Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse And Memory Reference Errors


  • This topic is locked This topic is locked
19 replies to this topic

#1 Modron

Modron

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 29 December 2007 - 08:31 PM

Below is the log from my HiJackThis scan. I don't know enough not to delete files I may need.

I wasn't thinking about virus/malware protection when I first started using this computer wirelessly at home. AVG free anti-virus identified a trojan horse system32 ... something. I looked it up online and read a bunch of comments that it was a false positive. So, I uninstalled AVG and started using Avast! to avoid the constant AVG notices about it. Now, with Avast! I'm also getting memory reference errors that are closing web pages on me.

(Earthlink is no longer my ISP. I'd be happy to remove any of that installed software. No matter what the version of it has been, it has gunked up every computer I've ever used it on.)

All suggestions are appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:16 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Common Files\AOL\1151453717\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E881009-A7B6-4E62-A17D-6CA4C6318AC2} - C:\WINDOWS\system32\bthser.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151453717\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.powerleap.com/cab_files/InSPECS3_0.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151541410543
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10201 bytes

Edited by Modron, 29 December 2007 - 08:36 PM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:45 AM

Posted 08 January 2008 - 04:24 PM

Hello Modron and welcome to the BC HijackThis forum. I would definitely recommend removing the Earthlink software if you no longer use it. ISP's like Earthlink and AOL do alot more than just install a couple of files with their software. They make many system changes that affect the Internet connection. Having more than one of those ISP packages installed at the same time could very well be the root cause of any connection and/or browser issues.

Also, your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
Note: If there is an Update XX in the name then the "XX" in the version will be whatever the latest version is.
  • Download the latest version of Java Runtime Environment (JRE) 6.0 Update XX (if present).
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_6_0_XX-windowsi586-p.exe to install the newest version.
I only see one questionable entry in the HijackThis log. Let's see if there is anything else. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Disabled MS Config Items
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Modron

Modron
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 13 January 2008 - 10:15 AM

K. Thanks.

WinPFind35 logfile created on: 1/13/2008 9:12:13 AM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\dobrien\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

