146357248 bytes | Modified Date = 31-12-2007 3:36:33 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28-12-2007 3:19:20 | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2-1-2008 1:18:11 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 22-12-2007 3:17:18 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 31-12-2007 3:36:37 | Attr = S]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI -> [Ver = | Size = 40 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 0 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
Brownie.ini -> %SystemRoot%\Brownie.ini -> [Ver = | Size = 23 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 26 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI -> [Ver = | Size = 145 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 462 bytes | Modified Date = 13-12-2007 12:20:23 | Attr = ]
bw6050.ini -> %SystemRoot%\bw6050.ini -> [Ver = | Size = 0 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 26-12-2007 5:04:20 | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 25-12-2007 5:25:57 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 26-12-2007 2:57:48 | Attr = S]
hl-6050.ini -> %SystemRoot%\hl-6050.ini -> [Ver = | Size = 8634 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 22-12-2007 3:20:49 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 29-12-2007 15:44:30 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 22-12-2007 4:16:34 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2-1-2008 20:29:13 | Attr = ]
MKDEWE.TRN -> %SystemRoot%\MKDEWE.TRN -> [Ver = | Size = 2048 bytes | Modified Date = 2-1-2008 2:41:17 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2-1-2008 20:28:22 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 21-12-2007 19:19:04 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 30-12-2007 2:22:35 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 22-12-2007 11:53:00 | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 2-1-2008 18:26:35 | Attr = ]
FRU Task #Hewlett-Packard#hp psc 1200 series#1195555778.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1195555778.job -> [Ver = | Size = 384 bytes | Modified Date = 22-12-2007 11:52:07 | Attr = ]
RegistrySmart Scheduled Scan.job -> %SystemRoot%\tasks\RegistrySmart Scheduled Scan.job -> [Ver = | Size = 420 bytes | Modified Date = 1-1-2008 3:30:00 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 31-12-2007 3:36:50 | Attr = H ]
brss01a.ini -> %System32%\brss01a.ini -> [Ver = | Size = 30 bytes | Modified Date = 13-12-2007 11:52:30 | Attr = ]
brsvc01a.bsi -> %System32%\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Modified Date = 13-12-2007 11:52:29 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 18-12-2007 6:55:55 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 30-12-2007 5:16:41 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 22-12-2007 3:21:34 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 22-12-2007 3:21:33 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353365 bytes | Modified Date = 31-12-2007 3:36:47 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 22-12-2007 3:15:12 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 18-12-2007 6:57:00 | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 18-12-2007 6:58:26 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21-12-2007 19:19:45 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 21-12-2007 19:19:44 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 11245600 bytes | Modified Date = 2-1-2008 20:25:09 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 117500 bytes | Modified Date = 31-12-2007 2:50:52 | Attr = HS]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:57 PM

Posted 02 January 2008 - 06:24 PM

Hi jpmaurice. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

I saw an entry for SuperAnti-Spyware in the log. If you have that installed you can use that inplace of AVG Anti-Spyware. Just update SAS and run it where AVG AS is supposed to run. Both are good and I just need the report from one of them.

If you either do not have SuperAnti-Spyware any longer or want to use AVG Anti-Spyware then follow the directions below to download, install, and configure AVG AS:

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3%U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (fdpteznk) fdpteznk [Kernel | Boot | Running] -> %System32%\drivers\dohqarui.dat
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {A2510B92-6ECA-4D10-88E1-B027F29786A1} [HKEY_LOCAL_MACHINE] -> %System32%\cscuit.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\InprocServer32 does not exist or could not be opened. [Reg Error: Key SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478} does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32 does not exist or could not be opened. [Reg Error: Key SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} does not exist or could not be opened.]
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot into SafeMode (if you are not asked to reboot then reboot manually into SafeMode) by doing the following:

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • a new WinPFind35U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

Edited by OldTimer, 02 January 2008 - 06:24 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 jpmaurice

jpmaurice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 03 January 2008 - 02:30 AM

Dear Oldtimer

Hello again from Europ.
I followed all instructions you gave me - but there is no result yet.
I used the AVG AntiSpyware but its impossible to retrieve a report from it although all settings are correct.
There are 2 identical elements in quarantaine = BHO.AGZ trojan.

The taskbar on my desktop has changed after reboot in normal mode.

The WinPFind35U report and the latest logfile

WinPFind35 logfile created on: 3-1-2008 8:09:18
WinPFind35U Version Beta18 Folder = C:\Documents and Settings\Jp\Bureaublad\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

2,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 77,28% Memory free
3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32,82 Gb Total Space | 15,56 Gb Free Space | 47,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: IBM-20DD82AB5D8
Current User Name: Jp
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> Lenovo [Ver = 1.43 | Size = 36400 bytes | Modified Date = 31-5-2007 19:02:06 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 1-6-2007 10:48:24 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29-10-2007 13:27:04 | Attr = ]
brsvc01a.exe -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Modified Date = 27-8-2003 17:00:00 | Attr = ]
brss01a.exe -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12-12-2001 17:01:00 | Attr = ]
acprfmgrsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.42 | Size = 65536 bytes | Modified Date = 5-7-2007 15:05:04 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30-5-2007 13:31:10 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24-10-2007 8:15:56 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-10-2007 1:06:14 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21-12-2007 14:12:53 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 647168 bytes | Modified Date = 1-6-2007 11:00:20 | Attr = ]
rrpcsb.exe -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-3-2004 21:21:10 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0 | Size = 327680 bytes | Modified Date = 1-6-2007 10:41:30 | Attr = ]
suservice.exe -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 24-10-2007 12:58:00 | Attr = ]
tphdexlg.exe -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.53.0.1 | Size = 37424 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
tpkmpsvc.exe -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12-7-2003 2:19:22 | Attr = ]
tvtsched.exe -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 1126400 bytes | Modified Date = 1-8-2007 11:07:38 | Attr = ]
acsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.42 | Size = 184320 bytes | Modified Date = 5-7-2007 15:03:32 | Attr = ]
svcguihlpr.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> Lenovo [Ver = 4.42 | Size = 114688 bytes | Modified Date = 5-7-2007 15:04:18 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 16-6-2004 18:53:34 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 16-6-2004 18:53:02 | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 12-1-2006 19:52:32 | Attr = ]
scheduler_proxy.exe -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 540672 bytes | Modified Date = 1-8-2007 11:07:46 | Attr = ]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 2-10-2006 10:19:48 | Attr = ]
actray.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.42 | Size = 413696 bytes | Modified Date = 5-7-2007 14:58:40 | Attr = ]
acwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.42 | Size = 126976 bytes | Modified Date = 5-7-2007 14:51:48 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21-12-2007 19:19:26 | Attr = ]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 5-7-2005 14:57:12 | Attr = ]
tpscrex.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe -> Lenovo Group Limited [Ver = 1.17 | Size = 86016 bytes | Modified Date = 30-5-2006 15:05:42 | Attr = ]
unavtray.exe -> %ProgramFiles%\ThinkPad\UltraNav-wizard\UNavTray.exe -> IBM Corporation [Ver = 1,0,0,1 | Size = 229376 bytes | Modified Date = 22-8-2003 10:01:00 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 422912 bytes | Modified Date = 1-1-2008 19:28:46 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29-10-2007 13:27:04 | Attr = ]
(AcPrfMgrSvc) Ac Profile Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.42 | Size = 65536 bytes | Modified Date = 5-7-2007 15:05:04 | Attr = ]
(AcSvc) Access Connections Main Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.42 | Size = 184320 bytes | Modified Date = 5-7-2007 15:03:32 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30-5-2007 13:31:10 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24-10-2007 8:15:56 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-10-2007 1:06:14 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21-12-2007 14:12:53 | Attr = ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Modified Date = 27-8-2003 17:00:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative-service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 4-8-2004 9:03:28 | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 647168 bytes | Modified Date = 1-6-2007 11:00:20 | Attr = ]
(IBM Rapid Restore Ultra Service) IBM Rapid Restore Ultra Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-3-2004 21:21:10 | Attr = ]
(IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> Lenovo [Ver = 1.43 | Size = 36400 bytes | Modified Date = 31-5-2007 19:02:06 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Disabled | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0 | Size = 327680 bytes | Modified Date = 1-6-2007 10:41:30 | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 1-6-2007 10:48:24 | Attr = ]
(SUService) System Update [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 24-10-2007 12:58:00 | Attr = ]
(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Win32_Own | Auto | Running] -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.53.0.1 | Size = 37424 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12-7-2003 2:19:22 | Attr = ]
(TVT Scheduler) TVT Scheduler [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 1126400 bytes | Modified Date = 1-8-2007 11:07:38 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11-6-2007 10:25:42 | Attr = ]
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 12-1-2006 19:52:32 | Attr = ]
ACTray -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.42 | Size = 413696 bytes | Modified Date = 5-7-2007 14:58:40 | Attr = ]
ACWLIcon -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.42 | Size = 126976 bytes | Modified Date = 5-7-2007 14:51:48 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 6-2-2007 21:00:00 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21-12-2007 19:19:26 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 16-6-2004 18:53:02 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 16-6-2004 18:53:34 | Attr = ]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 2-10-2006 10:19:48 | Attr = ]
TVT Scheduler Proxy -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 540672 bytes | Modified Date = 1-8-2007 11:07:46 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< Jp Startup Folder > -> C:\Documents and Settings\Jp\Menu Start\Programma's\Opstarten ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30-5-2007 13:29:58 | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20-12-2006 13:55:48 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19-4-2007 13:41:36 | Attr = ]
ACNotify -> ACNotify.dll -> File not found
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 6-2-2007 23:34:40 | Attr = ]
tpfnf2 -> %System32%\notifyf2.dll -> [Ver = | Size = 28672 bytes | Modified Date = 5-7-2005 23:45:08 | Attr = ]
tphotkey -> %System32%\tphklock.dll -> [Ver = | Size = 24576 bytes | Modified Date = 30-11-2005 20:16:02 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
< HOSTS File > (773 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.be/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> www.google.be[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12-1-2006 19:38:22 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
{A2510B92-6ECA-4D10-88E1-B027F29786A1} [HKEY_LOCAL_MACHINE] -> %System32%\cscuit.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 104960 bytes | Modified Date = 4-8-2004 9:03:08 | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 23-9-2005 20:41:42 | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 23-9-2005 20:41:42 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\InprocServer32 does not exist or could not be opened. [Adobe PDF] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263} does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683} does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Convert link target to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert link target to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0D2EB075-9467-4A92-9E48-4572BA71008E} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{1295A813-C2E2-4BB5-9441-3903327B7317} -> (Intel® PRO/1000 MT Mobile Connection) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\\InprocServer32 does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\\InprocServer32 does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[Symantec AntiVirus scanner] ->
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> http://www-307.ibm.com/pc/support/acpir.cab[IASRunner Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupd...b?1193020774116[WUWebControl Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[Symantec RuFSI Utility Class] ->
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.4.1/...all-141-win.cab[Java Plug-in 1.4.1] ->


