Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
5 replies to this topic

#1 nmittal

nmittal

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 24 December 2007 - 12:10 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:03 AM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\EHTray.exe
C:\WINDOWS\system32\ardCo02\ardCo021099.exe
C:\WINDOWS\17PHolmes1000106.exe
C:\WINDOWS\17PHolmes77.exe
C:\Program Files\Common Files\AVSystemCare\ugac.exe
C:\Program Files\Common Files\AVSystemCare\bm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nidhi Mittal\Desktop\VundoFix.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\AVSystemCare\pgs.exe
C:\WINDOWS\ehome\ehshell.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nidhi Mittal\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\AVSystemCare\Tools\pblock.dll
O2 - BHO: (no name) - {673A95DB-88A4-4C1F-8A4A-08F6698395DA} - C:\Program Files\Movie Maker\honewC:\DOCUME~1\NIDHIM~1\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\AVSystemCare\Tools\sbiebho.dll
O2 - BHO: (no name) - {7EDFD6B3-5D8C-4231-A216-6835ADE8E60C} - C:\Program Files\Movie Maker\honewC:\WINDOWS\system32\to9\parreo83122.exe.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [{0E-E0-09-92-ZN}] C:\DOCUME~1\NIDHIM~1\LOCALS~1\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [AVSystemCare] C:\Program Files\AVSystemCare\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKLM\..\RunOnce: [NSIS.Library.RegTool.v2] "C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{F5730FF3-B439-4E1D-9B8D-B96F78131E56}.exe" /S
O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\AVSystemCare\pgs.exe" /empty
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\T0CHD001.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154049655359
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

--
End of file - 8952 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:24 AM

Posted 05 January 2008 - 09:00 AM

Hello nmittal and welcome to the BC HijackThis forum. Let's see what else we can find.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Disabled MS Config Items
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 nmittal

nmittal
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 08 January 2008 - 06:26 PM

WinPFind35 logfile created on: 1/8/2008 6:25:15 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\Nidhi Mittal\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