734.42 Mb Total Physical Memory | 344.72 Mb Available Physical Memory | 46.94% Memory free
1.01 Gb Paging File | 0.65 Gb Available in Paging File | 64.84% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.72 Gb Free Space | 63.68% Space Free | Partition Type: NTFS
Drive D: | 325.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DEBSNOTEBOOK
Current User Name: dobrien
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 8:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 7:00:16 AM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 6:31:26 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 6:27:22 AM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1151453717\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/29/2006 3:44:21 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
dpmw32.exe -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
nwtray.exe -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 10/18/2007 3:21:56 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 7:00:23 AM | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 9:20:54 AM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 11:16:08 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 8:36:33 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 7:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 6:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 6:59:01 AM | Attr = ]
(cusrvc) Client Update Service for Novell [Win32_Own | On_Demand | Stopped] -> %System32%\cusrvc.exe -> Novell, Inc. [Ver = v4.91 | Size = 36864 bytes | Modified Date = 1/18/2005 9:17:56 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 8:49:02 AM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(ADSFilter) ADSFilter - (Aluria Filter Driver) [File_System | On_Demand | Stopped] -> System32\DRIVERS\ADSFilter.sys -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 8:55:46 AM | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 8:53:39 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 8:51:52 AM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.140.16.0 | Size = 376320 bytes | Modified Date = 9/28/2005 3:00:22 PM | Attr = ]
(BW2NDIS5) BW2NDIS5 [Kernel | On_Demand | Stopped] -> System32\Drivers\BW2NDIS5.sys -> File not found
(CAMCAUD) Conexant AMC 3D Environmental Audio [Kernel | On_Demand | Running] -> %System32%\drivers\camcaud.sys -> Conexant Systems Inc. [Ver = 6.13.10.8340 | Size = 292864 bytes | Modified Date = 6/28/2004 1:03:02 PM | Attr = ]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %System32%\drivers\camchal.sys -> Conexant Systems Inc. [Ver = 6.13.10.8340 | Size = 276480 bytes | Modified Date = 6/28/2004 1:03:42 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 12:07:17 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 12:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 3/31/2003 1:00:00 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ftdibus.sys -> FTDI Ltd. [Ver = 1.00.2154 | Size = 24209 bytes | Modified Date = 5/24/2005 11:16:04 AM | Attr = ]
(FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ftser2k.sys -> FTDI Ltd. [Ver = 1.00.2154 | Size = 57404 bytes | Modified Date = 5/24/2005 11:16:04 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 12:21:04 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 207232 bytes | Modified Date = 12/15/2004 2:18:34 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 1038208 bytes | Modified Date = 12/15/2004 2:18:26 PM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3929 | Size = 752093 bytes | Modified Date = 10/8/2004 6:54:56 AM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %System32%\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 4/13/2004 7:20:08 PM | Attr = R ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 10:04:14 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NetwareWorkstation) Novell Client for Windows [File_System | Auto | Running] -> %System32%\NetWare\nwfs.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 497743 bytes | Modified Date = 10/27/2005 4:38:46 PM | Attr = ]
(NICM) Novell InterService Communication Driver [Kernel | Boot | Running] -> %System32%\drivers\nicm.sys -> Novell, Inc. [Ver = 3.0.0.3 | Size = 38848 bytes | Modified Date = 8/19/2004 12:34:06 PM | Attr = ]
(NWDHCP) Novell DHCP Inform Client [File_System | Auto | Running] -> %System32%\NetWare\nwdhcp.sys -> Novell, Inc. [Ver = 4.91.1.0 | Size = 18353 bytes | Modified Date = 11/10/2005 7:53:00 AM | Attr = ]
(NWDNS) Novell DNS Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwdns.sys -> Novell, Inc. [Ver = 4.91.1.0 | Size = 35568 bytes | Modified Date = 9/29/2005 12:04:46 PM | Attr = ]
(NWFILTER) Novell UNC Path Filter [Kernel | Boot | Running] -> %System32%\NetWare\nwfilter.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 15891 bytes | Modified Date = 5/26/2005 6:14:00 PM | Attr = ]
(NWHOST) Novell Host File Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwhost.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 9297 bytes | Modified Date = 10/12/2005 1:12:18 PM | Attr = ]
(NWSAP) Novell SAP Name Space Provider [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsap.sys -> [Ver = | Size = 23232 bytes | Modified Date = 2/26/2003 2:51:18 PM | Attr = ]
(NWSIPX32) Novell NetWare IPX/SPX Transport Interface [File_System | Auto | Stopped] -> %System32%\NetWare\nwsipx32.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 39731 bytes | Modified Date = 10/27/2005 4:15:14 PM | Attr = ]
(NWSLP) Novell SLP Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwslp.sys -> Novell, Inc. [Ver = 4.91.0.1 | Size = 20332 bytes | Modified Date = 1/3/2005 2:51:38 PM | Attr = ]
(NWSNS) Novell Simple Naming Services [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsns.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 6128 bytes | Modified Date = 10/12/2005 1:11:32 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PMEM) PMEM [Kernel | Auto | Stopped] -> %System32%\drivers\pmemnt.sys -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 3/31/2003 1:00:00 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RESMGR) Novell NetWare Resource Manager [Kernel | Auto | Running] -> %System32%\NetWare\resmgr.sys -> Novell, Inc. [Ver = 4.90 | Size = 27249 bytes | Modified Date = 6/1/2004 6:19:34 PM | Attr = ]
(rnjxughr) rnjxughr [Kernel | Boot | Running] -> %System32%\drivers\cczgztyw.dat -> [Ver = | Size = 19456 bytes | Modified Date = 12/13/2007 8:13:19 PM | Attr = ]
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnic51.sys -> Realtek Semiconductor Corporation [Ver = 5.611.1231.2003 built by: WinDDK | Size = 69504 bytes | Modified Date = 4/27/2004 1:03:00 PM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:32 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SRVLOC) Novell Service Location [File_System | Auto | Running] -> %System32%\NetWare\srvloc.sys -> Novell, Inc. [Ver = 4.91.0.1 | Size = 155761 bytes | Modified Date = 10/27/2005 4:21:08 PM | Attr = ]
(STV680) AIPTEK PenCam VR [Kernel | On_Demand | Stopped] -> %System32%\drivers\stv680.sys -> STMicroelectronics [Ver = 1-14 | Size = 113072 bytes | Modified Date = 11/20/2001 9:25:00 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 703232 bytes | Modified Date = 12/15/2004 2:18:28 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 7:00:23 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1151453717\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 6:27:22 AM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb07.exe -> HP [Ver = 2,140,0,0 | Size = 188416 bytes | Modified Date = 1/6/2006 1:07:25 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 6:31:26 AM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 2/17/2006 10:59:46 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
NDPS -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
NWTRAY -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
PRISMSVR.EXE -> %System32%\PRISMSVR.EXE -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/29/2006 3:44:21 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 3:42:38 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 10/18/2007 3:21:56 PM | Attr = ]
UserFaultCheck -> -> File not found
WatchDog -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 7/4/2005 3:47:24 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 9:20:54 AM | Attr = ]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 17 | Size = 1347584 bytes | Modified Date = 8/29/2007 10:55:54 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/20/2006 7:13:24 PM | Attr = HS]
%AllUsersStartup%\DVD Check.lnk -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 7/4/2005 3:47:24 PM | Attr = ]
< dobrien Startup Folder > -> C:\Documents and Settings\dobrien\Start Menu\Programs\Startup ->
%UserStartup%\2WireSetup.lnk -> %ProgramFiles%\2Wire\WebWorks.exe -> [Ver = 1, 0, 0, 1 | Size = 638976 bytes | Modified Date = 10/27/2006 12:35:33 AM | Attr = ]
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/20/2006 7:13:24 PM | Attr = HS]
-> %UserStartup%\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 225280 bytes | Modified Date = 1/4/2007 1:45:11 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
NWGINA.DLL -> %System32%\nwgina.dll -> Novell, Inc. [Ver = v6.5.1 (20050908) | Size = 356433 bytes | Modified Date = 10/25/2005 9:37:36 AM | Attr = ]
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3929 | Size = 344064 bytes | Modified Date = 10/8/2004 6:27:00 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\CompatibleRUPSecurity -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Hosts file not found -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4103 domain(s) found. ->
[msn] -> My Computer ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 37 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00000000-0000-0000-0000-000000000002} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkBhoGuard Class] -> File not found
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{15F4D456-5BAA-4076-8486-EECB38CD3E57} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkScamBHO Class] -> File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 10/18/2007 3:22:24 PM | Attr = ]
{512ACF1B-64D9-4928-B382-A80556F28DB4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ElnkPuB.dll [ElnkPubBHO Class] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{6E881009-A7B6-4E62-A17D-6CA4C6318AC2} [HKEY_LOCAL_MACHINE] -> %System32%\bthser.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 84992 bytes | Modified Date = 8/4/2004 1:56:41 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 3:42:36 AM | Attr = ]
{9579D574-D4D8-4335-9560-FE8641A013BD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ProtctIE.dll [ElnkProtectionBHO Class] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{C7768536-96F8-4001-B1A2-90EE21279187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\Toolbar.dll [EarthLink Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\npjpi160_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 132496 bytes | Modified Date = 12/14/2007 3:42:37 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 3:42:36 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{7EF3898C-C287-4B9B-9D54-BDA9A8E03505} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{7F2B2DB0-A91B-4D56-BEC0-0F994FF2BDB4} -> (Broadcom 802.11b/g WLAN) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [Novell Directory Services Name Provider] -> %System32%\NetWare\nwws2nds.dll -> Novell, Inc. [Ver = 4.91 | Size = 36947 bytes | Modified Date = 10/27/2005 4:24:08 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000005 [Novell IPX/SPX SAP Name Provider] -> %System32%\NetWare\nwws2sap.dll -> Novell, Inc. [Ver = 4.91 | Size = 32851 bytes | Modified Date = 10/27/2005 4:24:08 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000006 [Novell SLP Provider] -> %System32%\NetWare\nwws2slp.dll -> Novell, Inc. [Ver = 4.91 | Size = 49235 bytes | Modified Date = 10/27/2005 4:24:10 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0000000A-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shock...director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\common\yinsthelper.dll[YInstStarter Class] ->
{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{38F5F92F-BD40-40DF-A569-6C1FCB638190}[HKEY_LOCAL_MACHINE] -> http://www.powerleap.com/cab_files/InSPECS3_0.cab[InSPECS3_0 Control] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[HpProductDetection Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1151541410543[MUWebControl Class] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}[HKEY_LOCAL_MACHINE] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx[Get_ActiveX Control] ->
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/web_...aploader_v6.cab[PopCapLoader Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr = ]
nwv1_0 -> %System32%\nwv1_0.dll -> Novell, Inc. [Ver = v4.71 (000217) | Size = 8480 bytes | Modified Date = 2/17/2000 6:54:28 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 700 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 36538 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 1:56:42 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:56 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 6:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:56 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 14144000 bytes | Modified Date = 2/23/2006 4:31:58 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 3/27/2007 2:22:58 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 3.8.0.5004 | Size = 405583 bytes | Modified Date = 1/4/2005 10:50:52 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 3.8.0.5004 | Size = 962638 bytes | Modified Date = 1/4/2005 10:49:52 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpmw32.exe -> C:\WINDOWS\system32\dpmw32.exe [C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener] -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 10:24:37 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 1:17:27 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151453717\ee\aolsoftware.exe -> C:\Program Files\Common Files\AOL\1151453717\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1151453717\ee\aolsoftware.exe:*:Enabled:AOL Services] -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151453717\ee\aim6.exe -> C:\Program Files\Common Files\AOL\1151453717\ee\aim6.exe [C:\Program Files\Common Files\AOL\1151453717\ee\aim6.exe:*:Enabled:AIM] -> America Online, Inc. [Ver = 1.4.9.1 | Size = 50768 bytes | Modified Date = 5/19/2006 11:44:26 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 6:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer] -> RealNetworks, Inc. [Ver = 11.0.0.181 | Size = 214296 bytes | Modified Date = 10/18/2007 3:22:01 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\8097:TCP -> 8097:TCP:*:Enabled:EarthLink UHP Modem Support ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{7EF3898C-C287-4B9B-9D54-BDA9A8E03505} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FE796927-1EE0-4320-BAE7-F6155275EBCA} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{21DA757D-ABAD-4C8F-B781-E4831540BD55} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8814E237-EFED-41EB-8A28-1615BB6E1532} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/13/2008 8:36:15 AM | Attr = HS]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 12/20/2007 8:42:38 PM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 12/20/2007 8:42:34 PM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 12/20/2007 8:42:34 PM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 12/20/2007 8:42:40 PM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 12/20/2007 8:42:39 PM | Attr = ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 12/20/2007 8:42:23 PM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 12/20/2007 8:42:23 PM | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 12/20/2007 8:42:35 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 69632 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 139264 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 12/20/2007 1:08:50 AM | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Created Date = 12/23/2007 9:47:44 AM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 1/13/2008 8:24:04 AM | Attr = ]
~GLC0000.TMP -> %SystemRoot%\~GLC0000.TMP -> [Ver = | Size = 155136 bytes | Created Date = 12/15/2007 3:30:53 PM | Attr = ]
~GLC0001.TMP -> %SystemRoot%\~GLC0001.TMP -> [Ver = | Size = 155136 bytes | Created Date = 12/15/2007 3:32:36 PM | Attr = ]
~GLH0000.TMP -> %SystemRoot%\~GLH0000.TMP -> [Ver = | Size = 5607 bytes | Created Date = 12/15/2007 3:30:54 PM | Attr = ]
~GLH0001.TMP -> %SystemRoot%\~GLH0001.TMP -> [Ver = | Size = 5607 bytes | Created Date = 12/15/2007 3:32:36 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Created Date = 12/23/2007 10:03:08 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 12/20/2007 2:46:10 AM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Created Date = 12/23/2007 10:08:42 AM | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Created Date = 12/23/2007 10:08:34 AM | Attr = ]
A real friend is hard to find.doc -> %UserDocuments%\A real friend is hard to find.doc -> [Ver = | Size = 19968 bytes | Created Date = 12/26/2007 10:02:19 AM | Attr = ]
dotnetfx.exe -> %UserDocuments%\dotnetfx.exe -> Microsoft [Ver = 1.1.4322.573 | Size = 24265736 bytes | Created Date = 12/23/2007 9:20:27 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\dotnetfx.exe:Zone.Identifier
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 12/29/2007 6:58:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier
setupeng.exe -> %UserDocuments%\setupeng.exe -> [Ver = 4, 7, 0, 0 | Size = 18500624 bytes | Created Date = 12/20/2007 8:39:46 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupeng.exe:Zone.Identifier
setupframeworkskd.exe -> %UserDocuments%\setupframeworkskd.exe -> Microsoft [Ver = 1.1.4322.591 | Size = 111366152 bytes | Created Date = 12/23/2007 9:59:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupframeworkskd.exe:Zone.Identifier
spybotsd15.exe -> %UserDocuments%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Created Date = 12/20/2007 2:33:12 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\spybotsd15.exe:Zone.Identifier
TurboDelphi.exe -> %UserDocuments%\TurboDelphi.exe -> Borland Software Corporation [Ver = | Size = 340910242 bytes | Created Date = 12/23/2007 8:52:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TurboDelphi.exe:Zone.Identifier
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Created Date = 12/20/2007 8:42:40 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 12/29/2007 6:59:53 PM | Attr = ]
jre-6u4-windows-i586-p.exe -> %UserDesktop%\jre-6u4-windows-i586-p.exe -> [Ver = | Size = 15852952 bytes | Created Date = 1/13/2008 8:44:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u4-windows-i586-p.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 12/20/2007 2:46:14 AM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/13/2008 8:49:43 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 1/13/2008 8:48:14 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/13/2008 8:45:10 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/13/2008 8:46:02 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/13/2008 8:37:01 AM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/13/2008 8:37:06 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/13/2008 8:26:05 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/13/2008 8:24:03 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/22/2007 7:31:10 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 12/20/2007 8:42:38 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 12/20/2007 8:42:40 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 12/20/2007 1:08:50 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62484 bytes | Modified Date = 1/13/2008 8:22:12 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 400862 bytes | Modified Date = 1/13/2008 8:22:12 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 470828 bytes | Modified Date = 1/13/2008 8:22:11 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 12/20/2007 12:34:00 AM | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Modified Date = 12/23/2007 9:47:44 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/13/2008 8:18:19 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/13/2008 8:24:21 AM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/23/2007 10:09:50 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/13/2008 8:18:00 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/20/2007 12:59:55 AM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/23/2007 7:48:11 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/13/2008 8:24:30 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/13/2008 8:46:02 AM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 1/13/2008 8:24:04 AM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 12/23/2007 10:42:59 AM | Attr = ]
NetWare.INI -> %SystemRoot%\NetWare.INI -> [Ver = | Size = 11 bytes | Modified Date = 12/20/2007 1:00:30 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/13/2008 8:51:56 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/24/2007 3:10:38 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 12/20/2007 8:31:33 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/13/2008 8:45:59 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/13/2008 8:27:47 AM | Attr = ]
VSWizard.ini -> %SystemRoot%\VSWizard.ini -> [Ver = | Size = 88 bytes | Modified Date = 12/20/2007 1:04:29 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/23/2007 9:30:14 AM | Attr = ]
~GLC0000.TMP -> %SystemRoot%\~GLC0000.TMP -> [Ver = | Size = 155136 bytes | Modified Date = 12/15/2007 3:30:53 PM | Attr = ]
~GLC0001.TMP -> %SystemRoot%\~GLC0001.TMP -> [Ver = | Size = 155136 bytes | Modified Date = 12/15/2007 3:32:36 PM | Attr = ]
~GLH0000.TMP -> %SystemRoot%\~GLH0000.TMP -> [Ver = | Size = 5607 bytes | Modified Date = 12/15/2007 3:30:55 PM | Attr = ]
~GLH0001.TMP -> %SystemRoot%\~GLH0001.TMP -> [Ver = | Size = 5607 bytes | Modified Date = 12/15/2007 3:32:37 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/13/2008 8:18:05 AM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:17:56 AM | Attr = S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Modified Date = 12/23/2007 10:10:55 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 12/20/2007 5:21:27 AM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:10:04 AM | Attr = S]
U3 -> %UserAppData%\U3 -> [Folder | Modified Date = 12/16/2007 5:22:29 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 12/23/2007 10:09:21 AM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 68096 bytes | Modified Date = 12/20/2007 1:46:14 AM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:10:06 AM | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Modified Date = 12/23/2007 10:08:34 AM | Attr = ]
WeatherBug -> %LocalAppData%\WeatherBug -> [Folder | Modified Date = 1/13/2008 8:18:47 AM | Attr = ]
A real friend is hard to find.doc -> %UserDocuments%\A real friend is hard to find.doc -> [Ver = | Size = 19968 bytes | Modified Date = 12/26/2007 10:02:20 AM | Attr = ]
dotnetfx.exe -> %UserDocuments%\dotnetfx.exe -> Microsoft [Ver = 1.1.4322.573 | Size = 24265736 bytes | Modified Date = 12/23/2007 9:46:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\dotnetfx.exe:Zone.Identifier
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 12/29/2007 6:58:51 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 12/20/2007 1:43:01 AM | Attr = R ]
setupeng.exe -> %UserDocuments%\setupeng.exe -> [Ver = 4, 7, 0, 0 | Size = 18500624 bytes | Modified Date = 12/20/2007 8:39:46 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupeng.exe:Zone.Identifier
setupframeworkskd.exe -> %UserDocuments%\setupframeworkskd.exe -> Microsoft [Ver = 1.1.4322.591 | Size = 111366152 bytes | Modified Date = 12/23/2007 10:00:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupframeworkskd.exe:Zone.Identifier
spybotsd15.exe -> %UserDocuments%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Modified Date = 12/20/2007 2:45:06 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\spybotsd15.exe:Zone.Identifier
TurboDelphi.exe -> %UserDocuments%\TurboDelphi.exe -> Borland Software Corporation [Ver = | Size = 340910242 bytes | Modified Date = 12/23/2007 8:56:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TurboDelphi.exe:Zone.Identifier
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Modified Date = 12/20/2007 8:42:40 PM | Attr = ]
CPS.lnk -> %AllUsersDesktop%\CPS.lnk -> [Ver = | Size = 2361 bytes | Modified Date = 12/16/2007 5:23:13 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 12/29/2007 6:59:53 PM | Attr = ]
jre-6u4-windows-i586-p.exe -> %UserDesktop%\jre-6u4-windows-i586-p.exe -> [Ver = | Size = 15852952 bytes | Modified Date = 1/13/2008 8:44:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u4-windows-i586-p.exe:Zone.Identifier
New Folder -> %UserDesktop%\New Folder -> [Folder | Modified Date = 12/20/2007 1:46:14 AM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 12/20/2007 2:46:14 AM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/13/2008 8:51:45 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 1/13/2008 8:48:15 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 1/13/2008 8:45:10 AM | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 12/23/2007 10:03:18 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 10136 bytes | Modified Date = 1/13/2008 8:24:28 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 9751 bytes | Modified Date = 1/13/2008 8:24:28 AM | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 3798 bytes | Modified Date = 6/29/2006 4:15:24 PM | Attr = ]
avg7act.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\avg7act.dat -> [Ver = | Size = 108093 bytes | Modified Date = 12/20/2007 8:32:30 PM | Attr = ]
nceylpaj.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\nceylpaj.dat -> [Ver = | Size = 4736 bytes | Modified Date = 12/13/2007 8:13:19 PM | Attr = ]
Perflib_Perfdata_1d4.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_1d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/28/2007 6:41:02 PM | Attr = ]
Perflib_Perfdata_230.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_230.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/7/2007 5:26:57 AM | Attr = ]
Perflib_Perfdata_424.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_424.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/25/2007 5:47:18 PM | Attr = ]
Perflib_Perfdata_6e0.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_6e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/8/2007 1:17:43 PM | Attr = ]
Perflib_Perfdata_7cc.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_7cc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/13/2007 6:55:41 PM | Attr = ]
Perflib_Perfdata_7fc.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_7fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/21/2007 12:07:29 PM | Attr = ]
Perflib_Perfdata_a7c.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_a7c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/20/2007 9:34:49 PM | Attr = ]
bdemerge.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\bdemerge.ini -> [Ver = | Size = 27 bytes | Modified Date = 12/23/2007 9:51:21 AM | Attr = ]
DLL_{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\DLL_{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}.ini -> [Ver = | Size = 351 bytes | Modified Date = 12/23/2007 9:51:20 AM | Attr = ]
setup.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\setup.ini -> [Ver = | Size = 4248 bytes | Modified Date = 11/11/2007 6:02:28 PM | Attr = ]
0x0409.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\Turbo Delphi\Install\0x0409.ini -> [Ver = | Size = 4632 bytes | Modified Date = 2/25/2003 11:04:28 AM | Attr = ]
Setup.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\Turbo Delphi\Install\Setup.ini -> [Ver = | Size = 1196 bytes | Modified Date = 9/7/2006 5:18:26 PM | Attr = ]
sch20ddshlp.gif -> C:\Documents and Settings\dobrien\Local Settings\Temp\sch20ddshlp.gif -> [Ver = | Size = 54819 bytes | Modified Date = 12/13/2007 8:13:17 PM | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:45 AM