[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = Mijn huidige introductiepagina ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\NetCache\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\\NonBestEffortLimit -> 50 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 399360 bytes | Modified Date = 4-8-2004 9:03:28 | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 18-4-2007 17:15:26 | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 56832 bytes | Modified Date = 4-8-2004 9:03:36 | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 11-10-2007 0:53:58 | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
ĺ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Homepage -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserOptions -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 21-12-2007 20:13:10 | Attr = RH ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146357248 bytes | Created Date = 3-1-2008 8:05:17 | Attr = HS]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI -> [Ver = | Size = 40 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 0 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
Brownie.ini -> %SystemRoot%\Brownie.ini -> [Ver = | Size = 23 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 26 bytes | Created Date = 13-12-2007 11:52:31 | Attr = ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI -> [Ver = | Size = 145 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 462 bytes | Created Date = 13-12-2007 11:52:31 | Attr = ]
bw6050.ini -> %SystemRoot%\bw6050.ini -> [Ver = | Size = 0 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
hl-6050.ini -> %SystemRoot%\hl-6050.ini -> [Ver = | Size = 8634 bytes | Created Date = 13-12-2007 11:52:50 | Attr = ]
BRDIAG.HLP -> %System32%\BRDIAG.HLP -> [Ver = | Size = 173868 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
Brdiag2.exe -> %System32%\Brdiag2.exe -> brother Industries, Ltd [Ver = 2.53 | Size = 184320 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRDIAG2.HLP -> %System32%\BRDIAG2.HLP -> [Ver = | Size = 162057 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRGSRC16.DLL -> %System32%\BRGSRC16.DLL -> [Ver = | Size = 4608 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRGSRC32.DLL -> %System32%\BRGSRC32.DLL -> [Ver = | Size = 26624 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
brlm03a.dll -> %System32%\brlm03a.dll -> brother Industries Ltd [Ver = 0, 0, 1, 2 | Size = 21583 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BROSNMP.DLL -> %System32%\BROSNMP.DLL -> [Ver = | Size = 77824 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
brrbtool.exe -> %System32%\brrbtool.exe -> Brother Industries Ltd [Ver = 1.16 | Size = 65536 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRSPL03D.DLL -> %System32%\BRSPL03D.DLL -> Brother Industries, Ltd [Ver = 1.05 | Size = 163840 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRSPL03D.EXE -> %System32%\BRSPL03D.EXE -> Brother Industries,ltd [Ver = 3.70 | Size = 131072 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRSS01A.EXE -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
brss01a.ini -> %System32%\brss01a.ini -> [Ver = | Size = 30 bytes | Created Date = 13-12-2007 11:52:30 | Attr = ]
brsvc01a.bsi -> %System32%\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Created Date = 13-12-2007 11:52:29 | Attr = ]
BRSVC01A.EXE -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRVPD95A.DLL -> %System32%\BRVPD95A.DLL -> brother industries, ltd [Ver = 1.03 | Size = 40960 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRVPDNTA.DLL -> %System32%\BRVPDNTA.DLL -> brother Industries Ltd [Ver = 1, 0, 2, 0 | Size = 49152 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BrWebIns.dll -> %System32%\BrWebIns.dll -> brother [Ver = 1, 0, 9, 1 | Size = 81920 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRWEBUP.EXE -> %System32%\BRWEBUP.EXE -> brother [Ver = 1, 0, 8, 2 | Size = 65536 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
PDRVINST.DLL -> %System32%\PDRVINST.DLL -> brother [Ver = 1, 2, 3, 0 | Size = 184320 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 3-1-2008 1:19:14 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 21-12-2007 19:19:45 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 21-12-2007 19:19:44 | Attr = ]
BRPAR.SYS -> %System32%\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Created Date = 13-12-2007 11:52:51 | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 18-12-2007 6:55:51 | Attr = ]
[File Created- Additional Folder Scans - Non-Microsoft Only]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Created Date = 21-12-2007 18:44:13 | Attr = ]
SecTaskMan -> %AllUsersAppData%\SecTaskMan -> [Folder | Created Date = 12-12-2007 13:32:45 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Created Date = 21-12-2007 19:20:02 | Attr = ]
Brother -> %UserAppData%\Brother -> [Folder | Created Date = 13-12-2007 11:53:45 | Attr = R ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 3-1-2008 1:19:41 | Attr = ]
Help -> %UserAppData%\Help -> [Folder | Created Date = 18-12-2007 6:50:23 | Attr = ]
Smart PC Solutions -> %UserAppData%\Smart PC Solutions -> [Folder | Created Date = 12-12-2007 13:16:29 | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 20-12-2007 23:35:54 | Attr = ]
VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Created Date = 20-12-2007 23:53:35 | Attr = ]
Help -> %LocalAppData%\Help -> [Folder | Created Date = 18-12-2007 6:50:23 | Attr = ]
5 Wynthein-Seynaeve.pdf -> %UserDocuments%\5 Wynthein-Seynaeve.pdf -> [Ver = | Size = 29960 bytes | Created Date = 14-12-2007 16:49:51 | Attr = ]
Baeckelandt-DeSnijder.pdf -> %UserDocuments%\Baeckelandt-DeSnijder.pdf -> [Ver = | Size = 9114 bytes | Created Date = 14-12-2007 16:46:58 | Attr = ]
Brother's Keeper 6 .pdf -> %UserDocuments%\Brother's Keeper 6 .pdf -> [Ver = | Size = 65281 bytes | Created Date = 2-1-2008 1:20:54 | Attr = ]
Creative Natuurfotografie.pps -> %UserDocuments%\Creative Natuurfotografie.pps -> [Ver = | Size = 4511744 bytes | Created Date = 7-12-2007 11:17:47 | Attr = ]
Desc Masschaele - DeSopper.pdf -> %UserDocuments%\Desc Masschaele - DeSopper.pdf -> [Ver = | Size = 19381 bytes | Created Date = 16-12-2007 4:42:36 | Attr = ]
Desc Petrus Jacobus Seynaeve.pdf -> %UserDocuments%\Desc Petrus Jacobus Seynaeve.pdf -> [Ver = | Size = 26133 bytes | Created Date = 14-12-2007 19:04:08 | Attr = ]
DeSnijder-Seynaeve.pdf -> %UserDocuments%\DeSnijder-Seynaeve.pdf -> [Ver = | Size = 8080 bytes | Created Date = 14-12-2007 16:11:10 | Attr = ]
Doc1.doc -> %UserDocuments%\Doc1.doc -> [Ver = | Size = 285184 bytes | Created Date = 30-12-2007 7:36:53 | Attr = ]
HSeynaeveBens1919.jpg -> %UserDocuments%\HSeynaeveBens1919.jpg -> [Ver = | Size = 248076 bytes | Created Date = 14-12-2007 17:09:16 | Attr = ]
HSeynaeveBensbis1919.jpg -> %UserDocuments%\HSeynaeveBensbis1919.jpg -> [Ver = | Size = 132058 bytes | Created Date = 14-12-2007 17:09:22 | Attr = ]
List Baeckelandt.pdf -> %UserDocuments%\List Baeckelandt.pdf -> [Ver = | Size = 7088 bytes | Created Date = 14-12-2007 17:05:00 | Attr = ]
Masschaele Henri.pdf -> %UserDocuments%\Masschaele Henri.pdf -> [Ver = | Size = 36611 bytes | Created Date = 15-12-2007 13:45:15 | Attr = ]
Masschaele-DeSopper HK.pdf -> %UserDocuments%\Masschaele-DeSopper HK.pdf -> [Ver = | Size = 19994 bytes | Created Date = 14-12-2007 19:12:19 | Attr = ]
Masschaele-Velle Desc reg.pdf -> %UserDocuments%\Masschaele-Velle Desc reg.pdf -> [Ver = | Size = 30341 bytes | Created Date = 15-12-2007 0:05:46 | Attr = ]
revosetup.rar -> %UserDocuments%\revosetup.rar -> [Ver = | Size = 217996 bytes | Created Date = 7-12-2007 8:34:53 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\revosetup.rar:Zone.Identifier
Seynaeve-Baeckelandt H.pdf -> %UserDocuments%\Seynaeve-Baeckelandt H.pdf -> [Ver = | Size = 8861 bytes | Created Date = 14-12-2007 16:33:10 | Attr = ]
Seynaeve-DeCleir.pdf -> %UserDocuments%\Seynaeve-DeCleir.pdf -> [Ver = | Size = 35310 bytes | Created Date = 15-12-2007 18:59:01 | Attr = ]
Seynaeve-DeKeyser.pdf -> %UserDocuments%\Seynaeve-DeKeyser.pdf -> [Ver = | Size = 8030 bytes | Created Date = 14-12-2007 16:28:19 | Attr = ]
Seynaeve-Scheldeman-Myny.pdf -> %UserDocuments%\Seynaeve-Scheldeman-Myny.pdf -> [Ver = | Size = 31910 bytes | Created Date = 14-12-2007 17:08:15 | Attr = ]
VANGHELUWE_BMB_20071216.pdf -> %UserDocuments%\VANGHELUWE_BMB_20071216.pdf -> [Ver = | Size = 8354 bytes | Created Date = 16-12-2007 17:07:59 | Attr = ]
Verzoekschrift-Grondwettelijk-Hof.pdf -> %UserDocuments%\Verzoekschrift-Grondwettelijk-Hof.pdf -> [Ver = | Size = 531246 bytes | Created Date = 5-12-2007 20:25:23 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1801 bytes | Created Date = 21-12-2007 0:29:34 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1801 bytes | Created Date = 21-12-2007 0:29:33 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1543 bytes | Created Date = 21-12-2007 19:19:46 | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 860 bytes | Created Date = 3-1-2008 1:19:18 | Attr = ]
HL-6050 Interactieve Help.lnk -> %AllUsersDesktop%\HL-6050 Interactieve Help.lnk -> [Ver = | Size = 1782 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 791 bytes | Created Date = 22-12-2007 4:16:30 | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 22-12-2007 4:13:24 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier
avgas-setup-7.5.1.43.exe -> %UserDesktop%\avgas-setup-7.5.1.43.exe -> [Ver = | Size = 12413440 bytes | Created Date = 3-1-2008 1:18:23 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 22-12-2007 1:54:05 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 22-12-2007 1:53:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 928 bytes | Created Date = 7-12-2007 8:39:14 | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 944 bytes | Created Date = 21-12-2007 17:01:54 | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 22-12-2007 4:15:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 2-1-2008 20:27:51 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 592910 bytes | Created Date = 2-1-2008 20:25:45 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 1-1-2008 8:43:21 | Attr = RH ]
BK6DATA.ZIP -> %SystemDrive%\BK6DATA.ZIP -> [Ver = | Size = 1459286 bytes | Modified Date = 11-12-2007 18:49:46 | Attr = ]
BKEVENT.DT6 -> %SystemDrive%\BKEVENT.DT6 -> [Ver = | Size = 2874368 bytes | Modified Date = 1-1-2008 4:03:11 | Attr = ]
BKFIXFLE.SAV -> %SystemDrive%\BKFIXFLE.SAV -> [Ver = | Size = 696232 bytes | Modified Date = 1-1-2008 4:11:19 | Attr = ]
BKLOCATE.DT6 -> %SystemDrive%\BKLOCATE.DT6 -> [Ver = | Size = 487424 bytes | Modified Date = 1-1-2008 4:01:41 | Attr = ]
BKMARR.DT6 -> %SystemDrive%\BKMARR.DT6 -> [Ver = | Size = 568320 bytes | Modified Date = 1-1-2008 4:02:31 | Attr = ]
BKMESSG.DT6 -> %SystemDrive%\BKMESSG.DT6 -> [Ver = | Size = 131072 bytes | Modified Date = 1-1-2008 3:55:15 | Attr = ]
BKOTHER.DT6 -> %SystemDrive%\BKOTHER.DT6 -> [Ver = | Size = 846848 bytes | Modified Date = 1-1-2008 4:02:26 | Attr = ]
BKPERSON.DT6 -> %SystemDrive%\BKPERSON.DT6 -> [Ver = | Size = 2723840 bytes | Modified Date = 1-1-2008 4:11:18 | Attr = ]
BKSOURCE.DT6 -> %SystemDrive%\BKSOURCE.DT6 -> [Ver = | Size = 32768 bytes | Modified Date = 27-12-2007 13:46:44 | Attr = ]
BKSOURPT.DT6 -> %SystemDrive%\BKSOURPT.DT6 -> [Ver = | Size = 15360 bytes | Modified Date = 27-12-2007 13:46:44 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 22-12-2007 4:16:33 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146357248 bytes | Modified Date = 3-1-2008 8:05:17 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28-12-2007 3:19:20 | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3-1-2008 8:05:45 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 22-12-2007 3:17:18 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3-1-2008 8:05:21 | Attr = S]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI -> [Ver = | Size = 40 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 0 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
Brownie.ini -> %SystemRoot%\Brownie.ini -> [Ver = | Size = 23 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 26 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI -> [Ver = | Size = 145 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 462 bytes | Modified Date = 13-12-2007 12:20:23 | Attr = ]
bw6050.ini -> %SystemRoot%\bw6050.ini -> [Ver = | Size = 0 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 26-12-2007 5:04:20 | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 25-12-2007 5:25:57 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 26-12-2007 2:57:48 | Attr = S]
hl-6050.ini -> %SystemRoot%\hl-6050.ini -> [Ver = | Size = 8634 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 22-12-2007 3:20:49 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 29-12-2007 15:44:30 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 22-12-2007 4:16:34 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 3-1-2008 8:08:23 | Attr = ]
MKDEWE.TRN -> %SystemRoot%\MKDEWE.TRN -> [Ver = | Size = 2048 bytes | Modified Date = 2-1-2008 2:41:17 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3-1-2008 2:29:41 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 21-12-2007 19:19:04 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 30-12-2007 2:22:35 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 22-12-2007 11:53:00 | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 3-1-2008 8:06:01 | Attr = ]
FRU Task #Hewlett-Packard#hp psc 1200 series#1195555778.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1195555778.job -> [Ver = | Size = 384 bytes | Modified Date = 22-12-2007 11:52:07 | Attr = ]
RegistrySmart Scheduled Scan.job -> %SystemRoot%\tasks\RegistrySmart Scheduled Scan.job -> [Ver = | Size = 420 bytes | Modified Date = 1-1-2008 3:30:00 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3-1-2008 8:05:35 | Attr = H ]
brss01a.ini -> %System32%\brss01a.ini -> [Ver = | Size = 30 bytes | Modified Date = 13-12-2007 11:52:30 | Attr = ]
brsvc01a.bsi -> %System32%\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Modified Date = 13-12-2007 11:52:29 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 18-12-2007 6:55:55 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 30-12-2007 5:16:41 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 22-12-2007 3:21:34 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3-1-2008 1:19:14 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353365 bytes | Modified Date = 3-1-2008 8:05:32 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 22-12-2007 3:15:12 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 18-12-2007 6:57:00 | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 18-12-2007 6:58:26 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21-12-2007 19:19:45 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 21-12-2007 19:19:44 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 11296800 bytes | Modified Date = 3-1-2008 8:06:40 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 133412 bytes | Modified Date = 3-1-2008 2:32:48 | Attr = HS]

< End of report >




Explorer killed successfully
[Driver Services - Non-Microsoft Only]
Unable to stop service fdpteznk .
Service fdpteznk deleted successfully.
File C:\WINDOWS\System32\drivers\dohqarui.dat not found.
[Registry - Non-Microsoft Only]
Unable to delete registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2510B92-6ECA-4D10-88E1-B027F29786A1}\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2510B92-6ECA-4D10-88E1-B027F29786A1}\ .
LoadLibrary failed for C:\WINDOWS\System32\cscuit.dll
C:\WINDOWS\System32\cscuit.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\cscuit.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
[Empty Temp Folders]
C:\DOCUME~1\Jp\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Jp\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 01032008_012234


Hope we can come to a solution. Kind regards. JPMAURICE.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:57 PM

Posted 03 January 2008 - 12:04 PM

Hi jpmaurice. What exactly did you mean by "The taskbar on my desktop has changed after reboot in normal mode.". What was the change?

Let's get a little more aggressive with this thing.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

drivers to unload:
fdpteznk

Files to delete:
c:\windows\system32\drivers\dohqarui.dat
c:\windows\system32\cscuit.dll

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2510B92-6ECA-4D10-88E1-B027F29786A1}

registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | {A2510B92-6ECA-4D10-88E1-B027F29786A1}

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh WinPFind35u log by using Add/Reply

I have updated the WinPFind35u program so before running a new WinPFind35u scan, please delete your current copy and download the latest version:

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Security Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 jpmaurice

jpmaurice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 03 January 2008 - 08:42 PM

Hello Dear Oldtimer

1/ Taskbar = the taskbar was chand by the following events : a) the sectioon quick start was removed, :thumbsup: the property to hide icons not in use (on the right side of the bar - this glider effect) was also disabled.

2/ After starting AVENGER a weird thing happenend : a txt-file was under construction with size at the moment I interrupted the process (after 1 hour) of a total 16.598.000 KB (MEANS OVER 16 GYGA !!!!) - Was this intentional behavior ?? You want to receive a copy of this +16 Gigabyte ??? (so-called "log file" ?) My system was near to a total crash.

I also found a 2kb file - Backup.zip - What should I do with the *.txt and the *.zip file ??

Now I will download the new WinPFind35u and will run it following your instructions.

Please give new instructions for this AVENGER. While Avenger was running I got alert messages from my system "in dutch language (yes my system is a Dutch version) " wich told avenger could not execute its commands while the file it wanted to remove was in use by the system.
I think my system tried to block Avenger while Avenger continued its activity by making circles and creating a txt file of 16 Gyga - strange situations.

See you very soon with the WinPFind35u log file.

Kind regards - in hope of success JPMaurice.