1022.07 Mb Total Physical Memory | 486.84 Mb Available Physical Memory | 47.63% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.21% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 41.17 Gb Free Space | 28.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: NIDHI
Current User Name: Nidhi Mittal
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
windomainlogon.exe -> %ProgramFiles%\NETGEAR\WG311v3\WinDomainlogon.exe -> [Ver = 3, 2, 32, 306 | Size = 1486848 bytes | Modified Date = 1/25/2006 3:57:38 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/4/2005 4:02:58 AM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 300544 bytes | Modified Date = 3/8/2002 3:33:10 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 169984 bytes | Modified Date = 3/8/2002 3:30:24 AM | Attr = ]
windomainlogon.exe -> %ProgramFiles%\NETGEAR\WG311v3\WinDomainlogon.exe -> [Ver = 3, 2, 32, 306 | Size = 1486848 bytes | Modified Date = 1/25/2006 3:57:38 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 11:20:44 PM | Attr = ]
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 94208 bytes | Modified Date = 10/5/2005 3:12:00 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
vptray.exe -> %ProgramFiles%\NavNT\vptray.exe -> Symantec Corporation [Ver = 7.61.00.945 | Size = 77824 bytes | Modified Date = 1/29/2003 5:36:02 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/21/2007 9:56:15 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/19/2003 5:48:14 PM | Attr = ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
wlancfg5.exe -> %ProgramFiles%\NETGEAR\WG311v3\wlancfg5.exe -> [Ver = 3, 2, 32, 306 | Size = 1486848 bytes | Modified Date = 1/25/2006 3:57:38 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 1:02:26 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 11/24/2007 8:43:19 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 11/24/2007 8:43:26 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/21/2007 9:56:16 AM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 11:42:38 AM | Attr = ]
defwatch.exe -> %ProgramFiles%\NavNT\defwatch.exe -> Symantec Corporation [Ver = 7.61.00.945 | Size = 32768 bytes | Modified Date = 1/29/2003 5:14:40 PM | Attr = ]
pds.exe -> %System32%\CBA\PDS.EXE -> Intel® Corporation [Ver = 6.12.0.105 E | Size = 32819 bytes | Modified Date = 1/10/2003 2:54:56 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\NavNT\rtvscan.exe -> Symantec Corporation [Ver = 7.61.00.945 | Size = 487424 bytes | Modified Date = 1/29/2003 5:18:22 PM | Attr = ]
xfr.exe -> %System32%\CBA\XFR.EXE -> Intel® Corporation [Ver = 6.12.0.105 E | Size = 36915 bytes | Modified Date = 1/10/2003 2:55:14 PM | Attr = ]
msgsys.exe -> %System32%\MSGSYS.EXE -> Intel® Corporation [Ver = 6.12.0.105 E | Size = 28729 bytes | Modified Date = 1/10/2003 2:54:12 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 12/23/2007 6:13:41 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 5 | Size = 561152 bytes | Modified Date = 7/6/2007 1:02:26 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/4/2005 4:02:58 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 11/24/2007 8:43:19 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 11/24/2007 8:43:26 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/21/2007 9:56:16 AM | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 11:42:38 AM | Attr = ]
(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\NavNT\defwatch.exe -> Symantec Corporation [Ver = 7.61.00.945 | Size = 32768 bytes | Modified Date = 1/29/2003 5:14:40 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 12/8/2007 5:59:33 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(Intel File Transfer) Intel File Transfer [Win32_Own | Auto | Running] -> %System32%\CBA\XFR.EXE -> Intel® Corporation [Ver = 6.12.0.105 E | Size = 36915 bytes | Modified Date = 1/10/2003 2:55:14 PM | Attr = ]
(Intel PDS) Intel PDS [Win32_Own | Auto | Running] -> %System32%\CBA\PDS.EXE -> Intel® Corporation [Ver = 6.12.0.105 E | Size = 32819 bytes | Modified Date = 1/10/2003 2:54:56 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.1 | Size = 300544 bytes | Modified Date = 3/8/2002 3:33:10 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 11:26:40 AM | Attr = ]
(Norton AntiVirus Server) Norton AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\NavNT\rtvscan.exe -> Symantec Corporation [Ver = 7.61.00.945 | Size = 487424 bytes | Modified Date = 1/29/2003 5:18:22 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/21/2007 9:56:15 AM | Attr = ]
bm -> %CommonProgramFiles%\AVSystemCare\bm.exe -> File not found
DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 94208 bytes | Modified Date = 10/5/2005 3:12:00 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 11:20:44 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/19/2003 5:48:14 PM | Attr = ]
vptray -> %ProgramFiles%\NavNT\vptray.exe -> Symantec Corporation [Ver = 7.61.00.945 | Size = 77824 bytes | Modified Date = 1/29/2003 5:36:02 PM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ]
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/16/2005 4:43:08 AM | Attr = HS]
%AllUsersStartup%\NETGEAR WG311v3 Smart Wizard.lnk -> %SystemRoot%\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe -> [Ver = | Size = 1078 bytes | Modified Date = 7/27/2006 6:51:14 PM | Attr = R ]
< Nidhi Mittal Startup Folder > -> C:\Documents and Settings\Nidhi Mittal\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/16/2005 4:43:08 AM | Attr = HS]
< ICQ Agent [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ ->
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
MrvGINA.dll -> %System32%\MrvGINA.dll -> Marvell® [Ver = 1.00.01.001 | Size = 32768 bytes | Modified Date = 10/24/2005 9:12:18 AM | Attr = ]
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{04E621B0-C7A5-4D01-851B-D2E4120F1053} -> (NETGEAR WG311v3 802.11g Wireless PCI Adapter) ->
{1DAA88CF-21CE-429E-B401-900DB29ECF4C} -> () ->
{DABA902E-B525-4FA5-A7D2-C3CC875748C3} -> (Intel® PRO/100 VE Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 11:42:30 AM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/...b?1154049655359[WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab[Java Plug-in 1.4.2_03] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab[Java Plug-in 1.4.2_03] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 744 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 29679 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10244:TCP -> 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10285:UDP -> 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10286:UDP -> 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10287:UDP -> 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10288:UDP -> 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10289:UDP -> 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe -> C:\Program Files\uTorrent\utorrent.exe [C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 177152 bytes | Modified Date = 2/15/2007 3:17:12 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 15338560 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 7.1 | Size = 169984 bytes | Modified Date = 3/8/2002 3:30:24 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 11:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 6:55:59 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
ĺ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->