Posted 13 January 2008 - 11:07 AM

Hi Modron. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and then exit out of the program. We will run a scan a bit later in the fix.
Step #2

Open Notepad and copy/paste the text in the codebox below into the new document:

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (rnjxughr) rnjxughr [Kernel | Boot | Running] -> %System32%\drivers\cczgztyw.dat
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> PRISMSVR.EXE -> %System32%\PRISMSVR.EXE
[msn]
YN -> {00000000-0000-0000-0000-000000000002} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkBhoGuard Class]
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {15F4D456-5BAA-4076-8486-EECB38CD3E57} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkScamBHO Class]
YN -> {512ACF1B-64D9-4928-B382-A80556F28DB4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ElnkPuB.dll [ElnkPubBHO Class]
YY -> {6E881009-A7B6-4E62-A17D-6CA4C6318AC2} [HKEY_LOCAL_MACHINE] -> %System32%\bthser.dll [Reg Error: Value does not exist or could not be read.]
YN -> {9579D574-D4D8-4335-9560-FE8641A013BD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ProtctIE.dll [ElnkProtectionBHO Class]
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {C7768536-96F8-4001-B1A2-90EE21279187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\Toolbar.dll [EarthLink Toolbar]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YY -> nceylpaj.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\nceylpaj.dat
YY -> sch20ddshlp.gif -> C:\Documents and Settings\dobrien\Local Settings\Temp\sch20ddshlp.gif
[Empty Temp Folders]
[Start Explorer]

Save the document to your desktop as wpf35fix.txt and close Notepad.

Step #3

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Once in Safe Mode start WinPFind35U. Open the wpf35.txt file you created earlier with NotePad and Copy/Paste the information from the file into the pane where it says "Paste fix here" and then click the Run Fix button.

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose No at this time.

Step #4

Start SUPERAntiSpyware.
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #5

Reboot the machine normally and post the following back here:
  • a new WinPFind35U report with the following options:
    • In the Drivers] section click on Non-Microsoft.
    • Under Additional Scans] click the checkboxes in front of the following items to select them:
      • File - Additional Folder Scans
    • Do not change any other settings.
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind35u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Modron

Modron
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 13 January 2008 - 10:24 PM

When I ran the Step #4 WinPFind35U in safe mode it didn't respond and I had to reboot to safe mode to do any other steps. The result of the program not responding is that the MovedFiles folder is present but it is empty. I don't know if it makes a difference, but I have to use a Novell login because I sometimes use this computer at work. I thought that might be causing me to have to reboot after the WinPFind35U wouldn't respond because although I could use the task manager to close the program, the safe mode screen went black.

Here is the removal information from the Step #4 SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/13/2008 at 08:54 PM

Application Version : 3.9.1008

Core Rules Database Version : 3379
Trace Rules Database Version: 1373

Scan type : Complete Scan
Total Scan Time : 01:55:16

Memory items scanned : 179
Memory threats detected : 0
Registry items scanned : 5327
Registry threats detected : 5
File items scanned : 67852
File threats detected : 92

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{6E881009-A7B6-4E62-A17D-6CA4C6318AC2}
HKCR\CLSID\{6E881009-A7B6-4E62-A17D-6CA4C6318AC2}
HKCR\CLSID\{6E881009-A7B6-4E62-A17D-6CA4C6318AC2}\InprocServer32
HKCR\CLSID\{6E881009-A7B6-4E62-A17D-6CA4C6318AC2}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BTHSER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E881009-A7B6-4E62-A17D-6CA4C6318AC2}

Adware.Tracking Cookie
C:\Documents and Settings\dobrien\Cookies\dobrien@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@clean.systemerrorfixer[3].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@stats.gamestop[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@clean.systemerrorfixer[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@serving-sys[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@bs.serving-sys[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@mcclatchy.112.2o7[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@pro-market[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@atdmt[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@gomyhit[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@sales.liveperson[4].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@4.adbrite[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@gomyron[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@anad.tacoda[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@precisionclick[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@tacoda[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@eyewonder[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@advertising[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@ads.pointroll[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@observer.advertserve[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@stat.onestat[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@track.cbs[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@sale.trustedantivirus[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@brightcove.112.2o7[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@adcentriconline[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@adinterax[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@perf.overture[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@questionmarket[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@web-stat[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@www.googleadservices[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@tribalfusion[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@planetout.122.2o7[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@vhost.oddcast[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@maxis.112.2o7[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@gostats[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@gomyhit[3].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@ads.cnn[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@sales.liveperson[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@buycom.122.2o7[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@specificclick[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@azjmp[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@imrworldwide[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@ads.adbrite[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@ads.revsci[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@ar.atwola[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@findagrave[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@atwola[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@secure.systemerrorfixer[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@sales.liveperson[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@www.findagrave[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@cbs.112.2o7[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@collective-media[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@ads.realtechnetwork[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@web4.realtracker[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@anat.tacoda[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@adopt.specificclick[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@partners.tattomedia[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@hotlog[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@revsci[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@videoegg.adbureau[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@cbsdigitalmedia.112.2o7[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@secure.advancedcleaner[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@search.adultfriendfinder[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@realmedia[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@tracker.web-scape[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@msnportal.112.2o7[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@trafficmp[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@partner2profit[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@www.burstbeacon[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@2o7[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@trustedantivirus[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@systemerrorfixer[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@advancedcleaner[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@richmedia.yahoo[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@ads.financialcontent[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@wpni.112.2o7[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@lynxtrack[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@track.bestbuy[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@traffic.buyservices[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@versiontracker[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@borland.112.2o7[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@www4.addfreestats[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@adbrite[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@overture[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@socialmedia[2].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@adultfriendfinder[1].txt
C:\Documents and Settings\dobrien\Cookies\dobrien@toplist[1].txt
C:\Documents and Settings\Debra A. O'Brien\Cookies\debra a. o'brien@ads.cnn[1].txt
C:\Documents and Settings\Debra A. O'Brien\Cookies\debra a. o'brien@anad.tacoda[1].txt
C:\Documents and Settings\Debra A. O'Brien\Cookies\debra a. o'brien@partner2profit[2].txt

My Avast! antivirus gives me a warning about a virus randomly when I try to open IE windows.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:45 AM

Posted 13 January 2008 - 10:33 PM

Hi Modron. You have a Sentinel Trojan that is not going to go away that easily. I need the new WinPFind35u log. Run it with the same options that I showed above.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Modron

Modron
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 January 2008 - 08:10 PM

WinPFind35 logfile created on: 1/14/2008 7:07:58 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\dobrien\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