#8 jpmaurice

jpmaurice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 03 January 2008 - 08:47 PM

Hello Dear Oldtimer

WinPFind35 logfile created on: 4-1-2008 2:44:16
WinPFind35U Version Beta19 Folder = C:\Documents and Settings\Jp\Bureaublad\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,35% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32,82 Gb Total Space | 2,91 Gb Free Space | 8,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: IBM-20DD82AB5D8
Current User Name: Jp
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> Lenovo [Ver = 1.43 | Size = 36400 bytes | Modified Date = 31-5-2007 19:02:06 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 1-6-2007 10:48:24 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29-10-2007 13:27:04 | Attr = ]
brsvc01a.exe -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Modified Date = 27-8-2003 17:00:00 | Attr = ]
brss01a.exe -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12-12-2001 17:01:00 | Attr = ]
acprfmgrsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.42 | Size = 65536 bytes | Modified Date = 5-7-2007 15:05:04 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24-10-2007 8:15:56 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-10-2007 1:06:14 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21-12-2007 14:12:53 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 647168 bytes | Modified Date = 1-6-2007 11:00:20 | Attr = ]
rrpcsb.exe -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-3-2004 21:21:10 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0 | Size = 327680 bytes | Modified Date = 1-6-2007 10:41:30 | Attr = ]
suservice.exe -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 24-10-2007 12:58:00 | Attr = ]
tphdexlg.exe -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.53.0.1 | Size = 37424 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
tpkmpsvc.exe -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12-7-2003 2:19:22 | Attr = ]
tvtsched.exe -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 1126400 bytes | Modified Date = 1-8-2007 11:07:38 | Attr = ]
acsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.42 | Size = 184320 bytes | Modified Date = 5-7-2007 15:03:32 | Attr = ]
svcguihlpr.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> Lenovo [Ver = 4.42 | Size = 114688 bytes | Modified Date = 5-7-2007 15:04:18 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 16-6-2004 18:53:34 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 16-6-2004 18:53:02 | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 12-1-2006 19:52:32 | Attr = ]
scheduler_proxy.exe -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 540672 bytes | Modified Date = 1-8-2007 11:07:46 | Attr = ]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 2-10-2006 10:19:48 | Attr = ]
actray.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.42 | Size = 413696 bytes | Modified Date = 5-7-2007 14:58:40 | Attr = ]
acwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.42 | Size = 126976 bytes | Modified Date = 5-7-2007 14:51:48 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21-12-2007 19:19:26 | Attr = ]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 5-7-2005 14:57:12 | Attr = ]
tpscrex.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe -> Lenovo Group Limited [Ver = 1.17 | Size = 86016 bytes | Modified Date = 30-5-2006 15:05:42 | Attr = ]
unavtray.exe -> %ProgramFiles%\ThinkPad\UltraNav-wizard\UNavTray.exe -> IBM Corporation [Ver = 1,0,0,1 | Size = 229376 bytes | Modified Date = 22-8-2003 10:01:00 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 435712 bytes | Modified Date = 2-1-2008 20:01:42 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29-10-2007 13:27:04 | Attr = ]
(AcPrfMgrSvc) Ac Profile Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.42 | Size = 65536 bytes | Modified Date = 5-7-2007 15:05:04 | Attr = ]
(AcSvc) Access Connections Main Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.42 | Size = 184320 bytes | Modified Date = 5-7-2007 15:03:32 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24-10-2007 8:15:56 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-10-2007 1:06:14 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21-12-2007 14:12:53 | Attr = ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Modified Date = 27-8-2003 17:00:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative-service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 4-8-2004 9:03:28 | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 647168 bytes | Modified Date = 1-6-2007 11:00:20 | Attr = ]
(IBM Rapid Restore Ultra Service) IBM Rapid Restore Ultra Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-3-2004 21:21:10 | Attr = ]
(IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> Lenovo [Ver = 1.43 | Size = 36400 bytes | Modified Date = 31-5-2007 19:02:06 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Disabled | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0 | Size = 327680 bytes | Modified Date = 1-6-2007 10:41:30 | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 1-6-2007 10:48:24 | Attr = ]
(SUService) System Update [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 24-10-2007 12:58:00 | Attr = ]
(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Win32_Own | Auto | Running] -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.53.0.1 | Size = 37424 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12-7-2003 2:19:22 | Attr = ]
(TVT Scheduler) TVT Scheduler [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 1126400 bytes | Modified Date = 1-8-2007 11:07:38 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 18-8-2001 4:20:04 | Attr = ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.4 | Size = 116176 bytes | Modified Date = 7-4-2004 15:41:38 | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.7.4.0 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Cisco Systems, Inc. [Ver = 3.7.4.0 | Size = 21393 bytes | Modified Date = 2-12-2007 7:16:56 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 18-8-2001 5:51:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 4-8-2004 7:07:44 | Attr = ]
(ANC) ANC [Kernel | System | Running] -> %System32%\drivers\ANC.sys -> IBM Corp. [Ver = 8.3 | Size = 11520 bytes | Modified Date = 8-11-2005 9:27:20 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 18-8-2001 5:52:00 | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 18-8-2001 5:51:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6547 | Size = 1133568 bytes | Modified Date = 6-2-2007 23:38:32 | Attr = ]
(AtmelTpm) AtmelTpm [Kernel | On_Demand | Running] -> %System32%\drivers\AtmelTpm.sys -> Atmel, Inc. [Ver = 2.1.0.56 built by: WinDDK | Size = 40704 bytes | Modified Date = 21-10-2007 16:23:42 | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | Disabled | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 24-10-2007 8:15:50 | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 22-10-2007 1:06:19 | Attr = ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 22-10-2007 1:06:20 | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | Disabled | Running] -> System32\DRIVERS\AvgAsCln.sys -> File not found
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21-12-2007 19:19:45 | Attr = ]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 22-10-2007 1:06:20 | Attr = ]
(BrPar) BrPar [Kernel | Auto | Running] -> %System32%\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Modified Date = 24-7-2000 1:01:00 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | On_Demand | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 7-9-2001 3:02:58 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 18-8-2001 5:52:16 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 4-8-2004 8:57:22 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153856 bytes | Modified Date = 4-8-2004 8:57:24 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 7-9-2001 15:00:00 | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94c | Size = 87168 bytes | Modified Date = 17-8-2004 11:21:00 | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.45a | Size = 40448 bytes | Modified Date = 14-7-2004 10:56:00 | Attr = ]
(E1000) Intel® PRO/1000 Network Connection Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 8.7.9.0 built by: WinDDK | Size = 170392 bytes | Modified Date = 24-10-2006 10:28:48 | Attr = ]
(E100B) Intel® PRO Adapter-stuurprogramma [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 7-9-2001 3:49:42 | Attr = ]
(EGATHDRV) IBM Access Support [Kernel | Auto | Running] -> %System32%\egathdrv.sys -> IBM Corporation [Ver = 2.04 | Size = 5120 bytes | Modified Date = 19-3-2004 20:03:58 | Attr = ]
(fdpteznk) fdpteznk [Kernel | Boot | Running] -> %System32%\drivers\dohqarui.dat -> [Ver = | Size = 18688 bytes | Modified Date = 25-10-2007 8:39:21 | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\drivers\hpzid412.sys -> HP [Ver = 6, 0, 0, 0 | Size = 51024 bytes | Modified Date = 9-3-2003 6:31:00 | Attr = ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 16080 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZius12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 21456 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 | Size = 197888 bytes | Modified Date = 22-7-2004 23:25:58 | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 | Size = 1041152 bytes | Modified Date = 22-7-2004 23:24:20 | Attr = ]
(ibmfilter) ibmfilter [Kernel | Auto | Running] -> %System32%\drivers\ibmfilter.sys -> IBM [Ver = 3.01 built by: WinDDK | Size = 64256 bytes | Modified Date = 24-9-2004 1:39:58 | Attr = ]
(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %System32%\drivers\ibmpmdrv.sys -> Lenovo. [Ver = 1.43 | Size = 21424 bytes | Modified Date = 31-5-2007 19:01:30 | Attr = ]
(IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> %System32%\drivers\IBMBLDID.sys -> [Ver = | Size = 4224 bytes | Modified Date = 2-4-2007 11:24:08 | Attr = ]
(KLIF) KLIF [File_System | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19-7-2007 15:10:28 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LucentSoftModem) Lucent Technologies Soft Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\LTSM.sys -> Lucent Technologies [Ver = 3.1.92.1 3.1.92.1 07/18/2001 12:51:10 | Size = 802683 bytes | Modified Date = 18-8-2001 5:28:10 | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 9-4-2003 22:48:08 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 18-8-2001 5:52:12 | Attr = ]
(NSCIRDA) Stuurprogramma voor NSC-infraroodapparaat [Kernel | On_Demand | Running] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 4-8-2004 7:00:52 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(psadd) Lenovo Parties Service Access Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\psadd.sys -> Lenovo (United States) Inc. [Ver = 6.1.1009.0 | Size = 21376 bytes | Modified Date = 19-2-2007 6:56:46 | Attr = ]
(Ptilink) Stuurprogramma voor Directe parallelle verbinding [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 7-9-2001 15:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.22a | Size = 20576 bytes | Modified Date = 8-12-2004 13:03:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 18-8-2001 5:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 18-8-2001 5:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 18-8-2001 5:52:18 | Attr = ]
(s24trans) WLAN-transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 11, 1, 1, 0 | Size = 12416 bytes | Modified Date = 29-5-2007 15:29:30 | Attr = ]
(S3SSavage) S3SSavage [Kernel | On_Demand | Stopped] -> %System32%\drivers\s3ssavm.sys -> S3 Graphics, Inc. [Ver = 6.13.10.1236-12.90.36 | Size = 95104 bytes | Modified Date = 1-11-2001 10:57:14 | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10-10-2006 13:53:48 | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-2-2006 17:51:08 | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27-2-2007 12:39:26 | Attr = ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %System32%\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 33052 bytes | Modified Date = 7-8-2007 1:15:07 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13-11-2007 11:25:55 | Attr = ]
(Shockprf) Shockprf [Kernel | Boot | Running] -> %System32%\drivers\ApsX86.sys -> Lenovo. [Ver = 1.53.0.1 | Size = 103472 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 4-8-2004 7:07:44 | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5160 | Size = 266880 bytes | Modified Date = 23-6-2004 18:42:46 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 18-8-2001 6:07:44 | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 187, 0 | Size = 51176 bytes | Modified Date = 18-10-2007 20:18:44 | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 14-7-2004 19:29:04 | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 14-7-2004 19:28:50 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 18-8-2001 6:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 18-8-2001 6:07:36 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 18-8-2001 6:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 18-8-2001 6:07:42 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 270928 bytes | Modified Date = 16-6-2004 18:47:28 | Attr = ]
(TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> %System32%\drivers\tcusb.sys -> UPEK Inc. [Ver = 1.9.2.99 | Size = 47376 bytes | Modified Date = 14-8-2007 14:25:52 | Attr = ]
(TDSMAPI) TDSMAPI [Kernel | System | Running] -> %System32%\drivers\TDSMAPI.SYS -> [Ver = | Size = 9341 bytes | Modified Date = 29-7-2004 9:36:00 | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2271 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86202 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(TPDIGIMN) TPDIGIMN [Kernel | Boot | Running] -> %System32%\drivers\ApsHM86.sys -> Lenovo. [Ver = 1.53.0.1 built by: WinDDK | Size = 19504 bytes | Modified Date = 28-9-2007 16:28:00 | Attr = ]
(TPHKDRV) TPHKDRV [Kernel | System | Running] -> %System32%\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 17699 bytes | Modified Date = 5-7-2005 14:57:06 | Attr = ]
(TPPWR) TPPWR [Kernel | System | Running] -> %System32%\drivers\TPPWR.SYS -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 16384 bytes | Modified Date = 29-7-2004 9:37:00 | Attr = ]
(TSMAPIP) TSMAPIP [Kernel | System | Running] -> %System32%\drivers\TSMAPIP.SYS -> [Ver = | Size = 7168 bytes | Modified Date = 15-7-2004 10:31:00 | Attr = ]
(TwoTrack) Stuurprogramma voor IBM PS/2 TrackPoint Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\TwoTrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Modified Date = 18-8-2001 5:48:14 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Versie 0603) | Size = 36736 bytes | Modified Date = 18-8-2001 5:52:22 | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Modified Date = 14-11-2007 16:05:16 | Attr = ]
(w22n51) Stuurprogramma Intel® PRO/Wireless 2200-adapter voor Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w22n51.sys -> Intel® Corporation [Ver = 8010-28 Driver | Size = 3151232 bytes | Modified Date = 30-8-2004 1:26:58 | Attr = ]
(w29n51) Stuurprogramma voor Intel® PRO/Wireless 2200BG-netwerkverbinding onder Windows XP [Kernel | On_Demand | Running] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9.0.4.36 Driver | Size = 2210048 bytes | Modified Date = 4-4-2007 13:46:52 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 built by: WinDDK | Size = 676096 bytes | Modified Date = 22-7-2004 23:24:52 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 12-1-2006 19:52:32 | Attr = ]
ACTray -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.42 | Size = 413696 bytes | Modified Date = 5-7-2007 14:58:40 | Attr = ]
ACWLIcon -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.42 | Size = 126976 bytes | Modified Date = 5-7-2007 14:51:48 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 6-2-2007 21:00:00 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21-12-2007 19:19:26 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 16-6-2004 18:53:02 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 16-6-2004 18:53:34 | Attr = ]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 2-10-2006 10:19:48 | Attr = ]
TVT Scheduler Proxy -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 540672 bytes | Modified Date = 1-8-2007 11:07:46 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< Jp Startup Folder > -> C:\Documents and Settings\Jp\Menu Start\Programma's\Opstarten ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20-12-2006 13:55:48 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19-4-2007 13:41:36 | Attr = ]
ACNotify -> ACNotify.dll -> File not found
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 6-2-2007 23:34:40 | Attr = ]
tpfnf2 -> %System32%\notifyf2.dll -> [Ver = | Size = 28672 bytes | Modified Date = 5-7-2005 23:45:08 | Attr = ]
tphotkey -> %System32%\tphklock.dll -> [Ver = | Size = 24576 bytes | Modified Date = 30-11-2005 20:16:02 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
< HOSTS File > (773 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.be/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> www.google.be[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12-1-2006 19:38:22 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
{A2510B92-6ECA-4D10-88E1-B027F29786A1} [HKEY_LOCAL_MACHINE] -> %System32%\cscuit.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 104960 bytes | Modified Date = 4-8-2004 9:03:08 | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 23-9-2005 20:41:42 | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 23-9-2005 20:41:42 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\InprocServer32 does not exist or could not be opened. [Adobe PDF] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263} does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683} does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Convert link target to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert link target to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0D2EB075-9467-4A92-9E48-4572BA71008E} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{1295A813-C2E2-4BB5-9441-3903327B7317} -> (Intel® PRO/1000 MT Mobile Connection) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\\InprocServer32 does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key SOFTWARE\Classes\CLSID\\InprocServer32 does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[Symantec AntiVirus scanner] ->
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> http://www-307.ibm.com/pc/support/acpir.cab[IASRunner Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupd...b?1193020774116[WUWebControl Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[Symantec RuFSI Utility Class] ->
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.4.1/...all-141-win.cab[Java Plug-in 1.4.1] ->