[Files/Folders - Created Within 30 days]
AVSystemCare -> %SystemDrive%\AVSystemCare -> [Folder | Created Date = 12/23/2007 11:31:24 PM | Attr = HS]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/10/2007 10:24:21 PM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/11/2007 5:51:09 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/18/2007 9:01:56 PM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/18/2007 9:04:26 PM | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/18/2007 9:35:48 PM | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/18/2007 9:37:00 PM | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/18/2007 10:11:42 PM | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/18/2007 10:30:55 PM | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/19/2007 12:10:58 AM | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/21/2007 7:03:01 PM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/10/2007 10:24:21 PM | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/11/2007 5:51:09 PM | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/18/2007 9:01:56 PM | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/18/2007 9:04:26 PM | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/18/2007 9:35:48 PM | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/18/2007 9:37:00 PM | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/18/2007 10:11:42 PM | Attr = H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/18/2007 10:30:55 PM | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/19/2007 12:10:58 AM | Attr = H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/21/2007 7:03:01 PM | Attr = H ]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 12/23/2007 11:28:04 PM | Attr = ]
ardCo02 -> %System32%\ardCo02 -> [Folder | Created Date = 12/23/2007 11:28:04 PM | Attr = ]
b1 -> %System32%\b1 -> [Folder | Created Date = 12/23/2007 11:28:05 PM | Attr = ]
dj2 -> %System32%\dj2 -> [Folder | Created Date = 12/23/2007 11:28:05 PM | Attr = ]
to9 -> %System32%\to9 -> [Folder | Created Date = 12/23/2007 11:28:05 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 1/8/2008 5:45:22 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Rabio -> %AllUsersAppData%\Rabio -> [Folder | Created Date = 12/23/2007 11:31:21 PM | Attr = ]
SalesMon -> %AllUsersAppData%\SalesMon -> [Folder | Created Date = 12/23/2007 11:30:50 PM | Attr = R ]
AVSystemCare -> %UserAppData%\AVSystemCare -> [Folder | Created Date = 12/23/2007 11:30:52 PM | Attr = ]
microsoft -> %AllUsersDocuments%\microsoft -> [Folder | Created Date = 12/29/2007 11:12:52 AM | Attr = ]
backups -> %UserDesktop%\backups -> [Folder | Created Date = 12/30/2007 11:19:35 PM | Attr = ]
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 12/24/2007 12:09:20 AM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/8/2008 6:24:05 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 1/8/2008 6:23:58 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 1/5/2008 10:30:11 AM | Attr = RH ]
AVSystemCare -> %SystemDrive%\AVSystemCare -> [Folder | Modified Date = 12/23/2007 11:31:24 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071796224 bytes | Modified Date = 1/7/2008 5:52:15 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/2/2008 6:33:59 PM | Attr = ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/10/2007 10:24:21 PM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/11/2007 5:51:09 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/18/2007 9:01:56 PM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/18/2007 9:04:26 PM | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/18/2007 9:35:48 PM | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/18/2007 9:37:00 PM | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/18/2007 10:11:42 PM | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/18/2007 10:30:55 PM | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/19/2007 12:10:58 AM | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/21/2007 7:03:01 PM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/10/2007 10:24:21 PM | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/11/2007 5:51:09 PM | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/18/2007 9:01:56 PM | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/18/2007 9:04:26 PM | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/18/2007 9:35:48 PM | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/18/2007 9:37:00 PM | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/18/2007 10:11:42 PM | Attr = H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/18/2007 10:30:55 PM | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/19/2007 12:10:58 AM | Attr = H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/21/2007 7:03:01 PM | Attr = H ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 12/23/2007 11:28:06 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/8/2008 5:45:28 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/21/2007 9:56:17 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 12/21/2007 9:56:11 AM | Attr = ]
ardCo02 -> %System32%\ardCo02 -> [Folder | Modified Date = 12/24/2007 10:57:47 AM | Attr = ]
b1 -> %System32%\b1 -> [Folder | Modified Date = 12/23/2007 11:28:11 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/7/2008 5:52:39 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 12/18/2007 10:22:19 PM | Attr = ]
dj2 -> %System32%\dj2 -> [Folder | Modified Date = 12/29/2007 10:59:09 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/12/2007 5:52:49 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 12/24/2007 12:15:59 AM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 12/31/2007 5:52:54 PM | Attr = ]
to9 -> %System32%\to9 -> [Folder | Modified Date = 12/24/2007 11:14:57 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/2/2008 4:05:38 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 5:45:28 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/7/2008 5:52:20 PM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/12/2007 5:50:52 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/8/2008 5:45:53 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 12/24/2007 10:44:05 AM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 1/8/2008 5:45:22 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 12/29/2007 10:38:05 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/2/2008 6:22:07 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/8/2008 6:24:06 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/7/2008 5:52:44 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 12/31/2007 5:51:59 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 1/8/2008 5:46:00 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 966 bytes | Modified Date = 1/2/2008 6:03:16 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/2/2008 5:22:00 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/7/2008 5:52:25 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Modified Date = 12/12/2007 5:51:30 PM | Attr = ]
Rabio -> %AllUsersAppData%\Rabio -> [Folder | Modified Date = 12/23/2007 11:31:21 PM | Attr = ]
SalesMon -> %AllUsersAppData%\SalesMon -> [Folder | Modified Date = 12/23/2007 11:30:50 PM | Attr = R ]
AdobeUM -> %UserAppData%\AdobeUM -> [Folder | Modified Date = 12/12/2007 6:31:19 PM | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 1/5/2008 10:28:52 AM | Attr = ]
AVSystemCare -> %UserAppData%\AVSystemCare -> [Folder | Modified Date = 12/23/2007 11:39:46 PM | Attr = ]
Macromedia -> %UserAppData%\Macromedia -> [Folder | Modified Date = 12/31/2007 5:52:10 PM | Attr = ]
uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 12/31/2007 5:45:10 PM | Attr = ]
Vso -> %UserAppData%\Vso -> [Folder | Modified Date = 12/26/2007 9:17:18 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 1/7/2008 9:11:33 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 238080 bytes | Modified Date = 1/2/2008 6:25:54 PM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 12/20/2007 6:01:48 PM | Attr = ]
WMTools Downloaded Files -> %LocalAppData%\WMTools Downloaded Files -> [Folder | Modified Date = 12/18/2007 11:14:15 PM | Attr = ]
microsoft -> %AllUsersDocuments%\microsoft -> [Folder | Modified Date = 12/29/2007 11:12:52 AM | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 12/23/2007 11:34:07 PM | Attr = R ]
Nidhi desktop -> %AllUsersDocuments%\Nidhi desktop -> [Folder | Modified Date = 12/21/2007 7:05:09 PM | Attr = ]