734.42 Mb Total Physical Memory | 302.82 Mb Available Physical Memory | 41.23% Memory free
1.01 Gb Paging File | 0.58 Gb Available in Paging File | 57.39% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.57 Gb Free Space | 63.26% Space Free | Partition Type: NTFS
Drive D: | 325.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DEBSNOTEBOOK
Current User Name: dobrien
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 8:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 7:00:16 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 6:59:53 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 6:59:01 AM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 6:31:26 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 6:27:22 AM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1151453717\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/29/2006 3:44:21 AM | Attr = ]
dpmw32.exe -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
nwtray.exe -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 10/18/2007 3:21:56 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 7:00:23 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 3:42:38 AM | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 9:20:54 AM | Attr = ]
weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 17 | Size = 1347584 bytes | Modified Date = 8/29/2007 10:55:54 AM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 1:17:27 AM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 11:16:08 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 8:36:33 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 7:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 6:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 6:59:01 AM | Attr = ]
(cusrvc) Client Update Service for Novell [Win32_Own | On_Demand | Stopped] -> %System32%\cusrvc.exe -> Novell, Inc. [Ver = v4.91 | Size = 36864 bytes | Modified Date = 1/18/2005 9:17:56 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 8:49:02 AM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(ADSFilter) ADSFilter - (Aluria Filter Driver) [File_System | On_Demand | Stopped] -> System32\DRIVERS\ADSFilter.sys -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 8:55:46 AM | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 8:53:39 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 8:51:52 AM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.140.16.0 | Size = 376320 bytes | Modified Date = 9/28/2005 3:00:22 PM | Attr = ]
(BW2NDIS5) BW2NDIS5 [Kernel | On_Demand | Stopped] -> System32\Drivers\BW2NDIS5.sys -> File not found
(CAMCAUD) Conexant AMC 3D Environmental Audio [Kernel | On_Demand | Running] -> %System32%\drivers\camcaud.sys -> Conexant Systems Inc. [Ver = 6.13.10.8340 | Size = 292864 bytes | Modified Date = 6/28/2004 1:03:02 PM | Attr = ]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %System32%\drivers\camchal.sys -> Conexant Systems Inc. [Ver = 6.13.10.8340 | Size = 276480 bytes | Modified Date = 6/28/2004 1:03:42 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 12:07:17 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 12:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 3/31/2003 1:00:00 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ftdibus.sys -> FTDI Ltd. [Ver = 1.00.2154 | Size = 24209 bytes | Modified Date = 5/24/2005 11:16:04 AM | Attr = ]
(FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ftser2k.sys -> FTDI Ltd. [Ver = 1.00.2154 | Size = 57404 bytes | Modified Date = 5/24/2005 11:16:04 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 12:21:04 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 207232 bytes | Modified Date = 12/15/2004 2:18:34 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 1038208 bytes | Modified Date = 12/15/2004 2:18:26 PM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3929 | Size = 752093 bytes | Modified Date = 10/8/2004 6:54:56 AM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %System32%\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 4/13/2004 7:20:08 PM | Attr = R ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 10:04:14 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NetwareWorkstation) Novell Client for Windows [File_System | Auto | Running] -> %System32%\NetWare\nwfs.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 497743 bytes | Modified Date = 10/27/2005 4:38:46 PM | Attr = ]
(NICM) Novell InterService Communication Driver [Kernel | Boot | Running] -> %System32%\drivers\nicm.sys -> Novell, Inc. [Ver = 3.0.0.3 | Size = 38848 bytes | Modified Date = 8/19/2004 12:34:06 PM | Attr = ]
(NWDHCP) Novell DHCP Inform Client [File_System | Auto | Running] -> %System32%\NetWare\nwdhcp.sys -> Novell, Inc. [Ver = 4.91.1.0 | Size = 18353 bytes | Modified Date = 11/10/2005 7:53:00 AM | Attr = ]
(NWDNS) Novell DNS Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwdns.sys -> Novell, Inc. [Ver = 4.91.1.0 | Size = 35568 bytes | Modified Date = 9/29/2005 12:04:46 PM | Attr = ]
(NWFILTER) Novell UNC Path Filter [Kernel | Boot | Running] -> %System32%\NetWare\nwfilter.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 15891 bytes | Modified Date = 5/26/2005 6:14:00 PM | Attr = ]
(NWHOST) Novell Host File Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwhost.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 9297 bytes | Modified Date = 10/12/2005 1:12:18 PM | Attr = ]
(NWSAP) Novell SAP Name Space Provider [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsap.sys -> [Ver = | Size = 23232 bytes | Modified Date = 2/26/2003 2:51:18 PM | Attr = ]
(NWSIPX32) Novell NetWare IPX/SPX Transport Interface [File_System | Auto | Stopped] -> %System32%\NetWare\nwsipx32.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 39731 bytes | Modified Date = 10/27/2005 4:15:14 PM | Attr = ]
(NWSLP) Novell SLP Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwslp.sys -> Novell, Inc. [Ver = 4.91.0.1 | Size = 20332 bytes | Modified Date = 1/3/2005 2:51:38 PM | Attr = ]
(NWSNS) Novell Simple Naming Services [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsns.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 6128 bytes | Modified Date = 10/12/2005 1:11:32 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PMEM) PMEM [Kernel | Auto | Stopped] -> %System32%\drivers\pmemnt.sys -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 3/31/2003 1:00:00 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RESMGR) Novell NetWare Resource Manager [Kernel | Auto | Running] -> %System32%\NetWare\resmgr.sys -> Novell, Inc. [Ver = 4.90 | Size = 27249 bytes | Modified Date = 6/1/2004 6:19:34 PM | Attr = ]
(rnjxughr) rnjxughr [Kernel | Boot | Running] -> %System32%\drivers\cczgztyw.dat -> [Ver = | Size = 19456 bytes | Modified Date = 12/13/2007 8:13:19 PM | Attr = ]
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnic51.sys -> Realtek Semiconductor Corporation [Ver = 5.611.1231.2003 built by: WinDDK | Size = 69504 bytes | Modified Date = 4/27/2004 1:03:00 PM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:32 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SRVLOC) Novell Service Location [File_System | Auto | Running] -> %System32%\NetWare\srvloc.sys -> Novell, Inc. [Ver = 4.91.0.1 | Size = 155761 bytes | Modified Date = 10/27/2005 4:21:08 PM | Attr = ]
(STV680) AIPTEK PenCam VR [Kernel | On_Demand | Stopped] -> %System32%\drivers\stv680.sys -> STMicroelectronics [Ver = 1-14 | Size = 113072 bytes | Modified Date = 11/20/2001 9:25:00 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 703232 bytes | Modified Date = 12/15/2004 2:18:28 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 7:00:23 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1151453717\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 6:27:22 AM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb07.exe -> HP [Ver = 2,140,0,0 | Size = 188416 bytes | Modified Date = 1/6/2006 1:07:25 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 6:31:26 AM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 2/17/2006 10:59:46 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
NDPS -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
NWTRAY -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/29/2006 3:44:21 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 3:42:38 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 10/18/2007 3:21:56 PM | Attr = ]
UserFaultCheck -> -> File not found
WatchDog -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 7/4/2005 3:47:24 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 9:20:54 AM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 17 | Size = 1347584 bytes | Modified Date = 8/29/2007 10:55:54 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/20/2006 7:13:24 PM | Attr = HS]
%AllUsersStartup%\DVD Check.lnk -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 7/4/2005 3:47:24 PM | Attr = ]
< dobrien Startup Folder > -> C:\Documents and Settings\dobrien\Start Menu\Programs\Startup ->
%UserStartup%\2WireSetup.lnk -> %ProgramFiles%\2Wire\WebWorks.exe -> [Ver = 1, 0, 0, 1 | Size = 638976 bytes | Modified Date = 10/27/2006 12:35:33 AM | Attr = ]
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/20/2006 7:13:24 PM | Attr = HS]
-> %UserStartup%\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 225280 bytes | Modified Date = 1/4/2007 1:45:11 PM | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
NWGINA.DLL -> %System32%\nwgina.dll -> Novell, Inc. [Ver = v6.5.1 (20050908) | Size = 356433 bytes | Modified Date = 10/25/2005 9:37:36 AM | Attr = ]
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3929 | Size = 344064 bytes | Modified Date = 10/8/2004 6:27:00 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\CompatibleRUPSecurity -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Hosts file not found -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4103 domain(s) found. ->
[msn] -> My Computer ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 37 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00000000-0000-0000-0000-000000000002} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkBhoGuard Class] -> File not found
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{15F4D456-5BAA-4076-8486-EECB38CD3E57} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkScamBHO Class] -> File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 10/18/2007 3:22:24 PM | Attr = ]
{512ACF1B-64D9-4928-B382-A80556F28DB4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ElnkPuB.dll [ElnkPubBHO Class] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{6E881009-A7B6-4E62-A17D-6CA4C6318AC2} [HKEY_LOCAL_MACHINE] -> %System32%\bthser.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 84992 bytes | Modified Date = 8/4/2004 1:56:41 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 3:42:36 AM | Attr = ]
{9579D574-D4D8-4335-9560-FE8641A013BD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ProtctIE.dll [ElnkProtectionBHO Class] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{C7768536-96F8-4001-B1A2-90EE21279187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\Toolbar.dll [EarthLink Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\npjpi160_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 132496 bytes | Modified Date = 12/14/2007 3:42:37 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 3:42:36 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{7EF3898C-C287-4B9B-9D54-BDA9A8E03505} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{7F2B2DB0-A91B-4D56-BEC0-0F994FF2BDB4} -> (Broadcom 802.11b/g WLAN) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [Novell Directory Services Name Provider] -> %System32%\NetWare\nwws2nds.dll -> Novell, Inc. [Ver = 4.91 | Size = 36947 bytes | Modified Date = 10/27/2005 4:24:08 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000005 [Novell IPX/SPX SAP Name Provider] -> %System32%\NetWare\nwws2sap.dll -> Novell, Inc. [Ver = 4.91 | Size = 32851 bytes | Modified Date = 10/27/2005 4:24:08 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000006 [Novell SLP Provider] -> %System32%\NetWare\nwws2slp.dll -> Novell, Inc. [Ver = 4.91 | Size = 49235 bytes | Modified Date = 10/27/2005 4:24:10 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0000000A-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shock...director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\common\yinsthelper.dll[YInstStarter Class] ->
{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{38F5F92F-BD40-40DF-A569-6C1FCB638190}[HKEY_LOCAL_MACHINE] -> http://www.powerleap.com/cab_files/InSPECS3_0.cab[InSPECS3_0 Control] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[HpProductDetection Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1151541410543[MUWebControl Class] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}[HKEY_LOCAL_MACHINE] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx[Get_ActiveX Control] ->
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/web_...aploader_v6.cab[PopCapLoader Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr = ]
nwv1_0 -> %System32%\nwv1_0.dll -> Novell, Inc. [Ver = v4.71 (000217) | Size = 8480 bytes | Modified Date = 2/17/2000 6:54:28 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 708 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 36603 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 1:56:42 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:56 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 6:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:56 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 14144000 bytes | Modified Date = 2/23/2006 4:31:58 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 3/27/2007 2:22:58 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 3.8.0.5004 | Size = 405583 bytes | Modified Date = 1/4/2005 10:50:52 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 3.8.0.5004 | Size = 962638 bytes | Modified Date = 1/4/2005 10:49:52 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpmw32.exe -> C:\WINDOWS\system32\dpmw32.exe [C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener] -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 10:24:37 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 1:17:27 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151453717\ee\aolsoftware.exe -> C:\Program Files\Common Files\AOL\1151453717\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1151453717\ee\aolsoftware.exe:*:Enabled:AOL Services] -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151453717\ee\aim6.exe -> C:\Program Files\Common Files\AOL\1151453717\ee\aim6.exe [C:\Program Files\Common Files\AOL\1151453717\ee\aim6.exe:*:Enabled:AIM] -> America Online, Inc. [Ver = 1.4.9.1 | Size = 50768 bytes | Modified Date = 5/19/2006 11:44:26 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 6:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer] -> RealNetworks, Inc. [Ver = 11.0.0.181 | Size = 214296 bytes | Modified Date = 10/18/2007 3:22:01 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\8097:TCP -> 8097:TCP:*:Enabled:EarthLink UHP Modem Support ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{7EF3898C-C287-4B9B-9D54-BDA9A8E03505} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FE796927-1EE0-4320-BAE7-F6155275EBCA} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{21DA757D-ABAD-4C8F-B781-E4831540BD55} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8814E237-EFED-41EB-8A28-1615BB6E1532} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/13/2008 8:36:15 AM | Attr = HS]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 12/20/2007 8:42:38 PM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 12/20/2007 8:42:34 PM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 12/20/2007 8:42:34 PM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 12/20/2007 8:42:40 PM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 12/20/2007 8:42:39 PM | Attr = ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 12/20/2007 8:42:23 PM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 12/20/2007 8:42:23 PM | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 12/20/2007 8:42:35 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 69632 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 139264 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 12/20/2007 1:08:50 AM | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Created Date = 12/23/2007 9:47:44 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Created Date = 12/23/2007 10:03:08 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 12/20/2007 2:46:10 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/13/2008 6:21:04 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/13/2008 6:20:53 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Created Date = 12/23/2007 10:08:42 AM | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Created Date = 12/23/2007 10:08:34 AM | Attr = ]
A real friend is hard to find.doc -> %UserDocuments%\A real friend is hard to find.doc -> [Ver = | Size = 19968 bytes | Created Date = 12/26/2007 10:02:19 AM | Attr = ]
dotnetfx.exe -> %UserDocuments%\dotnetfx.exe -> Microsoft [Ver = 1.1.4322.573 | Size = 24265736 bytes | Created Date = 12/23/2007 9:20:27 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\dotnetfx.exe:Zone.Identifier
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 12/29/2007 6:58:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier
setupeng.exe -> %UserDocuments%\setupeng.exe -> [Ver = 4, 7, 0, 0 | Size = 18500624 bytes | Created Date = 12/20/2007 8:39:46 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupeng.exe:Zone.Identifier
setupframeworkskd.exe -> %UserDocuments%\setupframeworkskd.exe -> Microsoft [Ver = 1.1.4322.591 | Size = 111366152 bytes | Created Date = 12/23/2007 9:59:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupframeworkskd.exe:Zone.Identifier
spybotsd15.exe -> %UserDocuments%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Created Date = 12/20/2007 2:33:12 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\spybotsd15.exe:Zone.Identifier
TurboDelphi.exe -> %UserDocuments%\TurboDelphi.exe -> Borland Software Corporation [Ver = | Size = 340910242 bytes | Created Date = 12/23/2007 8:52:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TurboDelphi.exe:Zone.Identifier
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Created Date = 12/20/2007 8:42:40 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 1/13/2008 6:20:54 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 12/29/2007 6:59:53 PM | Attr = ]
jre-6u4-windows-i586-p.exe -> %UserDesktop%\jre-6u4-windows-i586-p.exe -> [Ver = | Size = 15852952 bytes | Created Date = 1/13/2008 8:44:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u4-windows-i586-p.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 12/20/2007 2:46:14 AM | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 1/13/2008 6:19:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/13/2008 8:49:43 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 1/13/2008 8:48:14 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/13/2008 8:45:10 AM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 1/13/2008 6:20:26 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/13/2008 6:20:58 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/13/2008 6:20:53 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/14/2008 6:56:51 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/13/2008 8:26:05 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/14/2008 3:01:28 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/22/2007 7:31:10 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 12/20/2007 8:42:38 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/14/2008 3:02:30 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/14/2008 3:02:29 AM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 12/20/2007 1:08:50 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62484 bytes | Modified Date = 1/13/2008 9:00:19 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 400862 bytes | Modified Date = 1/13/2008 9:00:19 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 470828 bytes | Modified Date = 1/13/2008 9:00:15 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 12/20/2007 12:34:00 AM | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Modified Date = 12/23/2007 9:47:44 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/14/2008 6:56:53 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/13/2008 8:24:21 AM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/23/2007 10:09:50 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/14/2008 3:11:33 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/20/2007 12:59:55 AM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/23/2007 7:48:11 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/14/2008 3:02:22 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/14/2008 3:02:31 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/13/2008 6:20:58 PM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 12/23/2007 10:42:59 AM | Attr = ]
NetWare.INI -> %SystemRoot%\NetWare.INI -> [Ver = | Size = 11 bytes | Modified Date = 12/20/2007 1:00:30 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/14/2008 6:57:10 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/24/2007 3:10:38 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 12/20/2007 8:31:33 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/14/2008 3:11:27 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/14/2008 6:59:36 PM | Attr = ]
VSWizard.ini -> %SystemRoot%\VSWizard.ini -> [Ver = | Size = 88 bytes | Modified Date = 12/20/2007 1:04:29 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/23/2007 9:30:14 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/14/2008 3:11:37 AM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:17:56 AM | Attr = S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Modified Date = 12/23/2007 10:10:55 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 12/20/2007 5:21:27 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/13/2008 6:21:04 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:10:04 AM | Attr = S]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/13/2008 6:20:53 PM | Attr = ]
U3 -> %UserAppData%\U3 -> [Folder | Modified Date = 12/16/2007 5:22:29 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 12/23/2007 10:09:21 AM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 68096 bytes | Modified Date = 12/20/2007 1:46:14 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3712656 bytes | Modified Date = 1/13/2008 8:56:58 PM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:10:06 AM | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Modified Date = 12/23/2007 10:08:34 AM | Attr = ]
WeatherBug -> %LocalAppData%\WeatherBug -> [Folder | Modified Date = 1/13/2008 8:18:47 AM | Attr = ]
A real friend is hard to find.doc -> %UserDocuments%\A real friend is hard to find.doc -> [Ver = | Size = 19968 bytes | Modified Date = 12/26/2007 10:02:20 AM | Attr = ]
dotnetfx.exe -> %UserDocuments%\dotnetfx.exe -> Microsoft [Ver = 1.1.4322.573 | Size = 24265736 bytes | Modified Date = 12/23/2007 9:46:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\dotnetfx.exe:Zone.Identifier
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 12/29/2007 6:58:51 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 12/20/2007 1:43:01 AM | Attr = R ]
setupeng.exe -> %UserDocuments%\setupeng.exe -> [Ver = 4, 7, 0, 0 | Size = 18500624 bytes | Modified Date = 12/20/2007 8:39:46 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupeng.exe:Zone.Identifier
setupframeworkskd.exe -> %UserDocuments%\setupframeworkskd.exe -> Microsoft [Ver = 1.1.4322.591 | Size = 111366152 bytes | Modified Date = 12/23/2007 10:00:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupframeworkskd.exe:Zone.Identifier
spybotsd15.exe -> %UserDocuments%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Modified Date = 12/20/2007 2:45:06 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\spybotsd15.exe:Zone.Identifier
TurboDelphi.exe -> %UserDocuments%\TurboDelphi.exe -> Borland Software Corporation [Ver = | Size = 340910242 bytes | Modified Date = 12/23/2007 8:56:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TurboDelphi.exe:Zone.Identifier
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Modified Date = 12/20/2007 8:42:40 PM | Attr = ]
CPS.lnk -> %AllUsersDesktop%\CPS.lnk -> [Ver = | Size = 2361 bytes | Modified Date = 12/16/2007 5:23:13 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 1/13/2008 6:20:54 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 12/29/2007 6:59:53 PM | Attr = ]
jre-6u4-windows-i586-p.exe -> %UserDesktop%\jre-6u4-windows-i586-p.exe -> [Ver = | Size = 15852952 bytes | Modified Date = 1/13/2008 8:44:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u4-windows-i586-p.exe:Zone.Identifier
New Folder -> %UserDesktop%\New Folder -> [Folder | Modified Date = 12/20/2007 1:46:14 AM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 1/13/2008 9:23:32 AM | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 1/13/2008 6:19:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/13/2008 6:37:31 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 1/13/2008 8:48:15 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 1/13/2008 8:45:10 AM | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 12/23/2007 10:03:18 AM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/13/2008 6:20:26 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 9751 bytes | Modified Date = 1/14/2008 3:12:30 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 9751 bytes | Modified Date = 1/14/2008 3:12:30 AM | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 3798 bytes | Modified Date = 6/29/2006 4:15:24 PM | Attr = ]
avg7act.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\avg7act.dat -> [Ver = | Size = 108093 bytes | Modified Date = 12/20/2007 8:32:30 PM | Attr = ]
nceylpaj.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\nceylpaj.dat -> [Ver = | Size = 4736 bytes | Modified Date = 12/13/2007 8:13:19 PM | Attr = ]
Perflib_Perfdata_1d4.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_1d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/28/2007 6:41:02 PM | Attr = ]
Perflib_Perfdata_230.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_230.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/7/2007 5:26:57 AM | Attr = ]
Perflib_Perfdata_424.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_424.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/25/2007 5:47:18 PM | Attr = ]
Perflib_Perfdata_6e0.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_6e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/8/2007 1:17:43 PM | Attr = ]
Perflib_Perfdata_7cc.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_7cc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/13/2007 6:55:41 PM | Attr = ]
Perflib_Perfdata_7fc.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_7fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/21/2007 12:07:29 PM | Attr = ]
Perflib_Perfdata_a7c.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_a7c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/20/2007 9:34:49 PM | Attr = ]
bdemerge.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\bdemerge.ini -> [Ver = | Size = 27 bytes | Modified Date = 12/23/2007 9:51:21 AM | Attr = ]
DLL_{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\DLL_{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}.ini -> [Ver = | Size = 351 bytes | Modified Date = 12/23/2007 9:51:20 AM | Attr = ]
setup.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\setup.ini -> [Ver = | Size = 4248 bytes | Modified Date = 11/11/2007 6:02:28 PM | Attr = ]
0x0409.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\Turbo Delphi\Install\0x0409.ini -> [Ver = | Size = 4632 bytes | Modified Date = 2/25/2003 11:04:28 AM | Attr = ]
Setup.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\Turbo Delphi\Install\Setup.ini -> [Ver = | Size = 1196 bytes | Modified Date = 9/7/2006 5:18:26 PM | Attr = ]
sch20ddshlp.gif -> C:\Documents and Settings\dobrien\Local Settings\Temp\sch20ddshlp.gif -> [Ver = | Size = 54819 bytes | Modified Date = 12/13/2007 8:13:17 PM | Attr = ]