[Registry - Additional Scans - Non-Microsoft Only]
< Security Settings > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4-8-2004 9:03:36 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Intelligente achtergrondsoverdrachtservice ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService ->
Rpcss -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26-7-2005 5:42:48 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Hiermee worden bestanden overgezet wanneer het netwerk niet actief is. Als deze service is gestopt, kunnen functies zoals Windows Update of MSN Explorer niet automatisch programma's en andere gegevens downloaden. Als deze service is uitgeschakeld, kunnen services die van deze service afhankelijk zijn mogelijk geen bestanden overzetten als deze services niet direct via Internet Explorer bestanden kunnen overzetten als BITS is uitgeschakeld. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll [C:\WINDOWS\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 4-8-2004 9:03:20 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4-8-2004 9:03:36 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall (WF) / Internet-verbinding delen (ICS) ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService ->
Netman -> %System32%\netman.dll -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 22-8-2005 19:36:16 | Attr = ]
WinMgmt -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Hiermee worden services ten behoeve van netwerkadresomzetting, adressering, naamomzetting en/of preventie van onrechtmatige toegang geboden voor computers in thuis- of bedrijfsnetwerken. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1130 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 332288 bytes | Modified Date = 4-8-2004 9:03:12 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
*139:TCP* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP ->
139:TCP:LocalSubNet:Enabled:@xpsp2res.dll -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll -> File not found
-22004 -> -> File not found
*MultiFile Done* -> ->
*445:TCP* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP ->
445:TCP:LocalSubNet:Enabled:@xpsp2res.dll -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll -> File not found
-22005 -> -> File not found
*MultiFile Done* -> ->
*137:UDP* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP ->
137:UDP:LocalSubNet:Enabled:@xpsp2res.dll -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll -> File not found
-22001 -> -> File not found
*MultiFile Done* -> ->
*138:UDP* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP ->
138:UDP:LocalSubNet:Enabled:@xpsp2res.dll -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll -> File not found
-22002 -> -> File not found
*MultiFile Done* -> ->
*1900:UDP* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP ->
1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll -> File not found
-22007 -> -> File not found
*MultiFile Done* -> ->
*2869:TCP* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP ->
2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll -> File not found
-22008 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{405D14AD-5956-45EA-AFF4-ED27D63BACAB} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4-8-2004 9:03:36 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatische updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Hiermee wordt de mogelijkheid om updates voor Windows te downloaden en te installeren ingeschakeld. Als deze service is uitgeschakeld, kan het onderdeel Automatische updates of de website van Windows Update niet op deze computer worden gebruikt. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 4-8-2004 9:03:26 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 21-12-2007 20:13:10 | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 4-1-2008 1:26:25 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146357248 bytes | Created Date = 3-1-2008 8:05:17 | Attr = HS]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI -> [Ver = | Size = 40 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 0 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
Brownie.ini -> %SystemRoot%\Brownie.ini -> [Ver = | Size = 23 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 26 bytes | Created Date = 13-12-2007 11:52:31 | Attr = ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI -> [Ver = | Size = 145 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 462 bytes | Created Date = 13-12-2007 11:52:31 | Attr = ]
bw6050.ini -> %SystemRoot%\bw6050.ini -> [Ver = | Size = 0 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
hl-6050.ini -> %SystemRoot%\hl-6050.ini -> [Ver = | Size = 8634 bytes | Created Date = 13-12-2007 11:52:50 | Attr = ]
BRDIAG.HLP -> %System32%\BRDIAG.HLP -> [Ver = | Size = 173868 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
Brdiag2.exe -> %System32%\Brdiag2.exe -> brother Industries, Ltd [Ver = 2.53 | Size = 184320 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRDIAG2.HLP -> %System32%\BRDIAG2.HLP -> [Ver = | Size = 162057 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRGSRC16.DLL -> %System32%\BRGSRC16.DLL -> [Ver = | Size = 4608 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRGSRC32.DLL -> %System32%\BRGSRC32.DLL -> [Ver = | Size = 26624 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
brlm03a.dll -> %System32%\brlm03a.dll -> brother Industries Ltd [Ver = 0, 0, 1, 2 | Size = 21583 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BROSNMP.DLL -> %System32%\BROSNMP.DLL -> [Ver = | Size = 77824 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
brrbtool.exe -> %System32%\brrbtool.exe -> Brother Industries Ltd [Ver = 1.16 | Size = 65536 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRSPL03D.DLL -> %System32%\BRSPL03D.DLL -> Brother Industries, Ltd [Ver = 1.05 | Size = 163840 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRSPL03D.EXE -> %System32%\BRSPL03D.EXE -> Brother Industries,ltd [Ver = 3.70 | Size = 131072 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRSS01A.EXE -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
brss01a.ini -> %System32%\brss01a.ini -> [Ver = | Size = 30 bytes | Created Date = 13-12-2007 11:52:30 | Attr = ]
brsvc01a.bsi -> %System32%\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Created Date = 13-12-2007 11:52:29 | Attr = ]
BRSVC01A.EXE -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRVPD95A.DLL -> %System32%\BRVPD95A.DLL -> brother industries, ltd [Ver = 1.03 | Size = 40960 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRVPDNTA.DLL -> %System32%\BRVPDNTA.DLL -> brother Industries Ltd [Ver = 1, 0, 2, 0 | Size = 49152 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BrWebIns.dll -> %System32%\BrWebIns.dll -> brother [Ver = 1, 0, 9, 1 | Size = 81920 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRWEBUP.EXE -> %System32%\BRWEBUP.EXE -> brother [Ver = 1, 0, 8, 2 | Size = 65536 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
PDRVINST.DLL -> %System32%\PDRVINST.DLL -> brother [Ver = 1, 2, 3, 0 | Size = 184320 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 21-12-2007 19:19:45 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 21-12-2007 19:19:44 | Attr = ]
BRPAR.SYS -> %System32%\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Created Date = 13-12-2007 11:52:51 | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 18-12-2007 6:55:51 | Attr = ]
[File Created- Additional Folder Scans - Non-Microsoft Only]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Created Date = 21-12-2007 18:44:13 | Attr = ]
SecTaskMan -> %AllUsersAppData%\SecTaskMan -> [Folder | Created Date = 12-12-2007 13:32:45 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Created Date = 21-12-2007 19:20:02 | Attr = ]
Brother -> %UserAppData%\Brother -> [Folder | Created Date = 13-12-2007 11:53:45 | Attr = R ]
Help -> %UserAppData%\Help -> [Folder | Created Date = 18-12-2007 6:50:23 | Attr = ]
Smart PC Solutions -> %UserAppData%\Smart PC Solutions -> [Folder | Created Date = 12-12-2007 13:16:29 | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 20-12-2007 23:35:54 | Attr = ]
VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Created Date = 20-12-2007 23:53:35 | Attr = ]
Help -> %LocalAppData%\Help -> [Folder | Created Date = 18-12-2007 6:50:23 | Attr = ]
Creative Natuurfotografie.pps -> %UserDocuments%\Creative Natuurfotografie.pps -> [Ver = | Size = 4511744 bytes | Created Date = 7-12-2007 11:17:47 | Attr = ]
Doc1.doc -> %UserDocuments%\Doc1.doc -> [Ver = | Size = 285184 bytes | Created Date = 30-12-2007 7:36:53 | Attr = ]
revosetup.rar -> %UserDocuments%\revosetup.rar -> [Ver = | Size = 217996 bytes | Created Date = 7-12-2007 8:34:53 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\revosetup.rar:Zone.Identifier
VANGHELUWE_BMB_20071216.pdf -> %UserDocuments%\VANGHELUWE_BMB_20071216.pdf -> [Ver = | Size = 8354 bytes | Created Date = 16-12-2007 17:07:59 | Attr = ]
Verzoekschrift-Grondwettelijk-Hof.pdf -> %UserDocuments%\Verzoekschrift-Grondwettelijk-Hof.pdf -> [Ver = | Size = 531246 bytes | Created Date = 5-12-2007 20:25:23 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1801 bytes | Created Date = 21-12-2007 0:29:34 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1801 bytes | Created Date = 21-12-2007 0:29:33 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1543 bytes | Created Date = 21-12-2007 19:19:46 | Attr = ]
HL-6050 Interactieve Help.lnk -> %AllUsersDesktop%\HL-6050 Interactieve Help.lnk -> [Ver = | Size = 1782 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 791 bytes | Created Date = 22-12-2007 4:16:30 | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 22-12-2007 4:13:24 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier
avenger.zip -> %UserDesktop%\avenger.zip -> [Ver = | Size = 127378 bytes | Created Date = 4-1-2008 1:14:43 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avenger.zip:Zone.Identifier
avgas-setup-7.5.1.43.exe -> %UserDesktop%\avgas-setup-7.5.1.43.exe -> [Ver = | Size = 12413440 bytes | Created Date = 3-1-2008 1:18:23 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 22-12-2007 1:54:05 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 22-12-2007 1:53:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Revo Uninstaller.lnk -> %UserDesktop%\Revo Uninstaller.lnk -> [Ver = | Size = 928 bytes | Created Date = 7-12-2007 8:39:14 | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 944 bytes | Created Date = 21-12-2007 17:01:54 | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 22-12-2007 4:15:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 4-1-2008 2:43:13 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 605654 bytes | Created Date = 4-1-2008 2:41:41 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 1-1-2008 8:43:21 | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 4-1-2008 1:26:25 | Attr = ]
BK6DATA.ZIP -> %SystemDrive%\BK6DATA.ZIP -> [Ver = | Size = 1459286 bytes | Modified Date = 11-12-2007 18:49:46 | Attr = ]
BKEVENT.DT6 -> %SystemDrive%\BKEVENT.DT6 -> [Ver = | Size = 2874368 bytes | Modified Date = 1-1-2008 4:03:11 | Attr = ]
BKFIXFLE.SAV -> %SystemDrive%\BKFIXFLE.SAV -> [Ver = | Size = 696232 bytes | Modified Date = 1-1-2008 4:11:19 | Attr = ]
BKLOCATE.DT6 -> %SystemDrive%\BKLOCATE.DT6 -> [Ver = | Size = 487424 bytes | Modified Date = 1-1-2008 4:01:41 | Attr = ]
BKMARR.DT6 -> %SystemDrive%\BKMARR.DT6 -> [Ver = | Size = 568320 bytes | Modified Date = 1-1-2008 4:02:31 | Attr = ]
BKMESSG.DT6 -> %SystemDrive%\BKMESSG.DT6 -> [Ver = | Size = 131072 bytes | Modified Date = 1-1-2008 3:55:15 | Attr = ]
BKOTHER.DT6 -> %SystemDrive%\BKOTHER.DT6 -> [Ver = | Size = 846848 bytes | Modified Date = 1-1-2008 4:02:26 | Attr = ]
BKPERSON.DT6 -> %SystemDrive%\BKPERSON.DT6 -> [Ver = | Size = 2723840 bytes | Modified Date = 1-1-2008 4:11:18 | Attr = ]
BKSOURCE.DT6 -> %SystemDrive%\BKSOURCE.DT6 -> [Ver = | Size = 32768 bytes | Modified Date = 27-12-2007 13:46:44 | Attr = ]
BKSOURPT.DT6 -> %SystemDrive%\BKSOURPT.DT6 -> [Ver = | Size = 15360 bytes | Modified Date = 27-12-2007 13:46:44 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 22-12-2007 4:16:33 | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4-1-2008 1:21:45 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146357248 bytes | Modified Date = 4-1-2008 2:02:35 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28-12-2007 3:19:20 | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4-1-2008 2:06:11 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 22-12-2007 3:17:18 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4-1-2008 2:02:40 | Attr = S]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI -> [Ver = | Size = 40 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 0 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
Brownie.ini -> %SystemRoot%\Brownie.ini -> [Ver = | Size = 23 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 26 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI -> [Ver = | Size = 145 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 462 bytes | Modified Date = 13-12-2007 12:20:23 | Attr = ]
bw6050.ini -> %SystemRoot%\bw6050.ini -> [Ver = | Size = 0 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 4-1-2008 2:02:43 | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 25-12-2007 5:25:57 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 26-12-2007 2:57:48 | Attr = S]
hl-6050.ini -> %SystemRoot%\hl-6050.ini -> [Ver = | Size = 8634 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 22-12-2007 3:20:49 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 29-12-2007 15:44:30 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 22-12-2007 4:16:34 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 4-1-2008 2:20:06 | Attr = ]
MKDEWE.TRN -> %SystemRoot%\MKDEWE.TRN -> [Ver = | Size = 2048 bytes | Modified Date = 2-1-2008 2:41:17 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4-1-2008 1:37:37 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 21-12-2007 19:19:04 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3-1-2008 11:22:36 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 22-12-2007 11:53:00 | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 4-1-2008 2:03:17 | Attr = ]
FRU Task #Hewlett-Packard#hp psc 1200 series#1195555778.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1195555778.job -> [Ver = | Size = 384 bytes | Modified Date = 22-12-2007 11:52:07 | Attr = ]
RegistrySmart Scheduled Scan.job -> %SystemRoot%\tasks\RegistrySmart Scheduled Scan.job -> [Ver = | Size = 420 bytes | Modified Date = 1-1-2008 3:30:00 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4-1-2008 2:02:53 | Attr = H ]
brss01a.ini -> %System32%\brss01a.ini -> [Ver = | Size = 30 bytes | Modified Date = 13-12-2007 11:52:30 | Attr = ]
brsvc01a.bsi -> %System32%\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Modified Date = 13-12-2007 11:52:29 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 18-12-2007 6:55:55 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3-1-2008 11:21:08 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 22-12-2007 3:21:34 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4-1-2008 2:11:28 | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 3-1-2008 11:21:12 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4-1-2008 2:04:53 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353365 bytes | Modified Date = 4-1-2008 2:02:50 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 22-12-2007 3:15:12 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 18-12-2007 6:57:00 | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 18-12-2007 6:58:26 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21-12-2007 19:19:45 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 21-12-2007 19:19:44 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 11450400 bytes | Modified Date = 4-1-2008 2:42:08 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 135068 bytes | Modified Date = 4-1-2008 1:21:23 | Attr = HS]

< End of report >


Kind regards - Hope to read you very soon - JpMaurice

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:57 PM

Posted 05 January 2008 - 11:05 PM

Hi jpmaurice. I've been playing with this thing and it's a real PITA but I think I have it licked.

First, go ahead and delete the .txt and .zip files that Avenger made. We can't use them anyway. We'll re-run Avenger in a bit.