Recorded TV -> %AllUsersDocuments%\Recorded TV -> [Folder | Modified Date = 1/7/2008 10:35:07 PM | Attr = ]
ConvertXtoDVD -> %UserDocuments%\ConvertXtoDVD -> [Folder | Modified Date = 12/26/2007 7:21:24 PM | Attr = ]
Downloads -> %UserDocuments%\Downloads -> [Folder | Modified Date = 1/5/2008 10:36:29 AM | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 12/18/2007 9:46:02 PM | Attr = R ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 12/21/2007 11:04:13 AM | Attr = ]
backups -> %UserDesktop%\backups -> [Folder | Modified Date = 12/30/2007 11:19:35 PM | Attr = ]
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 12/24/2007 12:09:20 AM | Attr = ]
NIDHI -> %UserDesktop%\NIDHI -> [Folder | Modified Date = 1/8/2008 6:13:28 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/8/2008 6:24:05 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 1/8/2008 6:23:57 PM | Attr = ]
NETGEAR WG311v3 Smart Wizard.lnk -> %AllUsersStartup%\NETGEAR WG311v3 Smart Wizard.lnk -> [Ver = | Size = 2329 bytes | Modified Date = 1/7/2008 5:52:29 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 11809 bytes | Modified Date = 1/8/2008 5:45:52 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 11424 bytes | Modified Date = 1/8/2008 5:45:52 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 7/28/2006 7:41:43 PM | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 3/16/2007 9:11:16 PM | Attr = ]
global.dat -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\global.dat -> [Ver = | Size = 506 bytes | Modified Date = 12/8/2007 6:23:09 PM | Attr = ]
opera6.ini -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\opera6.ini -> [Ver = | Size = 237 bytes | Modified Date = 12/8/2007 6:21:39 PM | Attr = ]
opera6.ini -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\profile\opera6.ini -> [Ver = | Size = 479 bytes | Modified Date = 12/8/2007 6:21:39 PM | Attr = ]
settings.ini -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\NI.UGA6P_0001_N122M2210\settings.ini -> [Ver = | Size = 23 bytes | Modified Date = 12/23/2007 11:31:26 PM | Attr = ]
opr00006.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\cache4\opr00006.gif -> [Ver = | Size = 145 bytes | Modified Date = 12/8/2007 6:23:13 PM | Attr = ]
opr00007.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\cache4\opr00007.gif -> [Ver = | Size = 61 bytes | Modified Date = 12/8/2007 6:23:13 PM | Attr = ]
opr00009.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\cache4\opr00009.gif -> [Ver = | Size = 146 bytes | Modified Date = 12/8/2007 6:23:13 PM | Attr = ]
opr0000A.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\cache4\opr0000A.gif -> [Ver = | Size = 43 bytes | Modified Date = 12/8/2007 6:23:13 PM | Attr = ]
opr0000B.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\cache4\opr0000B.gif -> [Ver = | Size = 43 bytes | Modified Date = 12/8/2007 6:23:13 PM | Attr = ]
opr0000C.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\cache4\opr0000C.gif -> [Ver = | Size = 393 bytes | Modified Date = 12/8/2007 6:23:13 PM | Attr = ]
opr0000E.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\cache4\opr0000E.gif -> [Ver = | Size = 43 bytes | Modified Date = 12/8/2007 6:23:13 PM | Attr = ]
opr0000G.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\cache4\opr0000G.gif -> [Ver = | Size = 49 bytes | Modified Date = 12/8/2007 6:23:13 PM | Attr = ]
opr0000H.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\Adobe\Bridge CS3\Opera\cache4\opr0000H.gif -> [Ver = | Size = 86 bytes | Modified Date = 12/8/2007 6:23:13 PM | Attr = ]
0201D24050.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\0201D24050.gif -> [Ver = | Size = 2586 bytes | Modified Date = 12/6/2007 8:33:18 PM | Attr = ]
0201E06149.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\0201E06149.gif -> [Ver = | Size = 6069 bytes | Modified Date = 12/7/2007 10:53:22 PM | Attr = ]
0201E068C0.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\0201E068C0.gif -> [Ver = | Size = 4724 bytes | Modified Date = 12/8/2007 11:03:38 PM | Attr = ]
0201E08DD8.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\0201E08DD8.gif -> [Ver = | Size = 6084 bytes | Modified Date = 12/17/2007 5:52:06 PM | Attr = ]