< End of report >

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:45 AM

Posted 14 January 2008 - 09:42 PM

Hi Modron. Ok, let's see if we can't get rid of this thing. First, copy these directions into Notepad and save them on your desktop. We will be booting to Safe Mode and you will need this information and the ability to copy/paste some of it during the fix.

Now please follow these steps in order:

Step #1

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #2

Now we will need to disable the driver for this thing. Please do the following:
  • Click Start, click Control Panel, click Performance and Maintenance, and then click System.
  • On the Hardware tab, click Device Manager.
  • Click the View menu and if there is no checkmark in front of Show hidden devices then click on it to activate it.
  • Scroll down the list of devices and double-click Non-Plug and Play Drivers.
  • Locate the rnjxughr device and right click it and then click the Properties option.
  • Click the Driver] tab.
  • In the Startup section select Disable from the drop-down list.
  • Click General tab.
  • In the Device Usage drop-down list select Do not use this device (disable).
  • Click the Ok button and you should be prompted to reboot. You can reboot normally.
Step #3

Start WinPFind35U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YN -> (ADSFilter) ADSFilter - (Aluria Filter Driver) [File_System | On_Demand | Stopped] -> System32\DRIVERS\ADSFilter.sys
YY -> (rnjxughr) rnjxughr [Kernel | Boot | Running] -> %System32%\drivers\cczgztyw.dat
[msn]
YN -> {00000000-0000-0000-0000-000000000002} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkBhoGuard Class]
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {15F4D456-5BAA-4076-8486-EECB38CD3E57} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkScamBHO Class]
YN -> {512ACF1B-64D9-4928-B382-A80556F28DB4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ElnkPuB.dll [ElnkPubBHO Class]
YN -> {6E881009-A7B6-4E62-A17D-6CA4C6318AC2} [HKEY_LOCAL_MACHINE] -> %System32%\bthser.dll [Reg Error: Value does not exist or could not be read.]
YN -> {9579D574-D4D8-4335-9560-FE8641A013BD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ProtctIE.dll [ElnkProtectionBHO Class]
YN -> {C7768536-96F8-4001-B1A2-90EE21279187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\Toolbar.dll [EarthLink Toolbar]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YY -> nceylpaj.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\nceylpaj.dat
YY -> sch20ddshlp.gif -> C:\Documents and Settings\dobrien\Local Settings\Temp\sch20ddshlp.gif
[Empty Temp Folders]
[Start Explorer]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally. If you are not asked to reboot, click the Ok button on the finished message and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35U log. For the new log just use these options:
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Do not change any other settings.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 Modron

Modron
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 January 2008 - 10:49 PM

Ok, WinPFind35 stopped responding again during the fix. This time there was something in the MovedFiles folder:

MovedFiles >> 01142008_210956 >> Windows >> System32 >> drivers >> (empty)


WinPFind35 log:

WinPFind35 logfile created on: 1/14/2008 9:30:31 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\dobrien\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