Next, I updated WinPFind35u to find a couple of additional files we need to see so delete the current WinPFind35U folder on your desktop and download the latest version of WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 jpmaurice

jpmaurice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 06 January 2008 - 07:23 AM

Hello Dear Oldtimer

WinPFind35 logfile created on: 6-1-2008 13:20:40
WinPFind35U Version Beta21 Folder = C:\Documents and Settings\Jp\Bureaublad\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,87% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32,82 Gb Total Space | 18,34 Gb Free Space | 55,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: IBM-20DD82AB5D8
Current User Name: Jp
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> Lenovo [Ver = 1.43 | Size = 36400 bytes | Modified Date = 31-5-2007 19:02:06 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 1-6-2007 10:48:24 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29-10-2007 13:27:04 | Attr = ]
brsvc01a.exe -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Modified Date = 27-8-2003 17:00:00 | Attr = ]
brss01a.exe -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12-12-2001 17:01:00 | Attr = ]
acprfmgrsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.42 | Size = 65536 bytes | Modified Date = 5-7-2007 15:05:04 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24-10-2007 8:15:56 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-10-2007 1:06:14 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21-12-2007 14:12:53 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 647168 bytes | Modified Date = 1-6-2007 11:00:20 | Attr = ]
rrpcsb.exe -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-3-2004 21:21:10 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0 | Size = 327680 bytes | Modified Date = 1-6-2007 10:41:30 | Attr = ]
suservice.exe -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 24-10-2007 12:58:00 | Attr = ]
tphdexlg.exe -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.53.0.1 | Size = 37424 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
tpkmpsvc.exe -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12-7-2003 2:19:22 | Attr = ]
tvtsched.exe -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 1126400 bytes | Modified Date = 1-8-2007 11:07:38 | Attr = ]
acsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.42 | Size = 184320 bytes | Modified Date = 5-7-2007 15:03:32 | Attr = ]
svcguihlpr.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> Lenovo [Ver = 4.42 | Size = 114688 bytes | Modified Date = 5-7-2007 15:04:18 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 16-6-2004 18:53:34 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 16-6-2004 18:53:02 | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 12-1-2006 19:52:32 | Attr = ]
scheduler_proxy.exe -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 540672 bytes | Modified Date = 1-8-2007 11:07:46 | Attr = ]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 2-10-2006 10:19:48 | Attr = ]
actray.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.42 | Size = 413696 bytes | Modified Date = 5-7-2007 14:58:40 | Attr = ]
acwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.42 | Size = 126976 bytes | Modified Date = 5-7-2007 14:51:48 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21-12-2007 19:19:26 | Attr = ]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 5-7-2005 14:57:12 | Attr = ]
tpscrex.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe -> Lenovo Group Limited [Ver = 1.17 | Size = 86016 bytes | Modified Date = 30-5-2006 15:05:42 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294912 bytes | Modified Date = 5-1-2008 22:54:28 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29-10-2007 13:27:04 | Attr = ]
(AcPrfMgrSvc) Ac Profile Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.42 | Size = 65536 bytes | Modified Date = 5-7-2007 15:05:04 | Attr = ]
(AcSvc) Access Connections Main Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.42 | Size = 184320 bytes | Modified Date = 5-7-2007 15:03:32 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24-10-2007 8:15:56 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-10-2007 1:06:14 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21-12-2007 14:12:53 | Attr = ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Modified Date = 27-8-2003 17:00:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative-service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 4-8-2004 9:03:28 | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 647168 bytes | Modified Date = 1-6-2007 11:00:20 | Attr = ]
(IBM Rapid Restore Ultra Service) IBM Rapid Restore Ultra Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-3-2004 21:21:10 | Attr = ]
(IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> Lenovo [Ver = 1.43 | Size = 36400 bytes | Modified Date = 31-5-2007 19:02:06 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Disabled | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0 | Size = 327680 bytes | Modified Date = 1-6-2007 10:41:30 | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 1-6-2007 10:48:24 | Attr = ]
(SUService) System Update [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 24-10-2007 12:58:00 | Attr = ]
(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Win32_Own | Auto | Running] -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.53.0.1 | Size = 37424 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12-7-2003 2:19:22 | Attr = ]
(TVT Scheduler) TVT Scheduler [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 1126400 bytes | Modified Date = 1-8-2007 11:07:38 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 18-8-2001 4:20:04 | Attr = ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.4 | Size = 116176 bytes | Modified Date = 7-4-2004 15:41:38 | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.7.4.0 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Cisco Systems, Inc. [Ver = 3.7.4.0 | Size = 21393 bytes | Modified Date = 2-12-2007 7:16:56 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 18-8-2001 5:51:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 4-8-2004 7:07:44 | Attr = ]
(ANC) ANC [Kernel | System | Running] -> %System32%\drivers\ANC.sys -> IBM Corp. [Ver = 8.3 | Size = 11520 bytes | Modified Date = 8-11-2005 9:27:20 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 18-8-2001 5:52:00 | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 18-8-2001 5:51:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6547 | Size = 1133568 bytes | Modified Date = 6-2-2007 23:38:32 | Attr = ]
(AtmelTpm) AtmelTpm [Kernel | On_Demand | Running] -> %System32%\drivers\AtmelTpm.sys -> Atmel, Inc. [Ver = 2.1.0.56 built by: WinDDK | Size = 40704 bytes | Modified Date = 21-10-2007 16:23:42 | Attr = ]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 24-10-2007 8:15:50 | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 22-10-2007 1:06:19 | Attr = ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 22-10-2007 1:06:20 | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21-12-2007 19:19:45 | Attr = ]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 22-10-2007 1:06:20 | Attr = ]
(BrPar) BrPar [Kernel | Auto | Running] -> %System32%\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Modified Date = 24-7-2000 1:01:00 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | On_Demand | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 7-9-2001 3:02:58 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 18-8-2001 5:52:16 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 4-8-2004 8:57:22 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153856 bytes | Modified Date = 4-8-2004 8:57:24 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 7-9-2001 15:00:00 | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94c | Size = 87168 bytes | Modified Date = 17-8-2004 11:21:00 | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.45a | Size = 40448 bytes | Modified Date = 14-7-2004 10:56:00 | Attr = ]
(E1000) Intel® PRO/1000 Network Connection Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 8.7.9.0 built by: WinDDK | Size = 170392 bytes | Modified Date = 24-10-2006 10:28:48 | Attr = ]
(E100B) Intel® PRO Adapter-stuurprogramma [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 7-9-2001 3:49:42 | Attr = ]
(EGATHDRV) IBM Access Support [Kernel | Auto | Running] -> %System32%\egathdrv.sys -> IBM Corporation [Ver = 2.04 | Size = 5120 bytes | Modified Date = 19-3-2004 20:03:58 | Attr = ]
(fdpteznk) fdpteznk [Kernel | Boot | Running] -> %System32%\drivers\dohqarui.dat -> [Ver = | Size = 18688 bytes | Modified Date = 25-10-2007 8:39:21 | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\drivers\hpzid412.sys -> HP [Ver = 6, 0, 0, 0 | Size = 51024 bytes | Modified Date = 9-3-2003 6:31:00 | Attr = ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 16080 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZius12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 21456 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 | Size = 197888 bytes | Modified Date = 22-7-2004 23:25:58 | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 | Size = 1041152 bytes | Modified Date = 22-7-2004 23:24:20 | Attr = ]
(ibmfilter) ibmfilter [Kernel | Auto | Running] -> %System32%\drivers\ibmfilter.sys -> IBM [Ver = 3.01 built by: WinDDK | Size = 64256 bytes | Modified Date = 24-9-2004 1:39:58 | Attr = ]
(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %System32%\drivers\ibmpmdrv.sys -> Lenovo. [Ver = 1.43 | Size = 21424 bytes | Modified Date = 31-5-2007 19:01:30 | Attr = ]
(IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> %System32%\drivers\IBMBLDID.sys -> [Ver = | Size = 4224 bytes | Modified Date = 2-4-2007 11:24:08 | Attr = ]
(KLIF) KLIF [File_System | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19-7-2007 15:10:28 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LucentSoftModem) Lucent Technologies Soft Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\LTSM.sys -> Lucent Technologies [Ver = 3.1.92.1 3.1.92.1 07/18/2001 12:51:10 | Size = 802683 bytes | Modified Date = 18-8-2001 5:28:10 | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 9-4-2003 22:48:08 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 18-8-2001 5:52:12 | Attr = ]
(NSCIRDA) Stuurprogramma voor NSC-infraroodapparaat [Kernel | On_Demand | Running] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 4-8-2004 7:00:52 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(psadd) Lenovo Parties Service Access Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\psadd.sys -> Lenovo (United States) Inc. [Ver = 6.1.1009.0 | Size = 21376 bytes | Modified Date = 19-2-2007 6:56:46 | Attr = ]
(Ptilink) Stuurprogramma voor Directe parallelle verbinding [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 7-9-2001 15:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.22a | Size = 20576 bytes | Modified Date = 8-12-2004 13:03:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 18-8-2001 5:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 18-8-2001 5:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 18-8-2001 5:52:18 | Attr = ]
(s24trans) WLAN-transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 11, 1, 1, 0 | Size = 12416 bytes | Modified Date = 29-5-2007 15:29:30 | Attr = ]
(S3SSavage) S3SSavage [Kernel | On_Demand | Stopped] -> %System32%\drivers\s3ssavm.sys -> S3 Graphics, Inc. [Ver = 6.13.10.1236-12.90.36 | Size = 95104 bytes | Modified Date = 1-11-2001 10:57:14 | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10-10-2006 13:53:48 | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-2-2006 17:51:08 | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27-2-2007 12:39:26 | Attr = ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %System32%\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 33052 bytes | Modified Date = 7-8-2007 1:15:07 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13-11-2007 11:25:55 | Attr = ]
(Shockprf) Shockprf [Kernel | Boot | Running] -> %System32%\drivers\ApsX86.sys -> Lenovo. [Ver = 1.53.0.1 | Size = 103472 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 4-8-2004 7:07:44 | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5160 | Size = 266880 bytes | Modified Date = 23-6-2004 18:42:46 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 18-8-2001 6:07:44 | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 187, 0 | Size = 51176 bytes | Modified Date = 18-10-2007 20:18:44 | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 14-7-2004 19:29:04 | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 14-7-2004 19:28:50 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 18-8-2001 6:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 18-8-2001 6:07:36 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 18-8-2001 6:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 18-8-2001 6:07:42 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 270928 bytes | Modified Date = 16-6-2004 18:47:28 | Attr = ]
(TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> %System32%\drivers\tcusb.sys -> UPEK Inc. [Ver = 1.9.2.99 | Size = 47376 bytes | Modified Date = 14-8-2007 14:25:52 | Attr = ]
(TDSMAPI) TDSMAPI [Kernel | System | Running] -> %System32%\drivers\TDSMAPI.SYS -> [Ver = | Size = 9341 bytes | Modified Date = 29-7-2004 9:36:00 | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2271 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86202 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(TPDIGIMN) TPDIGIMN [Kernel | Boot | Running] -> %System32%\drivers\ApsHM86.sys -> Lenovo. [Ver = 1.53.0.1 built by: WinDDK | Size = 19504 bytes | Modified Date = 28-9-2007 16:28:00 | Attr = ]
(TPHKDRV) TPHKDRV [Kernel | System | Running] -> %System32%\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 17699 bytes | Modified Date = 5-7-2005 14:57:06 | Attr = ]
(TPPWR) TPPWR [Kernel | System | Running] -> %System32%\drivers\TPPWR.SYS -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 16384 bytes | Modified Date = 29-7-2004 9:37:00 | Attr = ]
(TSMAPIP) TSMAPIP [Kernel | System | Running] -> %System32%\drivers\TSMAPIP.SYS -> [Ver = | Size = 7168 bytes | Modified Date = 15-7-2004 10:31:00 | Attr = ]
(TwoTrack) Stuurprogramma voor IBM PS/2 TrackPoint Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\TwoTrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Modified Date = 18-8-2001 5:48:14 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Versie 0603) | Size = 36736 bytes | Modified Date = 18-8-2001 5:52:22 | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Modified Date = 14-11-2007 16:05:16 | Attr = ]
(w22n51) Stuurprogramma Intel® PRO/Wireless 2200-adapter voor Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w22n51.sys -> Intel® Corporation [Ver = 8010-28 Driver | Size = 3151232 bytes | Modified Date = 30-8-2004 1:26:58 | Attr = ]
(w29n51) Stuurprogramma voor Intel® PRO/Wireless 2200BG-netwerkverbinding onder Windows XP [Kernel | On_Demand | Running] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9.0.4.36 Driver | Size = 2210048 bytes | Modified Date = 4-4-2007 13:46:52 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 built by: WinDDK | Size = 676096 bytes | Modified Date = 22-7-2004 23:24:52 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 12-1-2006 19:52:32 | Attr = ]
ACTray -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.42 | Size = 413696 bytes | Modified Date = 5-7-2007 14:58:40 | Attr = ]
ACWLIcon -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.42 | Size = 126976 bytes | Modified Date = 5-7-2007 14:51:48 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 6-2-2007 21:00:00 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21-12-2007 19:19:26 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 16-6-2004 18:53:02 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 16-6-2004 18:53:34 | Attr = ]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 2-10-2006 10:19:48 | Attr = ]
TVT Scheduler Proxy -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 540672 bytes | Modified Date = 1-8-2007 11:07:46 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< Jp Startup Folder > -> C:\Documents and Settings\Jp\Menu Start\Programma's\Opstarten ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20-12-2006 13:55:48 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19-4-2007 13:41:36 | Attr = ]
ACNotify -> ACNotify.dll -> File not found
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 6-2-2007 23:34:40 | Attr = ]
tpfnf2 -> %System32%\notifyf2.dll -> [Ver = | Size = 28672 bytes | Modified Date = 5-7-2005 23:45:08 | Attr = ]
tphotkey -> %System32%\tphklock.dll -> [Ver = | Size = 24576 bytes | Modified Date = 30-11-2005 20:16:02 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
< HOSTS File > (773 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.be/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> www.google.be[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12-1-2006 19:38:22 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
{A2510B92-6ECA-4D10-88E1-B027F29786A1} [HKEY_LOCAL_MACHINE] -> %System32%\cscuit.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 104960 bytes | Modified Date = 4-8-2004 9:03:08 | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 23-9-2005 20:41:42 | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 23-9-2005 20:41:42 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Adobe PDF] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Convert link target to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert link target to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0D2EB075-9467-4A92-9E48-4572BA71008E} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{1295A813-C2E2-4BB5-9441-3903327B7317} -> (Intel® PRO/1000 MT Mobile Connection) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[Symantec AntiVirus scanner] ->
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> http://www-307.ibm.com/pc/support/acpir.cab[IASRunner Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupd...b?1193020774116[WUWebControl Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[Symantec RuFSI Utility Class] ->
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.4.1/...all-141-win.cab[Java Plug-in 1.4.1] ->