2B000002CC.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2B000002CC.gif -> [Ver = | Size = 5951 bytes | Modified Date = 12/5/2007 10:36:02 PM | Attr = ]
2B000003C6.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2B000003C6.gif -> [Ver = | Size = 1995 bytes | Modified Date = 12/18/2007 10:33:29 PM | Attr = ]
2B0000049A.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2B0000049A.gif -> [Ver = | Size = 1936 bytes | Modified Date = 12/11/2007 8:31:19 PM | Attr = ]
2B000004D2.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2B000004D2.gif -> [Ver = | Size = 2532 bytes | Modified Date = 12/5/2007 10:31:19 PM | Attr = ]
2B0000055E.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2B0000055E.gif -> [Ver = | Size = 3136 bytes | Modified Date = 12/6/2007 10:26:13 PM | Attr = ]
2B000006D2.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2B000006D2.gif -> [Ver = | Size = 1883 bytes | Modified Date = 12/5/2007 9:57:44 PM | Attr = ]
2B0000111D.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2B0000111D.gif -> [Ver = | Size = 1922 bytes | Modified Date = 12/6/2007 6:45:28 PM | Attr = ]
2B000019B7.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2B000019B7.gif -> [Ver = | Size = 2275 bytes | Modified Date = 12/13/2007 5:07:59 PM | Attr = ]
2B0000291C.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2B0000291C.gif -> [Ver = | Size = 6834 bytes | Modified Date = 12/6/2007 7:26:12 PM | Attr = ]
2B00002B40.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2B00002B40.gif -> [Ver = | Size = 2472 bytes | Modified Date = 12/15/2007 8:23:23 PM | Attr = ]
2C61705F69636F6E.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2C61705F69636F6E.gif -> [Ver = | Size = 6719 bytes | Modified Date = 12/6/2007 6:32:22 PM | Attr = ]
2E000C0000000000000100EFEBD101.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2E000C0000000000000100EFEBD101.gif -> [Ver = | Size = 1870 bytes | Modified Date = 12/15/2007 8:23:25 PM | Attr = ]
2E000C00000000000002007E10E401.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2E000C00000000000002007E10E401.gif -> [Ver = | Size = 1969 bytes | Modified Date = 12/6/2007 6:07:01 PM | Attr = ]
2E000C0000000000000200856B7D01.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\2E000C0000000000000200856B7D01.gif -> [Ver = | Size = 2116 bytes | Modified Date = 12/5/2007 10:09:32 PM | Attr = ]
8BFDC435D3AC5AC572C42BBDC5DC211C.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\8BFDC435D3AC5AC572C42BBDC5DC211C.gif -> [Ver = | Size = 2685 bytes | Modified Date = 12/6/2007 6:32:23 PM | Attr = ]
93594578FE411D26C47200588F3D8BC2.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\93594578FE411D26C47200588F3D8BC2.gif -> [Ver = | Size = 7086 bytes | Modified Date = 12/8/2007 10:56:11 PM | Attr = ]
B29E1C323033A492FADEACE4756E484C.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\B29E1C323033A492FADEACE4756E484C.gif -> [Ver = | Size = 4461 bytes | Modified Date = 12/6/2007 8:33:17 PM | Attr = ]
B774BF06A3CE3DFD0EFA007EBC096AEB.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\B774BF06A3CE3DFD0EFA007EBC096AEB.gif -> [Ver = | Size = 2490 bytes | Modified Date = 12/7/2007 10:42:34 PM | Attr = ]
BD448A78DDF56B20E4144D4058B00E11.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\BD448A78DDF56B20E4144D4058B00E11.gif -> [Ver = | Size = 2037 bytes | Modified Date = 12/8/2007 10:10:19 PM | Attr = ]
E6D14F6780AE27427A65435789ABF344.gif -> C:\Documents and Settings\Nidhi Mittal\Local Settings\Temp\aolbartcache\1\E6D14F6780AE27427A65435789ABF344.gif -> [Ver = | Size = 3846 bytes | Modified Date = 12/6/2007 6:44:46 PM | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:24 AM

Posted 08 January 2008 - 07:33 PM

Hi nmittal. It looks like some cleanup was done on this system since the HijackThis log. Everything looks fine in the WPF35 log. You should be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 nmittal

nmittal
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 08 January 2008 - 07:53 PM

thankyou, i just ran AVG and SuperAnti Spyware, i guess that did the trick

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:24 AM

Posted 09 January 2008 - 05:34 PM

Alrighty then. There you go :thumbsup:

In that case, I will now close this topic.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users