734.42 Mb Total Physical Memory | 383.04 Mb Available Physical Memory | 52.15% Memory free
1.01 Gb Paging File | 0.56 Gb Available in Paging File | 55.99% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.44 Gb Free Space | 62.93% Space Free | Partition Type: NTFS
Drive D: | 325.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DEBSNOTEBOOK
Current User Name: dobrien
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 8:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 7:00:16 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 6:59:53 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 6:59:01 AM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 6:31:26 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 6:27:22 AM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1151453717\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/29/2006 3:44:21 AM | Attr = ]
dpmw32.exe -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
nwtray.exe -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 10/18/2007 3:21:56 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 7:00:23 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 3:42:38 AM | Attr = ]
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 9:20:54 AM | Attr = ]
weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 17 | Size = 1347584 bytes | Modified Date = 8/29/2007 10:55:54 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 1:17:27 AM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 11:16:08 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 8:36:33 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 7:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 6:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 6:59:01 AM | Attr = ]
(cusrvc) Client Update Service for Novell [Win32_Own | On_Demand | Stopped] -> %System32%\cusrvc.exe -> Novell, Inc. [Ver = v4.91 | Size = 36864 bytes | Modified Date = 1/18/2005 9:17:56 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 8:49:02 AM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(ADSFilter) ADSFilter - (Aluria Filter Driver) [File_System | On_Demand | Stopped] -> System32\DRIVERS\ADSFilter.sys -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 8:55:46 AM | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 8:53:39 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 8:51:52 AM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.140.16.0 | Size = 376320 bytes | Modified Date = 9/28/2005 3:00:22 PM | Attr = ]
(BW2NDIS5) BW2NDIS5 [Kernel | On_Demand | Stopped] -> System32\Drivers\BW2NDIS5.sys -> File not found
(CAMCAUD) Conexant AMC 3D Environmental Audio [Kernel | On_Demand | Running] -> %System32%\drivers\camcaud.sys -> Conexant Systems Inc. [Ver = 6.13.10.8340 | Size = 292864 bytes | Modified Date = 6/28/2004 1:03:02 PM | Attr = ]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %System32%\drivers\camchal.sys -> Conexant Systems Inc. [Ver = 6.13.10.8340 | Size = 276480 bytes | Modified Date = 6/28/2004 1:03:42 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 12:07:17 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 12:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 3/31/2003 1:00:00 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ftdibus.sys -> FTDI Ltd. [Ver = 1.00.2154 | Size = 24209 bytes | Modified Date = 5/24/2005 11:16:04 AM | Attr = ]
(FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ftser2k.sys -> FTDI Ltd. [Ver = 1.00.2154 | Size = 57404 bytes | Modified Date = 5/24/2005 11:16:04 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 12:21:04 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 207232 bytes | Modified Date = 12/15/2004 2:18:34 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 1038208 bytes | Modified Date = 12/15/2004 2:18:26 PM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3929 | Size = 752093 bytes | Modified Date = 10/8/2004 6:54:56 AM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %System32%\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 4/13/2004 7:20:08 PM | Attr = R ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 10:04:14 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NetwareWorkstation) Novell Client for Windows [File_System | Auto | Running] -> %System32%\NetWare\nwfs.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 497743 bytes | Modified Date = 10/27/2005 4:38:46 PM | Attr = ]
(NICM) Novell InterService Communication Driver [Kernel | Boot | Running] -> %System32%\drivers\nicm.sys -> Novell, Inc. [Ver = 3.0.0.3 | Size = 38848 bytes | Modified Date = 8/19/2004 12:34:06 PM | Attr = ]
(NWDHCP) Novell DHCP Inform Client [File_System | Auto | Running] -> %System32%\NetWare\nwdhcp.sys -> Novell, Inc. [Ver = 4.91.1.0 | Size = 18353 bytes | Modified Date = 11/10/2005 7:53:00 AM | Attr = ]
(NWDNS) Novell DNS Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwdns.sys -> Novell, Inc. [Ver = 4.91.1.0 | Size = 35568 bytes | Modified Date = 9/29/2005 12:04:46 PM | Attr = ]
(NWFILTER) Novell UNC Path Filter [Kernel | Boot | Running] -> %System32%\NetWare\nwfilter.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 15891 bytes | Modified Date = 5/26/2005 6:14:00 PM | Attr = ]
(NWHOST) Novell Host File Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwhost.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 9297 bytes | Modified Date = 10/12/2005 1:12:18 PM | Attr = ]
(NWSAP) Novell SAP Name Space Provider [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsap.sys -> [Ver = | Size = 23232 bytes | Modified Date = 2/26/2003 2:51:18 PM | Attr = ]
(NWSIPX32) Novell NetWare IPX/SPX Transport Interface [File_System | Auto | Stopped] -> %System32%\NetWare\nwsipx32.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 39731 bytes | Modified Date = 10/27/2005 4:15:14 PM | Attr = ]
(NWSLP) Novell SLP Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwslp.sys -> Novell, Inc. [Ver = 4.91.0.1 | Size = 20332 bytes | Modified Date = 1/3/2005 2:51:38 PM | Attr = ]
(NWSNS) Novell Simple Naming Services [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsns.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 6128 bytes | Modified Date = 10/12/2005 1:11:32 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PMEM) PMEM [Kernel | Auto | Stopped] -> %System32%\drivers\pmemnt.sys -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 3/31/2003 1:00:00 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RESMGR) Novell NetWare Resource Manager [Kernel | Auto | Running] -> %System32%\NetWare\resmgr.sys -> Novell, Inc. [Ver = 4.90 | Size = 27249 bytes | Modified Date = 6/1/2004 6:19:34 PM | Attr = ]
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnic51.sys -> Realtek Semiconductor Corporation [Ver = 5.611.1231.2003 built by: WinDDK | Size = 69504 bytes | Modified Date = 4/27/2004 1:03:00 PM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:32 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SRVLOC) Novell Service Location [File_System | Auto | Running] -> %System32%\NetWare\srvloc.sys -> Novell, Inc. [Ver = 4.91.0.1 | Size = 155761 bytes | Modified Date = 10/27/2005 4:21:08 PM | Attr = ]
(STV680) AIPTEK PenCam VR [Kernel | On_Demand | Stopped] -> %System32%\drivers\stv680.sys -> STMicroelectronics [Ver = 1-14 | Size = 113072 bytes | Modified Date = 11/20/2001 9:25:00 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 703232 bytes | Modified Date = 12/15/2004 2:18:28 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 7:00:23 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1151453717\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 6:27:22 AM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb07.exe -> HP [Ver = 2,140,0,0 | Size = 188416 bytes | Modified Date = 1/6/2006 1:07:25 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 6:31:26 AM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 2/17/2006 10:59:46 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
NDPS -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
NWTRAY -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/29/2006 3:44:21 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 3:42:38 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 10/18/2007 3:21:56 PM | Attr = ]
UserFaultCheck -> -> File not found
WatchDog -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 7/4/2005 3:47:24 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 9:20:54 AM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 17 | Size = 1347584 bytes | Modified Date = 8/29/2007 10:55:54 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/20/2006 7:13:24 PM | Attr = HS]
%AllUsersStartup%\DVD Check.lnk -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 7/4/2005 3:47:24 PM | Attr = ]
< dobrien Startup Folder > -> C:\Documents and Settings\dobrien\Start Menu\Programs\Startup ->
%UserStartup%\2WireSetup.lnk -> %ProgramFiles%\2Wire\WebWorks.exe -> [Ver = 1, 0, 0, 1 | Size = 638976 bytes | Modified Date = 10/27/2006 12:35:33 AM | Attr = ]
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/20/2006 7:13:24 PM | Attr = HS]
-> %UserStartup%\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 225280 bytes | Modified Date = 1/4/2007 1:45:11 PM | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
NWGINA.DLL -> %System32%\nwgina.dll -> Novell, Inc. [Ver = v6.5.1 (20050908) | Size = 356433 bytes | Modified Date = 10/25/2005 9:37:36 AM | Attr = ]
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3929 | Size = 344064 bytes | Modified Date = 10/8/2004 6:27:00 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\CompatibleRUPSecurity -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Hosts file not found -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4103 domain(s) found. ->
[msn] -> My Computer ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 37 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00000000-0000-0000-0000-000000000002} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkBhoGuard Class] -> File not found
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{15F4D456-5BAA-4076-8486-EECB38CD3E57} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkScamBHO Class] -> File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 10/18/2007 3:22:24 PM | Attr = ]
{512ACF1B-64D9-4928-B382-A80556F28DB4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ElnkPuB.dll [ElnkPubBHO Class] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 3:42:36 AM | Attr = ]
{9579D574-D4D8-4335-9560-FE8641A013BD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ProtctIE.dll [ElnkProtectionBHO Class] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{C7768536-96F8-4001-B1A2-90EE21279187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\Toolbar.dll [EarthLink Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\npjpi160_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 132496 bytes | Modified Date = 12/14/2007 3:42:37 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 3:42:36 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{7EF3898C-C287-4B9B-9D54-BDA9A8E03505} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{7F2B2DB0-A91B-4D56-BEC0-0F994FF2BDB4} -> (Broadcom 802.11b/g WLAN) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [Novell Directory Services Name Provider] -> %System32%\NetWare\nwws2nds.dll -> Novell, Inc. [Ver = 4.91 | Size = 36947 bytes | Modified Date = 10/27/2005 4:24:08 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000005 [Novell IPX/SPX SAP Name Provider] -> %System32%\NetWare\nwws2sap.dll -> Novell, Inc. [Ver = 4.91 | Size = 32851 bytes | Modified Date = 10/27/2005 4:24:08 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000006 [Novell SLP Provider] -> %System32%\NetWare\nwws2slp.dll -> Novell, Inc. [Ver = 4.91 | Size = 49235 bytes | Modified Date = 10/27/2005 4:24:10 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0000000A-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shock...director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\common\yinsthelper.dll[YInstStarter Class] ->
{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{38F5F92F-BD40-40DF-A569-6C1FCB638190}[HKEY_LOCAL_MACHINE] -> http://www.powerleap.com/cab_files/InSPECS3_0.cab[InSPECS3_0 Control] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[HpProductDetection Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1151541410543[MUWebControl Class] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}[HKEY_LOCAL_MACHINE] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx[Get_ActiveX Control] ->
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/web_...aploader_v6.cab[PopCapLoader Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->