[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 21-12-2007 20:13:10 | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 4-1-2008 1:26:25 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146357248 bytes | Created Date = 3-1-2008 8:05:17 | Attr = HS]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 21-12-2007 19:19:45 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 21-12-2007 19:19:44 | Attr = ]
BRPAR.SYS -> %System32%\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Created Date = 13-12-2007 11:52:51 | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 18-12-2007 6:55:51 | Attr = ]
BRDIAG.HLP -> %System32%\BRDIAG.HLP -> [Ver = | Size = 173868 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
Brdiag2.exe -> %System32%\Brdiag2.exe -> brother Industries, Ltd [Ver = 2.53 | Size = 184320 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRDIAG2.HLP -> %System32%\BRDIAG2.HLP -> [Ver = | Size = 162057 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRGSRC16.DLL -> %System32%\BRGSRC16.DLL -> [Ver = | Size = 4608 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRGSRC32.DLL -> %System32%\BRGSRC32.DLL -> [Ver = | Size = 26624 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
brlm03a.dll -> %System32%\brlm03a.dll -> brother Industries Ltd [Ver = 0, 0, 1, 2 | Size = 21583 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BROSNMP.DLL -> %System32%\BROSNMP.DLL -> [Ver = | Size = 77824 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
brrbtool.exe -> %System32%\brrbtool.exe -> Brother Industries Ltd [Ver = 1.16 | Size = 65536 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRSPL03D.DLL -> %System32%\BRSPL03D.DLL -> Brother Industries, Ltd [Ver = 1.05 | Size = 163840 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRSPL03D.EXE -> %System32%\BRSPL03D.EXE -> Brother Industries,ltd [Ver = 3.70 | Size = 131072 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRSS01A.EXE -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
brss01a.ini -> %System32%\brss01a.ini -> [Ver = | Size = 30 bytes | Created Date = 13-12-2007 11:52:30 | Attr = ]
brsvc01a.bsi -> %System32%\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Created Date = 13-12-2007 11:52:29 | Attr = ]
BRSVC01A.EXE -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRVPD95A.DLL -> %System32%\BRVPD95A.DLL -> brother industries, ltd [Ver = 1.03 | Size = 40960 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRVPDNTA.DLL -> %System32%\BRVPDNTA.DLL -> brother Industries Ltd [Ver = 1, 0, 2, 0 | Size = 49152 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BrWebIns.dll -> %System32%\BrWebIns.dll -> brother [Ver = 1, 0, 9, 1 | Size = 81920 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRWEBUP.EXE -> %System32%\BRWEBUP.EXE -> brother [Ver = 1, 0, 8, 2 | Size = 65536 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
PDRVINST.DLL -> %System32%\PDRVINST.DLL -> brother [Ver = 1, 2, 3, 0 | Size = 184320 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI -> [Ver = | Size = 40 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 0 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
Brownie.ini -> %SystemRoot%\Brownie.ini -> [Ver = | Size = 23 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 26 bytes | Created Date = 13-12-2007 11:52:31 | Attr = ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI -> [Ver = | Size = 145 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 462 bytes | Created Date = 13-12-2007 11:52:31 | Attr = ]
bw6050.ini -> %SystemRoot%\bw6050.ini -> [Ver = | Size = 0 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
hl-6050.ini -> %SystemRoot%\hl-6050.ini -> [Ver = | Size = 8634 bytes | Created Date = 13-12-2007 11:52:50 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Created Date = 21-12-2007 18:44:13 | Attr = ]
SecTaskMan -> %AllUsersAppData%\SecTaskMan -> [Folder | Created Date = 12-12-2007 13:32:45 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Created Date = 21-12-2007 19:20:02 | Attr = ]
Brother -> %UserAppData%\Brother -> [Folder | Created Date = 13-12-2007 11:53:45 | Attr = R ]
Help -> %UserAppData%\Help -> [Folder | Created Date = 18-12-2007 6:50:23 | Attr = ]
Smart PC Solutions -> %UserAppData%\Smart PC Solutions -> [Folder | Created Date = 12-12-2007 13:16:29 | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 20-12-2007 23:35:54 | Attr = ]
VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Created Date = 20-12-2007 23:53:35 | Attr = ]
Help -> %LocalAppData%\Help -> [Folder | Created Date = 18-12-2007 6:50:23 | Attr = ]
Doc1.doc -> %UserDocuments%\Doc1.doc -> [Ver = | Size = 285184 bytes | Created Date = 30-12-2007 7:36:53 | Attr = ]
VANGHELUWE_BMB_20071216.pdf -> %UserDocuments%\VANGHELUWE_BMB_20071216.pdf -> [Ver = | Size = 8354 bytes | Created Date = 16-12-2007 17:07:59 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1801 bytes | Created Date = 21-12-2007 0:29:34 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1801 bytes | Created Date = 21-12-2007 0:29:33 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1543 bytes | Created Date = 21-12-2007 19:19:46 | Attr = ]
HL-6050 Interactieve Help.lnk -> %AllUsersDesktop%\HL-6050 Interactieve Help.lnk -> [Ver = | Size = 1782 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 791 bytes | Created Date = 22-12-2007 4:16:30 | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 22-12-2007 4:13:24 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier
avgas-setup-7.5.1.43.exe -> %UserDesktop%\avgas-setup-7.5.1.43.exe -> [Ver = | Size = 12413440 bytes | Created Date = 3-1-2008 1:18:23 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 22-12-2007 1:54:05 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 22-12-2007 1:53:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 944 bytes | Created Date = 21-12-2007 17:01:54 | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 22-12-2007 4:15:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 6-1-2008 13:19:20 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464885 bytes | Created Date = 6-1-2008 13:18:36 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 6-1-2008 8:40:06 | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 4-1-2008 1:26:25 | Attr = ]
BK6DATA.ZIP -> %SystemDrive%\BK6DATA.ZIP -> [Ver = | Size = 1459286 bytes | Modified Date = 11-12-2007 18:49:46 | Attr = ]
BKEVENT.DT6 -> %SystemDrive%\BKEVENT.DT6 -> [Ver = | Size = 2962432 bytes | Modified Date = 6-1-2008 13:16:19 | Attr = ]
BKFIXFLE.SAV -> %SystemDrive%\BKFIXFLE.SAV -> [Ver = | Size = 713400 bytes | Modified Date = 6-1-2008 13:16:44 | Attr = ]
BKLOCATE.DT6 -> %SystemDrive%\BKLOCATE.DT6 -> [Ver = | Size = 505856 bytes | Modified Date = 6-1-2008 13:16:19 | Attr = ]
BKMARR.DT6 -> %SystemDrive%\BKMARR.DT6 -> [Ver = | Size = 568320 bytes | Modified Date = 6-1-2008 13:15:23 | Attr = ]
BKMESSG.DT6 -> %SystemDrive%\BKMESSG.DT6 -> [Ver = | Size = 131072 bytes | Modified Date = 5-1-2008 11:31:26 | Attr = ]
BKOTHER.DT6 -> %SystemDrive%\BKOTHER.DT6 -> [Ver = | Size = 881664 bytes | Modified Date = 6-1-2008 13:16:44 | Attr = ]
BKPERSON.DT6 -> %SystemDrive%\BKPERSON.DT6 -> [Ver = | Size = 2794496 bytes | Modified Date = 6-1-2008 13:16:44 | Attr = ]
BKSOURCE.DT6 -> %SystemDrive%\BKSOURCE.DT6 -> [Ver = | Size = 32768 bytes | Modified Date = 27-12-2007 13:46:44 | Attr = ]
BKSOURPT.DT6 -> %SystemDrive%\BKSOURPT.DT6 -> [Ver = | Size = 15360 bytes | Modified Date = 27-12-2007 13:46:44 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 22-12-2007 4:16:33 | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4-1-2008 1:21:45 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146357248 bytes | Modified Date = 5-1-2008 3:15:39 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28-12-2007 3:19:20 | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6-1-2008 13:17:50 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21-12-2007 19:19:45 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 21-12-2007 19:19:44 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 14610464 bytes | Modified Date = 6-1-2008 13:18:19 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 147764 bytes | Modified Date = 5-1-2008 0:58:00 | Attr = HS]
brss01a.ini -> %System32%\brss01a.ini -> [Ver = | Size = 30 bytes | Modified Date = 13-12-2007 11:52:30 | Attr = ]
brsvc01a.bsi -> %System32%\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Modified Date = 13-12-2007 11:52:29 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 18-12-2007 6:55:55 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3-1-2008 11:21:08 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 22-12-2007 3:21:34 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4-1-2008 2:11:28 | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 3-1-2008 11:21:12 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4-1-2008 2:04:53 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353365 bytes | Modified Date = 5-1-2008 3:15:54 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 22-12-2007 3:15:12 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 18-12-2007 6:57:00 | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 18-12-2007 6:58:26 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 22-12-2007 3:17:18 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5-1-2008 3:15:43 | Attr = S]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI -> [Ver = | Size = 40 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 0 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
Brownie.ini -> %SystemRoot%\Brownie.ini -> [Ver = | Size = 23 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 26 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI -> [Ver = | Size = 145 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 462 bytes | Modified Date = 13-12-2007 12:20:23 | Attr = ]
bw6050.ini -> %SystemRoot%\bw6050.ini -> [Ver = | Size = 0 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 4-1-2008 2:02:43 | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 25-12-2007 5:25:57 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 26-12-2007 2:57:48 | Attr = S]
hl-6050.ini -> %SystemRoot%\hl-6050.ini -> [Ver = | Size = 8634 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 22-12-2007 3:20:49 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 29-12-2007 15:44:30 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 22-12-2007 4:16:34 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 6-1-2008 13:17:51 | Attr = ]
MKDEWE.TRN -> %SystemRoot%\MKDEWE.TRN -> [Ver = | Size = 2048 bytes | Modified Date = 6-1-2008 13:16:46 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6-1-2008 13:19:21 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 21-12-2007 19:19:04 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6-1-2008 0:00:02 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 22-12-2007 11:53:00 | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 6-1-2008 5:47:19 | Attr = ]
FRU Task #Hewlett-Packard#hp psc 1200 series#1195555778.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1195555778.job -> [Ver = | Size = 384 bytes | Modified Date = 22-12-2007 11:52:07 | Attr = ]
RegistrySmart Scheduled Scan.job -> %SystemRoot%\tasks\RegistrySmart Scheduled Scan.job -> [Ver = | Size = 420 bytes | Modified Date = 6-1-2008 3:30:00 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5-1-2008 3:15:57 | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Modified Date = 21-12-2007 19:21:21 | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 21-12-2007 19:19:25 | Attr = ]
SecTaskMan -> %AllUsersAppData%\SecTaskMan -> [Folder | Modified Date = 12-12-2007 14:11:15 | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 21-12-2007 17:39:37 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 6-1-2008 8:00:03 | Attr = ]
Brother -> %UserAppData%\Brother -> [Folder | Modified Date = 13-12-2007 11:53:45 | Attr = R ]
Help -> %UserAppData%\Help -> [Folder | Modified Date = 18-12-2007 6:50:23 | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 21-12-2007 19:19:07 | Attr = S]
Smart PC Solutions -> %UserAppData%\Smart PC Solutions -> [Folder | Modified Date = 12-12-2007 14:08:08 | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 22-12-2007 4:16:30 | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Modified Date = 20-12-2007 23:35:54 | Attr = ]
VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Modified Date = 20-12-2007 23:53:35 | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 3-1-2008 11:17:04 | Attr = ]
Help -> %LocalAppData%\Help -> [Folder | Modified Date = 18-12-2007 6:50:23 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 2830106 bytes | Modified Date = 31-12-2007 2:50:28 | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 21-12-2007 19:19:08 | Attr = ]
Access Connections -> %UserDocuments%\Access Connections -> [Folder | Modified Date = 23-12-2007 15:17:18 | Attr = ]
Afbeeldingen -> %UserDocuments%\Afbeeldingen -> [Folder | Modified Date = 22-12-2007 16:22:09 | Attr = R ]
Doc1.doc -> %UserDocuments%\Doc1.doc -> [Ver = | Size = 285184 bytes | Modified Date = 30-12-2007 7:36:53 | Attr = ]
Downloads -> %UserDocuments%\Downloads -> [Folder | Modified Date = 4-1-2008 2:15:10 | Attr = ]
GENEALOGY -> %UserDocuments%\GENEALOGY -> [Folder | Modified Date = 4-1-2008 13:52:33 | Attr = ]
VANGHELUWE_BMB_20071216.pdf -> %UserDocuments%\VANGHELUWE_BMB_20071216.pdf -> [Ver = | Size = 8354 bytes | Modified Date = 16-12-2007 17:07:59 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1801 bytes | Modified Date = 21-12-2007 0:29:34 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1801 bytes | Modified Date = 21-12-2007 0:29:33 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1543 bytes | Modified Date = 21-12-2007 19:19:46 | Attr = ]
HL-6050 Interactieve Help.lnk -> %AllUsersDesktop%\HL-6050 Interactieve Help.lnk -> [Ver = | Size = 1782 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 791 bytes | Modified Date = 22-12-2007 4:16:31 | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 22-12-2007 4:13:25 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier
avgas-setup-7.5.1.43.exe -> %UserDesktop%\avgas-setup-7.5.1.43.exe -> [Ver = | Size = 12413440 bytes | Modified Date = 3-1-2008 1:18:23 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Modified Date = 22-12-2007 1:54:05 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 22-12-2007 1:53:21 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 944 bytes | Modified Date = 21-12-2007 17:01:54 | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 22-12-2007 4:15:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 6-1-2008 13:19:20 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464885 bytes | Modified Date = 6-1-2008 13:18:38 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 13-12-2007 11:52:19 | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 21-12-2007 0:28:58 | Attr = ]

< End of report >


Hope to read you soon - Thanks - JpMaurice

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:57 PM

Posted 06 January 2008 - 09:55 AM

Hi jpmaurice. Ok, let's see if we can't get rid of this thing. First, copy these directions into Notepad and save them on your desktop. We will be booting to Safe Mode and you will need this information and the ability to copy/paste some of it during the fix.

Now please follow these steps in order:

Step #1

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #2

Now we will need to disable the driver for this thing. Please do the following:
  • Click Start, click Control Panel, click Performance and Maintenance, and then click System.
  • On the Hardware tab, click Device Manager.
  • Click the View menu and if there is no checkmark in front of Show hidden devices then click on it to activate it.
  • Scroll down the list of devices and double-click Non-Plug and Play Drivers.
  • Locate the fdpteznk device and right click it and then click the Properties option.
  • Click the Driver tab.
  • In the Startup section select Disable from the drop-down list.
  • Click General tab.
  • In the Device Usage drop-down list select Do not use this device (disable).
  • Click the Ok button and you should be prompted to reboot. Yoiu can reboot normally.
Step #3

Start WinPFind35U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (fdpteznk) fdpteznk [Kernel | Boot | Running] -> %System32%\drivers\dohqarui.dat
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {A2510B92-6ECA-4D10-88E1-B027F29786A1} [HKEY_LOCAL_MACHINE] -> %System32%\cscuit.dll [Reg Error: Value does not exist or could not be read.]
[Start Explorer]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally. If you are not asked to reboot, click the Ok button on the finished message and Notepad will open with a log of actions taken during the fix. Post that information back here. My guess is that we will still need to use Avenger again to remove the left-over files but it should not give us the problems it did previously.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 jpmaurice

jpmaurice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 06 January 2008 - 10:57 AM

Explorer killed successfully
[Driver Services - Non-Microsoft Only]
Service fdpteznk stopped successfully.
Service fdpteznk deleted successfully.
C:\WINDOWS\System32\drivers\dohqarui.dat moved successfully.
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2510B92-6ECA-4D10-88E1-B027F29786A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2510B92-6ECA-4D10-88E1-B027F29786A1}\ deleted successfully.
LoadLibrary failed for C:\WINDOWS\System32\cscuit.dll
C:\WINDOWS\System32\cscuit.dll NOT unregistered.
C:\WINDOWS\System32\cscuit.dll moved successfully.
Explorer started successfully
< End of log >
Created on 01062008_165433

#13 jpmaurice

jpmaurice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 06 January 2008 - 11:11 AM

Hello Dear OT

The log is posted just above. Content far better looking than the previous one. Going very well this time.
Would there be more leftovers to remove ? If so please inform me.