[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/13/2008 8:36:15 AM | Attr = HS]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 12/20/2007 8:42:38 PM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 12/20/2007 8:42:34 PM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 12/20/2007 8:42:34 PM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 12/20/2007 8:42:40 PM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 12/20/2007 8:42:39 PM | Attr = ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 12/20/2007 8:42:23 PM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 12/20/2007 8:42:23 PM | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 12/20/2007 8:42:35 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 69632 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 139264 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 12/20/2007 1:08:50 AM | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Created Date = 12/23/2007 9:47:44 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Created Date = 12/23/2007 10:03:08 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 12/20/2007 2:46:10 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/13/2008 6:21:04 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/13/2008 6:20:53 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Created Date = 12/23/2007 10:08:42 AM | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Created Date = 12/23/2007 10:08:34 AM | Attr = ]
A real friend is hard to find.doc -> %UserDocuments%\A real friend is hard to find.doc -> [Ver = | Size = 19968 bytes | Created Date = 12/26/2007 10:02:19 AM | Attr = ]
Chapter 11.doc -> %UserDocuments%\Chapter 11.doc -> [Ver = | Size = 26112 bytes | Created Date = 1/14/2008 8:48:47 PM | Attr = ]
dotnetfx.exe -> %UserDocuments%\dotnetfx.exe -> Microsoft [Ver = 1.1.4322.573 | Size = 24265736 bytes | Created Date = 12/23/2007 9:20:27 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\dotnetfx.exe:Zone.Identifier
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 12/29/2007 6:58:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier
setupeng.exe -> %UserDocuments%\setupeng.exe -> [Ver = 4, 7, 0, 0 | Size = 18500624 bytes | Created Date = 12/20/2007 8:39:46 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupeng.exe:Zone.Identifier
setupframeworkskd.exe -> %UserDocuments%\setupframeworkskd.exe -> Microsoft [Ver = 1.1.4322.591 | Size = 111366152 bytes | Created Date = 12/23/2007 9:59:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupframeworkskd.exe:Zone.Identifier
spybotsd15.exe -> %UserDocuments%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Created Date = 12/20/2007 2:33:12 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\spybotsd15.exe:Zone.Identifier
TurboDelphi.exe -> %UserDocuments%\TurboDelphi.exe -> Borland Software Corporation [Ver = | Size = 340910242 bytes | Created Date = 12/23/2007 8:52:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TurboDelphi.exe:Zone.Identifier
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Created Date = 12/20/2007 8:42:40 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 1/13/2008 6:20:54 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 12/29/2007 6:59:53 PM | Attr = ]
jre-6u4-windows-i586-p.exe -> %UserDesktop%\jre-6u4-windows-i586-p.exe -> [Ver = | Size = 15852952 bytes | Created Date = 1/13/2008 8:44:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u4-windows-i586-p.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 12/20/2007 2:46:14 AM | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 1/13/2008 6:19:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/13/2008 8:49:43 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 1/13/2008 8:48:14 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/13/2008 8:45:10 AM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 1/13/2008 6:20:26 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/13/2008 6:20:58 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/13/2008 6:20:53 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/14/2008 6:56:51 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/13/2008 8:26:05 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/14/2008 3:01:28 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/22/2007 7:31:10 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 12/20/2007 8:42:38 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/14/2008 3:02:30 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/14/2008 3:02:29 AM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 12/20/2007 1:08:50 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62484 bytes | Modified Date = 1/13/2008 9:00:19 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 400862 bytes | Modified Date = 1/13/2008 9:00:19 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 470828 bytes | Modified Date = 1/13/2008 9:00:15 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 12/20/2007 12:34:00 AM | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Modified Date = 12/23/2007 9:47:44 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/14/2008 9:22:28 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/13/2008 8:24:21 AM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/23/2007 10:09:50 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/14/2008 9:22:13 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/20/2007 12:59:55 AM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/23/2007 7:48:11 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/14/2008 3:02:22 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/14/2008 3:02:31 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/13/2008 6:20:58 PM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 12/23/2007 10:42:59 AM | Attr = ]
NetWare.INI -> %SystemRoot%\NetWare.INI -> [Ver = | Size = 11 bytes | Modified Date = 12/20/2007 1:00:30 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/14/2008 9:07:36 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/24/2007 3:10:38 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 12/20/2007 8:31:33 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/14/2008 9:04:08 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/14/2008 9:23:50 PM | Attr = ]
VSWizard.ini -> %SystemRoot%\VSWizard.ini -> [Ver = | Size = 88 bytes | Modified Date = 12/20/2007 1:04:29 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/23/2007 9:30:14 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/14/2008 9:22:17 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:17:56 AM | Attr = S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Modified Date = 12/23/2007 10:10:55 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 12/20/2007 5:21:27 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/13/2008 6:21:04 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:10:04 AM | Attr = S]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/13/2008 6:20:53 PM | Attr = ]
U3 -> %UserAppData%\U3 -> [Folder | Modified Date = 12/16/2007 5:22:29 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 12/23/2007 10:09:21 AM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 68096 bytes | Modified Date = 12/20/2007 1:46:14 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4240656 bytes | Modified Date = 1/14/2008 9:03:01 PM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:10:06 AM | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Modified Date = 12/23/2007 10:08:34 AM | Attr = ]
WeatherBug -> %LocalAppData%\WeatherBug -> [Folder | Modified Date = 1/13/2008 8:18:47 AM | Attr = ]
A real friend is hard to find.doc -> %UserDocuments%\A real friend is hard to find.doc -> [Ver = | Size = 19968 bytes | Modified Date = 12/26/2007 10:02:20 AM | Attr = ]
Chapter 11.doc -> %UserDocuments%\Chapter 11.doc -> [Ver = | Size = 26112 bytes | Modified Date = 1/14/2008 8:48:48 PM | Attr = ]
dotnetfx.exe -> %UserDocuments%\dotnetfx.exe -> Microsoft [Ver = 1.1.4322.573 | Size = 24265736 bytes | Modified Date = 12/23/2007 9:46:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\dotnetfx.exe:Zone.Identifier
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 12/29/2007 6:58:51 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 12/20/2007 1:43:01 AM | Attr = R ]
setupeng.exe -> %UserDocuments%\setupeng.exe -> [Ver = 4, 7, 0, 0 | Size = 18500624 bytes | Modified Date = 12/20/2007 8:39:46 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupeng.exe:Zone.Identifier
setupframeworkskd.exe -> %UserDocuments%\setupframeworkskd.exe -> Microsoft [Ver = 1.1.4322.591 | Size = 111366152 bytes | Modified Date = 12/23/2007 10:00:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupframeworkskd.exe:Zone.Identifier
spybotsd15.exe -> %UserDocuments%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Modified Date = 12/20/2007 2:45:06 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\spybotsd15.exe:Zone.Identifier
TurboDelphi.exe -> %UserDocuments%\TurboDelphi.exe -> Borland Software Corporation [Ver = | Size = 340910242 bytes | Modified Date = 12/23/2007 8:56:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TurboDelphi.exe:Zone.Identifier
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Modified Date = 12/20/2007 8:42:40 PM | Attr = ]
CPS.lnk -> %AllUsersDesktop%\CPS.lnk -> [Ver = | Size = 2361 bytes | Modified Date = 12/16/2007 5:23:13 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 1/13/2008 6:20:54 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 12/29/2007 6:59:53 PM | Attr = ]
jre-6u4-windows-i586-p.exe -> %UserDesktop%\jre-6u4-windows-i586-p.exe -> [Ver = | Size = 15852952 bytes | Modified Date = 1/13/2008 8:44:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u4-windows-i586-p.exe:Zone.Identifier
New Folder -> %UserDesktop%\New Folder -> [Folder | Modified Date = 12/20/2007 1:46:14 AM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 1/13/2008 9:23:32 AM | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 1/13/2008 6:19:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/14/2008 7:13:19 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 1/13/2008 8:48:15 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 1/13/2008 8:45:10 AM | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 12/23/2007 10:03:18 AM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/13/2008 6:20:26 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 9751 bytes | Modified Date = 1/14/2008 9:23:44 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 9751 bytes | Modified Date = 1/14/2008 9:23:44 PM | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 3798 bytes | Modified Date = 6/29/2006 4:15:24 PM | Attr = ]
avg7act.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\avg7act.dat -> [Ver = | Size = 108093 bytes | Modified Date = 12/20/2007 8:32:30 PM | Attr = ]
nceylpaj.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\nceylpaj.dat -> [Ver = | Size = 4736 bytes | Modified Date = 12/13/2007 8:13:19 PM | Attr = ]
Perflib_Perfdata_1d4.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_1d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/28/2007 6:41:02 PM | Attr = ]
Perflib_Perfdata_230.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_230.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/7/2007 5:26:57 AM | Attr = ]
Perflib_Perfdata_424.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_424.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/25/2007 5:47:18 PM | Attr = ]
Perflib_Perfdata_6e0.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_6e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/8/2007 1:17:43 PM | Attr = ]
Perflib_Perfdata_7cc.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_7cc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/13/2007 6:55:41 PM | Attr = ]
Perflib_Perfdata_7fc.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_7fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/21/2007 12:07:29 PM | Attr = ]
Perflib_Perfdata_a70.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_a70.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/14/2008 9:23:21 PM | Attr = ]
Perflib_Perfdata_a7c.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_a7c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/20/2007 9:34:49 PM | Attr = ]
bdemerge.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\bdemerge.ini -> [Ver = | Size = 27 bytes | Modified Date = 12/23/2007 9:51:21 AM | Attr = ]
DLL_{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\DLL_{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}.ini -> [Ver = | Size = 351 bytes | Modified Date = 12/23/2007 9:51:20 AM | Attr = ]
setup.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\setup.ini -> [Ver = | Size = 4248 bytes | Modified Date = 11/11/2007 6:02:28 PM | Attr = ]
0x0409.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\Turbo Delphi\Install\0x0409.ini -> [Ver = | Size = 4632 bytes | Modified Date = 2/25/2003 11:04:28 AM | Attr = ]
Setup.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\Turbo Delphi\Install\Setup.ini -> [Ver = | Size = 1196 bytes | Modified Date = 9/7/2006 5:18:26 PM | Attr = ]
sch20ddshlp.gif -> C:\Documents and Settings\dobrien\Local Settings\Temp\sch20ddshlp.gif -> [Ver = | Size = 54819 bytes | Modified Date = 12/13/2007 8:13:17 PM | Attr = ]

< End of report >


Also, this is not new, but everytime I boot the computer I get an error message:

WebWorks.exe: This application has failed to start because Endec.dll was not found. Reinstalling the application may fix the problem. (I don't know if it makes a difference. I hadn't thought of mentioning it before.)

Thx,
Mod

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:45 AM

Posted 15 January 2008 - 02:59 AM

Hi Modron. Yes, sometimes those files go easy and sometimes they don't. WPF35u removed the service and the BHO but we need a different tool to delete the files.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%System32%\drivers\cczgztyw.dat
%System32%\bthser.dll
C:\Documents and Settings\dobrien\Local Settings\Temp\nceylpaj.dat
C:\Documents and Settings\dobrien\Local Settings\Temp\sch20ddshlp.gif

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt back here and I will review it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Modron

Modron
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 19 January 2008 - 09:57 AM

Here is the Avenger txt log. SpyBot was running and I was asked to respond on the changes the Avenger program made. I hope I responded correctly. -Mod


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sfgoumia

*******************

Script file located at: \??\C:\WINDOWS\tfgpcjng.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file %System32%\drivers\cczgztyw.dat for deletion
Deletion of file %System32%\drivers\cczgztyw.dat failed!

Could not process line:
%System32%\drivers\cczgztyw.dat
Status: 0xc000003a



Could not open file %System32%\bthser.dll for deletion
Deletion of file %System32%\bthser.dll failed!

Could not process line:
%System32%\bthser.dll
Status: 0xc000003a

File C:\Documents and Settings\dobrien\Local Settings\Temp\nceylpaj.dat deleted successfully.
File C:\Documents and Settings\dobrien\Local Settings\Temp\sch20ddshlp.gif deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:45 AM

Posted 19 January 2008 - 10:57 AM

Hi Modron. Let's see if the files were already gone or are still there.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 Modron

Modron
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 19 January 2008 - 04:46 PM

WinPFind35 logfile created on: 1/19/2008 3:44:16 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\dobrien\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