Thanks
JpMaurice

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:57 PM

Posted 06 January 2008 - 01:54 PM

Hi jpmaurice. Yes, that does look a bit better. Let's see is anything came back after it was moved out.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Copy/paste the information below into the Manual File or Registry Key Scans box:
    C:\WINDOWS\System32\drivers\doh*.*
    C:\WINDOWS\System32\csc*.*
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 jpmaurice

jpmaurice
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 07 January 2008 - 02:14 AM

WinPFind35 logfile created on: 7-1-2008 8:10:45
WinPFind35U Version Beta21 Folder = C:\Documents and Settings\Jp\Bureaublad\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,91% Memory free
3,85 Gb Paging File | 3,38 Gb Available in Paging File | 87,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32,82 Gb Total Space | 18,27 Gb Free Space | 55,68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: IBM-20DD82AB5D8
Current User Name: Jp
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users


[Processes - Non-Microsoft Only]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> Lenovo [Ver = 1.43 | Size = 36400 bytes | Modified Date = 31-5-2007 19:02:06 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 1-6-2007 10:48:24 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29-10-2007 13:27:04 | Attr = ]
brsvc01a.exe -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Modified Date = 27-8-2003 17:00:00 | Attr = ]
brss01a.exe -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12-12-2001 17:01:00 | Attr = ]
acprfmgrsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.42 | Size = 65536 bytes | Modified Date = 5-7-2007 15:05:04 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24-10-2007 8:15:56 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-10-2007 1:06:14 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21-12-2007 14:12:53 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 647168 bytes | Modified Date = 1-6-2007 11:00:20 | Attr = ]
rrpcsb.exe -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-3-2004 21:21:10 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0 | Size = 327680 bytes | Modified Date = 1-6-2007 10:41:30 | Attr = ]
suservice.exe -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 24-10-2007 12:58:00 | Attr = ]
tphdexlg.exe -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.53.0.1 | Size = 37424 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
tpkmpsvc.exe -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12-7-2003 2:19:22 | Attr = ]
tvtsched.exe -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 1126400 bytes | Modified Date = 1-8-2007 11:07:38 | Attr = ]
acsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.42 | Size = 184320 bytes | Modified Date = 5-7-2007 15:03:32 | Attr = ]
svcguihlpr.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> Lenovo [Ver = 4.42 | Size = 114688 bytes | Modified Date = 5-7-2007 15:04:18 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 16-6-2004 18:53:34 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 16-6-2004 18:53:02 | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 12-1-2006 19:52:32 | Attr = ]
scheduler_proxy.exe -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 540672 bytes | Modified Date = 1-8-2007 11:07:46 | Attr = ]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 2-10-2006 10:19:48 | Attr = ]
actray.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.42 | Size = 413696 bytes | Modified Date = 5-7-2007 14:58:40 | Attr = ]
acwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.42 | Size = 126976 bytes | Modified Date = 5-7-2007 14:51:48 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 5-7-2005 14:57:12 | Attr = ]
tpscrex.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe -> Lenovo Group Limited [Ver = 1.17 | Size = 86016 bytes | Modified Date = 30-5-2006 15:05:42 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21-12-2007 19:19:26 | Attr = ]
unavtray.exe -> %ProgramFiles%\ThinkPad\UltraNav-wizard\UNavTray.exe -> IBM Corporation [Ver = 1,0,0,1 | Size = 229376 bytes | Modified Date = 22-8-2003 10:01:00 | Attr = ]
avgw.exe -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 21-12-2007 19:19:32 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294912 bytes | Modified Date = 5-1-2008 22:54:28 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29-10-2007 13:27:04 | Attr = ]
(AcPrfMgrSvc) Ac Profile Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> Lenovo [Ver = 4.42 | Size = 65536 bytes | Modified Date = 5-7-2007 15:05:04 | Attr = ]
(AcSvc) Access Connections Main Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4.42 | Size = 184320 bytes | Modified Date = 5-7-2007 15:03:32 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 6-2-2007 23:33:40 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 24-10-2007 8:15:56 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22-10-2007 1:06:14 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21-12-2007 14:12:53 | Attr = ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Modified Date = 27-8-2003 17:00:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative-service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 4-8-2004 9:03:28 | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 647168 bytes | Modified Date = 1-6-2007 11:00:20 | Attr = ]
(IBM Rapid Restore Ultra Service) IBM Rapid Restore Ultra Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 19-3-2004 21:21:10 | Attr = ]
(IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> Lenovo [Ver = 1.43 | Size = 36400 bytes | Modified Date = 31-5-2007 19:02:06 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Disabled | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0 | Size = 327680 bytes | Modified Date = 1-6-2007 10:41:30 | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 1-6-2007 10:48:24 | Attr = ]
(SUService) System Update [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 24-10-2007 12:58:00 | Attr = ]
(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Win32_Own | Auto | Running] -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.53.0.1 | Size = 37424 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12-7-2003 2:19:22 | Attr = ]
(TVT Scheduler) TVT Scheduler [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 1126400 bytes | Modified Date = 1-8-2007 11:07:38 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(ac97intc) Intel® 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 18-8-2001 4:20:04 | Attr = ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.4 | Size = 116176 bytes | Modified Date = 7-4-2004 15:41:38 | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.7.4.0 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Cisco Systems, Inc. [Ver = 3.7.4.0 | Size = 21393 bytes | Modified Date = 2-12-2007 7:16:56 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 18-8-2001 5:51:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 4-8-2004 7:07:44 | Attr = ]
(ANC) ANC [Kernel | System | Running] -> %System32%\drivers\ANC.sys -> IBM Corp. [Ver = 8.3 | Size = 11520 bytes | Modified Date = 8-11-2005 9:27:20 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 18-8-2001 5:52:00 | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 18-8-2001 5:51:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6547 | Size = 1133568 bytes | Modified Date = 6-2-2007 23:38:32 | Attr = ]
(AtmelTpm) AtmelTpm [Kernel | On_Demand | Running] -> %System32%\drivers\AtmelTpm.sys -> Atmel, Inc. [Ver = 2.1.0.56 built by: WinDDK | Size = 40704 bytes | Modified Date = 21-10-2007 16:23:42 | Attr = ]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 24-10-2007 8:15:50 | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 22-10-2007 1:06:19 | Attr = ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 22-10-2007 1:06:20 | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21-12-2007 19:19:45 | Attr = ]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 22-10-2007 1:06:20 | Attr = ]
(BrPar) BrPar [Kernel | Auto | Running] -> %System32%\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Modified Date = 24-7-2000 1:01:00 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | On_Demand | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 7-9-2001 3:02:58 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 18-8-2001 5:52:16 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 4-8-2004 8:57:22 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153856 bytes | Modified Date = 4-8-2004 8:57:24 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 7-9-2001 15:00:00 | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94c | Size = 87168 bytes | Modified Date = 17-8-2004 11:21:00 | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.45a | Size = 40448 bytes | Modified Date = 14-7-2004 10:56:00 | Attr = ]
(E1000) Intel® PRO/1000 Network Connection Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 8.7.9.0 built by: WinDDK | Size = 170392 bytes | Modified Date = 24-10-2006 10:28:48 | Attr = ]
(E100B) Intel® PRO Adapter-stuurprogramma [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 7-9-2001 3:49:42 | Attr = ]
(EGATHDRV) IBM Access Support [Kernel | Auto | Running] -> %System32%\egathdrv.sys -> IBM Corporation [Ver = 2.04 | Size = 5120 bytes | Modified Date = 19-3-2004 20:03:58 | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\drivers\hpzid412.sys -> HP [Ver = 6, 0, 0, 0 | Size = 51024 bytes | Modified Date = 9-3-2003 6:31:00 | Attr = ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 16080 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZius12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 21456 bytes | Modified Date = 9-3-2003 6:31:02 | Attr = ]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 | Size = 197888 bytes | Modified Date = 22-7-2004 23:25:58 | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 | Size = 1041152 bytes | Modified Date = 22-7-2004 23:24:20 | Attr = ]
(ibmfilter) ibmfilter [Kernel | Auto | Running] -> %System32%\drivers\ibmfilter.sys -> IBM [Ver = 3.01 built by: WinDDK | Size = 64256 bytes | Modified Date = 24-9-2004 1:39:58 | Attr = ]
(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %System32%\drivers\ibmpmdrv.sys -> Lenovo. [Ver = 1.43 | Size = 21424 bytes | Modified Date = 31-5-2007 19:01:30 | Attr = ]
(IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> %System32%\drivers\IBMBLDID.sys -> [Ver = | Size = 4224 bytes | Modified Date = 2-4-2007 11:24:08 | Attr = ]
(KLIF) KLIF [File_System | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19-7-2007 15:10:28 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LucentSoftModem) Lucent Technologies Soft Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\LTSM.sys -> Lucent Technologies [Ver = 3.1.92.1 3.1.92.1 07/18/2001 12:51:10 | Size = 802683 bytes | Modified Date = 18-8-2001 5:28:10 | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 9-4-2003 22:48:08 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 18-8-2001 5:52:12 | Attr = ]
(NSCIRDA) Stuurprogramma voor NSC-infraroodapparaat [Kernel | On_Demand | Running] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 4-8-2004 7:00:52 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(psadd) Lenovo Parties Service Access Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\psadd.sys -> Lenovo (United States) Inc. [Ver = 6.1.1009.0 | Size = 21376 bytes | Modified Date = 19-2-2007 6:56:46 | Attr = ]
(Ptilink) Stuurprogramma voor Directe parallelle verbinding [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 7-9-2001 15:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.22a | Size = 20576 bytes | Modified Date = 8-12-2004 13:03:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 18-8-2001 5:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 18-8-2001 5:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 18-8-2001 5:52:18 | Attr = ]
(s24trans) WLAN-transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 11, 1, 1, 0 | Size = 12416 bytes | Modified Date = 29-5-2007 15:29:30 | Attr = ]
(S3SSavage) S3SSavage [Kernel | On_Demand | Stopped] -> %System32%\drivers\s3ssavm.sys -> S3 Graphics, Inc. [Ver = 6.13.10.1236-12.90.36 | Size = 95104 bytes | Modified Date = 1-11-2001 10:57:14 | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10-10-2006 13:53:48 | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-2-2006 17:51:08 | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27-2-2007 12:39:26 | Attr = ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %System32%\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 33052 bytes | Modified Date = 7-8-2007 1:15:07 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13-11-2007 11:25:55 | Attr = ]
(Shockprf) Shockprf [Kernel | Boot | Running] -> %System32%\drivers\ApsX86.sys -> Lenovo. [Ver = 1.53.0.1 | Size = 103472 bytes | Modified Date = 28-9-2007 16:29:00 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 4-8-2004 7:07:44 | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5160 | Size = 266880 bytes | Modified Date = 23-6-2004 18:42:46 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 18-8-2001 6:07:44 | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 187, 0 | Size = 51176 bytes | Modified Date = 18-10-2007 20:18:44 | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 14-7-2004 19:29:04 | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 14-7-2004 19:28:50 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 18-8-2001 6:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 18-8-2001 6:07:36 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 18-8-2001 6:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 18-8-2001 6:07:42 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 270928 bytes | Modified Date = 16-6-2004 18:47:28 | Attr = ]
(TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> %System32%\drivers\tcusb.sys -> UPEK Inc. [Ver = 1.9.2.99 | Size = 47376 bytes | Modified Date = 14-8-2007 14:25:52 | Attr = ]
(TDSMAPI) TDSMAPI [Kernel | System | Running] -> %System32%\drivers\TDSMAPI.SYS -> [Ver = | Size = 9341 bytes | Modified Date = 29-7-2004 9:36:00 | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2271 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86202 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
(TPDIGIMN) TPDIGIMN [Kernel | Boot | Running] -> %System32%\drivers\ApsHM86.sys -> Lenovo. [Ver = 1.53.0.1 built by: WinDDK | Size = 19504 bytes | Modified Date = 28-9-2007 16:28:00 | Attr = ]
(TPHKDRV) TPHKDRV [Kernel | System | Running] -> %System32%\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 17699 bytes | Modified Date = 5-7-2005 14:57:06 | Attr = ]
(TPPWR) TPPWR [Kernel | System | Running] -> %System32%\drivers\TPPWR.SYS -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 16384 bytes | Modified Date = 29-7-2004 9:37:00 | Attr = ]
(TSMAPIP) TSMAPIP [Kernel | System | Running] -> %System32%\drivers\TSMAPIP.SYS -> [Ver = | Size = 7168 bytes | Modified Date = 15-7-2004 10:31:00 | Attr = ]
(TwoTrack) Stuurprogramma voor IBM PS/2 TrackPoint Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\TwoTrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Modified Date = 18-8-2001 5:48:14 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Versie 0603) | Size = 36736 bytes | Modified Date = 18-8-2001 5:52:22 | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Modified Date = 14-11-2007 16:05:16 | Attr = ]
(w22n51) Stuurprogramma Intel® PRO/Wireless 2200-adapter voor Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w22n51.sys -> Intel® Corporation [Ver = 8010-28 Driver | Size = 3151232 bytes | Modified Date = 30-8-2004 1:26:58 | Attr = ]
(w29n51) Stuurprogramma voor Intel® PRO/Wireless 2200BG-netwerkverbinding onder Windows XP [Kernel | On_Demand | Running] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9.0.4.36 Driver | Size = 2210048 bytes | Modified Date = 4-4-2007 13:46:52 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.02.03.00 built by: WinDDK | Size = 676096 bytes | Modified Date = 22-7-2004 23:24:52 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 12-1-2006 19:52:32 | Attr = ]
ACTray -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4.42 | Size = 413696 bytes | Modified Date = 5-7-2007 14:58:40 | Attr = ]
ACWLIcon -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4.42 | Size = 126976 bytes | Modified Date = 5-7-2007 14:51:48 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5154 | Size = 344064 bytes | Modified Date = 6-2-2007 21:00:00 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21-12-2007 19:19:26 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 16-6-2004 18:53:02 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 16-6-2004 18:53:34 | Attr = ]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 2-10-2006 10:19:48 | Attr = ]
TVT Scheduler Proxy -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,500,0 | Size = 540672 bytes | Modified Date = 1-8-2007 11:07:46 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 14-11-2007 16:05:06 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 21-12-2007 19:19:32 | Attr = ]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 21-12-2007 19:19:32 | Attr = ]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 21-12-2007 19:19:32 | Attr = ]
*MultiFile Done* -> ->
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 21-12-2007 19:19:32 | Attr = ]
*MultiFile Done* -> ->
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten ->
-> %SystemDrive%\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten ->
-> %SystemDrive%\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< Jp Startup Folder > -> C:\Documents and Settings\Jp\Menu Start\Programma's\Opstarten ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 17-3-2003 19:04:52 | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20-12-2006 13:55:48 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005] > -> HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19-4-2007 13:41:36 | Attr = ]
ACNotify -> ACNotify.dll -> File not found
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 6-2-2007 23:34:40 | Attr = ]
tpfnf2 -> %System32%\notifyf2.dll -> [Ver = | Size = 28672 bytes | Modified Date = 5-7-2005 23:45:08 | Attr = ]
tphotkey -> %System32%\tphklock.dll -> [Ver = | Size = 24576 bytes | Modified Date = 30-11-2005 20:16:02 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005] > -> HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
< HOSTS File > (773 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.be ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.be/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> www.google.be[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.google.be/ ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.google.be/ ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\] > -> ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\: Main\\Start Page -> http://www.google.be/ ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\: SearchURL\\ -> www.google.be[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\] > -> HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\] > -> HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12-1-2006 19:38:22 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 2-9-2004 9:05:00 | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 23-9-2005 20:41:42 | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 23-9-2005 20:41:42 | Attr = ]
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Adobe PDF] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\] > -> HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Adobe PDF] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Convert link target to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert link target to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\] > -> HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31-8-2007 16:46:14 | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\] > -> HKEY_USERS\S-1-5-21-2649566233-427183843-99550397-1005\Software\Microsoft\Internet Explorer\MenuExt\ ->
Convert link target to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert link target to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selected links to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert selection to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to Adobe PDF -> Reg Error: Value does not exist or could not be read. -> File not found
Convert to existing PDF -> Reg Error: Value does not exist or could not be read. -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0D2EB075-9467-4A92-9E48-4572BA71008E} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{1295A813-C2E2-4BB5-9441-3903327B7317} -> (Intel® PRO/1000 MT Mobile Connection) ->
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[Symantec AntiVirus scanner] ->
{2DAD3559-2923-4935-AD49-B673D2539944}[HKEY_LOCAL_MACHINE] -> http://www-307.ibm.com/pc/support/acpir.cab[IASRunner Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupd...b?1193020774116[WUWebControl Class] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[Symantec RuFSI Utility Class] ->
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.4.1/...all-141-win.cab[Java Plug-in 1.4.1] ->



[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 21-12-2007 20:13:10 | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 4-1-2008 1:26:25 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146357248 bytes | Created Date = 6-1-2008 16:51:24 | Attr = HS]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 21-12-2007 19:19:45 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 21-12-2007 19:19:44 | Attr = ]
BRPAR.SYS -> %System32%\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Created Date = 13-12-2007 11:52:51 | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 18-12-2007 6:55:51 | Attr = ]
BRDIAG.HLP -> %System32%\BRDIAG.HLP -> [Ver = | Size = 173868 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
Brdiag2.exe -> %System32%\Brdiag2.exe -> brother Industries, Ltd [Ver = 2.53 | Size = 184320 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRDIAG2.HLP -> %System32%\BRDIAG2.HLP -> [Ver = | Size = 162057 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRGSRC16.DLL -> %System32%\BRGSRC16.DLL -> [Ver = | Size = 4608 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRGSRC32.DLL -> %System32%\BRGSRC32.DLL -> [Ver = | Size = 26624 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
brlm03a.dll -> %System32%\brlm03a.dll -> brother Industries Ltd [Ver = 0, 0, 1, 2 | Size = 21583 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BROSNMP.DLL -> %System32%\BROSNMP.DLL -> [Ver = | Size = 77824 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
brrbtool.exe -> %System32%\brrbtool.exe -> Brother Industries Ltd [Ver = 1.16 | Size = 65536 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRSPL03D.DLL -> %System32%\BRSPL03D.DLL -> Brother Industries, Ltd [Ver = 1.05 | Size = 163840 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRSPL03D.EXE -> %System32%\BRSPL03D.EXE -> Brother Industries,ltd [Ver = 3.70 | Size = 131072 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRSS01A.EXE -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
brss01a.ini -> %System32%\brss01a.ini -> [Ver = | Size = 30 bytes | Created Date = 13-12-2007 11:52:30 | Attr = ]
brsvc01a.bsi -> %System32%\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Created Date = 13-12-2007 11:52:29 | Attr = ]
BRSVC01A.EXE -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 4 | Size = 57344 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRVPD95A.DLL -> %System32%\BRVPD95A.DLL -> brother industries, ltd [Ver = 1.03 | Size = 40960 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BRVPDNTA.DLL -> %System32%\BRVPDNTA.DLL -> brother Industries Ltd [Ver = 1, 0, 2, 0 | Size = 49152 bytes | Created Date = 13-12-2007 11:52:52 | Attr = ]
BrWebIns.dll -> %System32%\BrWebIns.dll -> brother [Ver = 1, 0, 9, 1 | Size = 81920 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRWEBUP.EXE -> %System32%\BRWEBUP.EXE -> brother [Ver = 1, 0, 8, 2 | Size = 65536 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
PDRVINST.DLL -> %System32%\PDRVINST.DLL -> brother [Ver = 1, 2, 3, 0 | Size = 184320 bytes | Created Date = 13-12-2007 11:52:21 | Attr = ]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI -> [Ver = | Size = 40 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 0 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
Brownie.ini -> %SystemRoot%\Brownie.ini -> [Ver = | Size = 23 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 26 bytes | Created Date = 13-12-2007 11:52:31 | Attr = ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI -> [Ver = | Size = 145 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 462 bytes | Created Date = 13-12-2007 11:52:31 | Attr = ]
bw6050.ini -> %SystemRoot%\bw6050.ini -> [Ver = | Size = 0 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
hl-6050.ini -> %SystemRoot%\hl-6050.ini -> [Ver = | Size = 8634 bytes | Created Date = 13-12-2007 11:52:50 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Created Date = 21-12-2007 18:44:13 | Attr = ]
SecTaskMan -> %AllUsersAppData%\SecTaskMan -> [Folder | Created Date = 12-12-2007 13:32:45 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Created Date = 21-12-2007 19:20:02 | Attr = ]
Brother -> %UserAppData%\Brother -> [Folder | Created Date = 13-12-2007 11:53:45 | Attr = R ]
Help -> %UserAppData%\Help -> [Folder | Created Date = 18-12-2007 6:50:23 | Attr = ]
Smart PC Solutions -> %UserAppData%\Smart PC Solutions -> [Folder | Created Date = 12-12-2007 13:16:29 | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 20-12-2007 23:35:54 | Attr = ]
VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Created Date = 20-12-2007 23:53:35 | Attr = ]
Help -> %LocalAppData%\Help -> [Folder | Created Date = 18-12-2007 6:50:23 | Attr = ]
Doc1.doc -> %UserDocuments%\Doc1.doc -> [Ver = | Size = 285184 bytes | Created Date = 30-12-2007 7:36:53 | Attr = ]
VANGHELUWE_BMB_20071216.pdf -> %UserDocuments%\VANGHELUWE_BMB_20071216.pdf -> [Ver = | Size = 8354 bytes | Created Date = 16-12-2007 17:07:59 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1801 bytes | Created Date = 21-12-2007 0:29:34 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1801 bytes | Created Date = 21-12-2007 0:29:33 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1543 bytes | Created Date = 21-12-2007 19:19:46 | Attr = ]
HL-6050 Interactieve Help.lnk -> %AllUsersDesktop%\HL-6050 Interactieve Help.lnk -> [Ver = | Size = 1782 bytes | Created Date = 13-12-2007 11:52:53 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 791 bytes | Created Date = 22-12-2007 4:16:30 | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 22-12-2007 4:13:24 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier
avgas-setup-7.5.1.43.exe -> %UserDesktop%\avgas-setup-7.5.1.43.exe -> [Ver = | Size = 12413440 bytes | Created Date = 3-1-2008 1:18:23 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 22-12-2007 1:54:05 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 22-12-2007 1:53:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 944 bytes | Created Date = 21-12-2007 17:01:54 | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 22-12-2007 4:15:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 6-1-2008 13:19:20 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464885 bytes | Created Date = 6-1-2008 13:18:36 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 6-1-2008 18:01:30 | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 4-1-2008 1:26:25 | Attr = ]
BK6DATA.ZIP -> %SystemDrive%\BK6DATA.ZIP -> [Ver = | Size = 1459286 bytes | Modified Date = 11-12-2007 18:49:46 | Attr = ]
BKEVENT.DT6 -> %SystemDrive%\BKEVENT.DT6 -> [Ver = | Size = 2962432 bytes | Modified Date = 6-1-2008 13:16:19 | Attr = ]
BKFIXFLE.SAV -> %SystemDrive%\BKFIXFLE.SAV -> [Ver = | Size = 713400 bytes | Modified Date = 6-1-2008 13:16:44 | Attr = ]
BKLOCATE.DT6 -> %SystemDrive%\BKLOCATE.DT6 -> [Ver = | Size = 505856 bytes | Modified Date = 6-1-2008 13:16:19 | Attr = ]
BKMARR.DT6 -> %SystemDrive%\BKMARR.DT6 -> [Ver = | Size = 568320 bytes | Modified Date = 6-1-2008 13:15:23 | Attr = ]
BKMESSG.DT6 -> %SystemDrive%\BKMESSG.DT6 -> [Ver = | Size = 131072 bytes | Modified Date = 5-1-2008 11:31:26 | Attr = ]
BKOTHER.DT6 -> %SystemDrive%\BKOTHER.DT6 -> [Ver = | Size = 881664 bytes | Modified Date = 6-1-2008 13:16:44 | Attr = ]
BKPERSON.DT6 -> %SystemDrive%\BKPERSON.DT6 -> [Ver = | Size = 2794496 bytes | Modified Date = 6-1-2008 13:16:44 | Attr = ]
BKSOURCE.DT6 -> %SystemDrive%\BKSOURCE.DT6 -> [Ver = | Size = 32768 bytes | Modified Date = 27-12-2007 13:46:44 | Attr = ]
BKSOURPT.DT6 -> %SystemDrive%\BKSOURPT.DT6 -> [Ver = | Size = 15360 bytes | Modified Date = 27-12-2007 13:46:44 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 22-12-2007 4:16:33 | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4-1-2008 1:21:45 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146357248 bytes | Modified Date = 6-1-2008 17:02:41 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28-12-2007 3:19:20 | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6-1-2008 17:45:16 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21-12-2007 19:19:45 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 21-12-2007 19:19:44 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 15976480 bytes | Modified Date = 7-1-2008 8:10:13 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 172604 bytes | Modified Date = 6-1-2008 17:00:47 | Attr = HS]
brss01a.ini -> %System32%\brss01a.ini -> [Ver = | Size = 30 bytes | Modified Date = 13-12-2007 11:52:30 | Attr = ]
brsvc01a.bsi -> %System32%\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Modified Date = 13-12-2007 11:52:29 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 18-12-2007 6:55:55 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3-1-2008 11:21:08 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 22-12-2007 3:21:34 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6-1-2008 18:01:30 | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 3-1-2008 11:21:12 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4-1-2008 2:04:53 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353365 bytes | Modified Date = 6-1-2008 17:02:53 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 22-12-2007 3:15:12 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 18-12-2007 6:57:00 | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 18-12-2007 6:58:26 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 22-12-2007 3:17:18 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6-1-2008 17:02:45 | Attr = S]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI -> [Ver = | Size = 40 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 0 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
Brownie.ini -> %SystemRoot%\Brownie.ini -> [Ver = | Size = 23 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 26 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI -> [Ver = | Size = 145 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 462 bytes | Modified Date = 13-12-2007 12:20:23 | Attr = ]
bw6050.ini -> %SystemRoot%\bw6050.ini -> [Ver = | Size = 0 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 4-1-2008 2:02:43 | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 25-12-2007 5:25:57 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 26-12-2007 2:57:48 | Attr = S]
hl-6050.ini -> %SystemRoot%\hl-6050.ini -> [Ver = | Size = 8634 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 22-12-2007 3:20:49 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 29-12-2007 15:44:30 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 22-12-2007 4:16:34 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 7-1-2008 8:01:08 | Attr = ]
MKDEWE.TRN -> %SystemRoot%\MKDEWE.TRN -> [Ver = | Size = 2048 bytes | Modified Date = 7-1-2008 8:08:39 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6-1-2008 18:11:18 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 21-12-2007 19:19:04 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6-1-2008 16:54:34 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 22-12-2007 11:53:00 | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 6-1-2008 20:49:18 | Attr = ]
FRU Task #Hewlett-Packard#hp psc 1200 series#1195555778.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1195555778.job -> [Ver = | Size = 384 bytes | Modified Date = 22-12-2007 11:52:07 | Attr = ]
RegistrySmart Scheduled Scan.job -> %SystemRoot%\tasks\RegistrySmart Scheduled Scan.job -> [Ver = | Size = 420 bytes | Modified Date = 7-1-2008 3:30:00 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6-1-2008 17:02:56 | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Modified Date = 21-12-2007 19:21:21 | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 21-12-2007 19:19:25 | Attr = ]
SecTaskMan -> %AllUsersAppData%\SecTaskMan -> [Folder | Modified Date = 12-12-2007 14:11:15 | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 21-12-2007 17:39:37 | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 7-1-2008 8:00:03 | Attr = ]
Brother -> %UserAppData%\Brother -> [Folder | Modified Date = 13-12-2007 11:53:45 | Attr = R ]
Help -> %UserAppData%\Help -> [Folder | Modified Date = 18-12-2007 6:50:23 | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 21-12-2007 19:19:07 | Attr = S]
Smart PC Solutions -> %UserAppData%\Smart PC Solutions -> [Folder | Modified Date = 12-12-2007 14:08:08 | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 22-12-2007 4:16:30 | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Modified Date = 20-12-2007 23:35:54 | Attr = ]
VSRevoGroup -> %UserAppData%\VSRevoGroup -> [Folder | Modified Date = 20-12-2007 23:53:35 | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 3-1-2008 11:17:04 | Attr = ]
Help -> %LocalAppData%\Help -> [Folder | Modified Date = 18-12-2007 6:50:23 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1996516 bytes | Modified Date = 6-1-2008 17:00:30 | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 21-12-2007 19:19:08 | Attr = ]
Access Connections -> %UserDocuments%\Access Connections -> [Folder | Modified Date = 23-12-2007 15:17:18 | Attr = ]
Afbeeldingen -> %UserDocuments%\Afbeeldingen -> [Folder | Modified Date = 22-12-2007 16:22:09 | Attr = R ]
Doc1.doc -> %UserDocuments%\Doc1.doc -> [Ver = | Size = 285184 bytes | Modified Date = 30-12-2007 7:36:53 | Attr = ]
Downloads -> %UserDocuments%\Downloads -> [Folder | Modified Date = 4-1-2008 2:15:10 | Attr = ]
GENEALOGY -> %UserDocuments%\GENEALOGY -> [Folder | Modified Date = 4-1-2008 13:52:33 | Attr = ]
VANGHELUWE_BMB_20071216.pdf -> %UserDocuments%\VANGHELUWE_BMB_20071216.pdf -> [Ver = | Size = 8354 bytes | Modified Date = 16-12-2007 17:07:59 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1801 bytes | Modified Date = 21-12-2007 0:29:34 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1801 bytes | Modified Date = 21-12-2007 0:29:33 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1543 bytes | Modified Date = 21-12-2007 19:19:46 | Attr = ]
HL-6050 Interactieve Help.lnk -> %AllUsersDesktop%\HL-6050 Interactieve Help.lnk -> [Ver = | Size = 1782 bytes | Modified Date = 13-12-2007 11:52:53 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 791 bytes | Modified Date = 22-12-2007 4:16:31 | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 22-12-2007 4:13:25 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier
avgas-setup-7.5.1.43.exe -> %UserDesktop%\avgas-setup-7.5.1.43.exe -> [Ver = | Size = 12413440 bytes | Modified Date = 3-1-2008 1:18:23 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Modified Date = 22-12-2007 1:54:05 | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 22-12-2007 1:53:21 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 944 bytes | Modified Date = 21-12-2007 17:01:54 | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 22-12-2007 4:15:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 6-1-2008 16:54:33 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464885 bytes | Modified Date = 6-1-2008 13:18:38 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 13-12-2007 11:52:19 | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 21-12-2007 0:28:58 | Attr = ]

[Manual Scans]
< C:\WINDOWS\System32\drivers\doh*.* >
< C:\WINDOWS\System32\csc*.* >
cscdll.dll -> C:\WINDOWS\System32\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 102400 bytes | Modified Date = 4-8-2004 9:03:08 | Attr = ]
cscript.exe -> C:\WINDOWS\System32\cscript.exe -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 98304 bytes | Modified Date = 4-8-2004 9:03:28 | Attr = ]
cscui.dll -> C:\WINDOWS\System32\cscui.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 334848 bytes | Modified Date = 4-8-2004 9:03:08 | Attr = ]
< End of report >

Kind regards - JpMaurice




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users