734.42 Mb Total Physical Memory | 403.36 Mb Available Physical Memory | 54.92% Memory free
1.01 Gb Paging File | 0.71 Gb Available in Paging File | 70.08% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.44 Gb Free Space | 62.92% Space Free | Partition Type: NTFS
Drive D: | 325.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DEBSNOTEBOOK
Current User Name: dobrien
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 8:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 7:00:16 AM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 6:31:26 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 6:27:22 AM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1151453717\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
dpmw32.exe -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
nwtray.exe -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 10/18/2007 3:21:56 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 7:00:23 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 3:42:38 AM | Attr = ]
weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 17 | Size = 1347584 bytes | Modified Date = 8/29/2007 10:55:54 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 8:36:33 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 7:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 6:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 6:59:01 AM | Attr = ]
(cusrvc) Client Update Service for Novell [Win32_Own | On_Demand | Stopped] -> %System32%\cusrvc.exe -> Novell, Inc. [Ver = v4.91 | Size = 36864 bytes | Modified Date = 1/18/2005 9:17:56 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 8:49:02 AM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(ADSFilter) ADSFilter - (Aluria Filter Driver) [File_System | On_Demand | Stopped] -> System32\DRIVERS\ADSFilter.sys -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 8:55:46 AM | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 8:53:39 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 8:51:52 AM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.140.16.0 | Size = 376320 bytes | Modified Date = 9/28/2005 3:00:22 PM | Attr = ]
(BW2NDIS5) BW2NDIS5 [Kernel | On_Demand | Stopped] -> System32\Drivers\BW2NDIS5.sys -> File not found
(CAMCAUD) Conexant AMC 3D Environmental Audio [Kernel | On_Demand | Running] -> %System32%\drivers\camcaud.sys -> Conexant Systems Inc. [Ver = 6.13.10.8340 | Size = 292864 bytes | Modified Date = 6/28/2004 1:03:02 PM | Attr = ]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %System32%\drivers\camchal.sys -> Conexant Systems Inc. [Ver = 6.13.10.8340 | Size = 276480 bytes | Modified Date = 6/28/2004 1:03:42 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 12:07:17 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 12:07:16 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 3/31/2003 1:00:00 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ftdibus.sys -> FTDI Ltd. [Ver = 1.00.2154 | Size = 24209 bytes | Modified Date = 5/24/2005 11:16:04 AM | Attr = ]
(FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ftser2k.sys -> FTDI Ltd. [Ver = 1.00.2154 | Size = 57404 bytes | Modified Date = 5/24/2005 11:16:04 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 12:21:04 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 207232 bytes | Modified Date = 12/15/2004 2:18:34 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 1038208 bytes | Modified Date = 12/15/2004 2:18:26 PM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3929 | Size = 752093 bytes | Modified Date = 10/8/2004 6:54:56 AM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %System32%\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 4/13/2004 7:20:08 PM | Attr = R ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 10:04:14 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NetwareWorkstation) Novell Client for Windows [File_System | Auto | Running] -> %System32%\NetWare\nwfs.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 497743 bytes | Modified Date = 10/27/2005 4:38:46 PM | Attr = ]
(NICM) Novell InterService Communication Driver [Kernel | Boot | Running] -> %System32%\drivers\nicm.sys -> Novell, Inc. [Ver = 3.0.0.3 | Size = 38848 bytes | Modified Date = 8/19/2004 12:34:06 PM | Attr = ]
(NWDHCP) Novell DHCP Inform Client [File_System | Auto | Running] -> %System32%\NetWare\nwdhcp.sys -> Novell, Inc. [Ver = 4.91.1.0 | Size = 18353 bytes | Modified Date = 11/10/2005 7:53:00 AM | Attr = ]
(NWDNS) Novell DNS Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwdns.sys -> Novell, Inc. [Ver = 4.91.1.0 | Size = 35568 bytes | Modified Date = 9/29/2005 12:04:46 PM | Attr = ]
(NWFILTER) Novell UNC Path Filter [Kernel | Boot | Running] -> %System32%\NetWare\nwfilter.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 15891 bytes | Modified Date = 5/26/2005 6:14:00 PM | Attr = ]
(NWHOST) Novell Host File Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwhost.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 9297 bytes | Modified Date = 10/12/2005 1:12:18 PM | Attr = ]
(NWSAP) Novell SAP Name Space Provider [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsap.sys -> [Ver = | Size = 23232 bytes | Modified Date = 2/26/2003 2:51:18 PM | Attr = ]
(NWSIPX32) Novell NetWare IPX/SPX Transport Interface [File_System | Auto | Stopped] -> %System32%\NetWare\nwsipx32.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 39731 bytes | Modified Date = 10/27/2005 4:15:14 PM | Attr = ]
(NWSLP) Novell SLP Name Space Service Provider [File_System | On_Demand | Running] -> %System32%\NetWare\nwslp.sys -> Novell, Inc. [Ver = 4.91.0.1 | Size = 20332 bytes | Modified Date = 1/3/2005 2:51:38 PM | Attr = ]
(NWSNS) Novell Simple Naming Services [File_System | On_Demand | Stopped] -> %System32%\NetWare\nwsns.sys -> Novell, Inc. [Ver = 4.91.1.1 | Size = 6128 bytes | Modified Date = 10/12/2005 1:11:32 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PMEM) PMEM [Kernel | Auto | Stopped] -> %System32%\drivers\pmemnt.sys -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 3/31/2003 1:00:00 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RESMGR) Novell NetWare Resource Manager [Kernel | Auto | Running] -> %System32%\NetWare\resmgr.sys -> Novell, Inc. [Ver = 4.90 | Size = 27249 bytes | Modified Date = 6/1/2004 6:19:34 PM | Attr = ]
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnic51.sys -> Realtek Semiconductor Corporation [Ver = 5.611.1231.2003 built by: WinDDK | Size = 69504 bytes | Modified Date = 4/27/2004 1:03:00 PM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:32 PM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SRVLOC) Novell Service Location [File_System | Auto | Running] -> %System32%\NetWare\srvloc.sys -> Novell, Inc. [Ver = 4.91.0.1 | Size = 155761 bytes | Modified Date = 10/27/2005 4:21:08 PM | Attr = ]
(STV680) AIPTEK PenCam VR [Kernel | On_Demand | Stopped] -> %System32%\drivers\stv680.sys -> STMicroelectronics [Ver = 1-14 | Size = 113072 bytes | Modified Date = 11/20/2001 9:25:00 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 703232 bytes | Modified Date = 12/15/2004 2:18:28 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 7:00:23 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1151453717\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 6:27:22 AM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb07.exe -> HP [Ver = 2,140,0,0 | Size = 188416 bytes | Modified Date = 1/6/2006 1:07:25 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 6:31:26 AM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 2/17/2006 10:59:46 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
NDPS -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
NWTRAY -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/29/2006 3:44:21 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 3:42:38 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 10/18/2007 3:21:56 PM | Attr = ]
UserFaultCheck -> -> File not found
WatchDog -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 7/4/2005 3:47:24 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 9:20:54 AM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 17 | Size = 1347584 bytes | Modified Date = 8/29/2007 10:55:54 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/20/2006 7:13:24 PM | Attr = HS]
%AllUsersStartup%\DVD Check.lnk -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 7/4/2005 3:47:24 PM | Attr = ]
< dobrien Startup Folder > -> C:\Documents and Settings\dobrien\Start Menu\Programs\Startup ->
%UserStartup%\2WireSetup.lnk -> %ProgramFiles%\2Wire\WebWorks.exe -> [Ver = 1, 0, 0, 1 | Size = 638976 bytes | Modified Date = 10/27/2006 12:35:33 AM | Attr = ]
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/20/2006 7:13:24 PM | Attr = HS]
-> %UserStartup%\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 225280 bytes | Modified Date = 1/4/2007 1:45:11 PM | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
NWGINA.DLL -> %System32%\nwgina.dll -> Novell, Inc. [Ver = v6.5.1 (20050908) | Size = 356433 bytes | Modified Date = 10/25/2005 9:37:36 AM | Attr = ]
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3929 | Size = 344064 bytes | Modified Date = 10/8/2004 6:27:00 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\CompatibleRUPSecurity -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Hosts file not found -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4103 domain(s) found. ->
[msn] -> My Computer ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 37 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00000000-0000-0000-0000-000000000002} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkBhoGuard Class] -> File not found
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{15F4D456-5BAA-4076-8486-EECB38CD3E57} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkScamBHO Class] -> File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 10/18/2007 3:22:24 PM | Attr = ]
{512ACF1B-64D9-4928-B382-A80556F28DB4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ElnkPuB.dll [ElnkPubBHO Class] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 3:42:36 AM | Attr = ]
{9579D574-D4D8-4335-9560-FE8641A013BD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ProtctIE.dll [ElnkProtectionBHO Class] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{C7768536-96F8-4001-B1A2-90EE21279187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\Toolbar.dll [EarthLink Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\npjpi160_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 132496 bytes | Modified Date = 12/14/2007 3:42:37 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 3:42:36 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{7EF3898C-C287-4B9B-9D54-BDA9A8E03505} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{7F2B2DB0-A91B-4D56-BEC0-0F994FF2BDB4} -> (Broadcom 802.11b/g WLAN) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [Novell Directory Services Name Provider] -> %System32%\NetWare\nwws2nds.dll -> Novell, Inc. [Ver = 4.91 | Size = 36947 bytes | Modified Date = 10/27/2005 4:24:08 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000005 [Novell IPX/SPX SAP Name Provider] -> %System32%\NetWare\nwws2sap.dll -> Novell, Inc. [Ver = 4.91 | Size = 32851 bytes | Modified Date = 10/27/2005 4:24:08 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000006 [Novell SLP Provider] -> %System32%\NetWare\nwws2slp.dll -> Novell, Inc. [Ver = 4.91 | Size = 49235 bytes | Modified Date = 10/27/2005 4:24:10 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0000000A-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shock...director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\common\yinsthelper.dll[YInstStarter Class] ->
{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{38F5F92F-BD40-40DF-A569-6C1FCB638190}[HKEY_LOCAL_MACHINE] -> http://www.powerleap.com/cab_files/InSPECS3_0.cab[InSPECS3_0 Control] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[HpProductDetection Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1151541410543[MUWebControl Class] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}[HKEY_LOCAL_MACHINE] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx[Get_ActiveX Control] ->
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/web_...aploader_v6.cab[PopCapLoader Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 1/19/2008 8:50:06 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/13/2008 8:36:15 AM | Attr = HS]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 12/20/2007 8:42:38 PM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 12/20/2007 8:42:34 PM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 12/20/2007 8:42:34 PM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 12/20/2007 8:42:40 PM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 12/20/2007 8:42:39 PM | Attr = ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 12/20/2007 8:42:23 PM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 12/20/2007 8:42:23 PM | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 12/20/2007 8:42:35 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 69632 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 139264 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Created Date = 12/23/2007 9:47:44 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Created Date = 12/23/2007 10:03:08 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/13/2008 6:21:04 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/13/2008 6:20:53 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Created Date = 12/23/2007 10:08:42 AM | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Created Date = 12/23/2007 10:08:34 AM | Attr = ]
A real friend is hard to find.doc -> %UserDocuments%\A real friend is hard to find.doc -> [Ver = | Size = 19968 bytes | Created Date = 12/26/2007 10:02:19 AM | Attr = ]
Chapter 11.doc -> %UserDocuments%\Chapter 11.doc -> [Ver = | Size = 26112 bytes | Created Date = 1/14/2008 8:48:47 PM | Attr = ]
dotnetfx.exe -> %UserDocuments%\dotnetfx.exe -> Microsoft [Ver = 1.1.4322.573 | Size = 24265736 bytes | Created Date = 12/23/2007 9:20:27 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\dotnetfx.exe:Zone.Identifier
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 12/29/2007 6:58:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier
setupeng.exe -> %UserDocuments%\setupeng.exe -> [Ver = 4, 7, 0, 0 | Size = 18500624 bytes | Created Date = 12/20/2007 8:39:46 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupeng.exe:Zone.Identifier
setupframeworkskd.exe -> %UserDocuments%\setupframeworkskd.exe -> Microsoft [Ver = 1.1.4322.591 | Size = 111366152 bytes | Created Date = 12/23/2007 9:59:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupframeworkskd.exe:Zone.Identifier
TurboDelphi.exe -> %UserDocuments%\TurboDelphi.exe -> Borland Software Corporation [Ver = | Size = 340910242 bytes | Created Date = 12/23/2007 8:52:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TurboDelphi.exe:Zone.Identifier
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Created Date = 12/20/2007 8:42:40 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 1/13/2008 6:20:54 PM | Attr = ]
avenger.zip -> %UserDesktop%\avenger.zip -> [Ver = | Size = 127378 bytes | Created Date = 1/19/2008 8:45:54 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avenger.zip:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 12/29/2007 6:59:53 PM | Attr = ]
jre-6u4-windows-i586-p.exe -> %UserDesktop%\jre-6u4-windows-i586-p.exe -> [Ver = | Size = 15852952 bytes | Created Date = 1/13/2008 8:44:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u4-windows-i586-p.exe:Zone.Identifier
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 1/13/2008 6:19:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/13/2008 8:49:43 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 1/13/2008 8:48:14 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/13/2008 8:45:10 AM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 1/13/2008 6:20:26 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 1/19/2008 8:50:06 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/13/2008 6:20:58 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/13/2008 6:20:53 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/19/2008 8:49:01 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/13/2008 8:26:05 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/14/2008 3:01:28 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/22/2007 7:31:10 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 12/20/2007 8:42:38 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/14/2008 3:02:30 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/19/2008 8:50:09 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62484 bytes | Modified Date = 1/13/2008 9:00:19 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 400862 bytes | Modified Date = 1/13/2008 9:00:19 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 470828 bytes | Modified Date = 1/13/2008 9:00:15 PM | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Modified Date = 12/23/2007 9:47:44 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/19/2008 8:50:03 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/13/2008 8:24:21 AM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/23/2007 10:09:50 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/19/2008 8:49:46 AM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/23/2007 7:48:11 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/14/2008 3:02:22 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/14/2008 3:02:31 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/13/2008 6:20:58 PM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 12/23/2007 10:42:59 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/19/2008 8:47:50 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/24/2007 3:10:38 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 12/20/2007 8:31:33 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/14/2008 9:04:08 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/19/2008 2:02:42 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/23/2007 9:30:14 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/19/2008 8:49:51 AM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:17:56 AM | Attr = S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Modified Date = 12/23/2007 10:10:55 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/13/2008 6:21:04 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:10:04 AM | Attr = S]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/13/2008 6:20:53 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 12/23/2007 10:09:21 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3768564 bytes | Modified Date = 1/19/2008 8:48:11 AM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 12/23/2007 10:10:06 AM | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Modified Date = 12/23/2007 10:08:34 AM | Attr = ]
WeatherBug -> %LocalAppData%\WeatherBug -> [Folder | Modified Date = 1/13/2008 8:18:47 AM | Attr = ]
A real friend is hard to find.doc -> %UserDocuments%\A real friend is hard to find.doc -> [Ver = | Size = 19968 bytes | Modified Date = 12/26/2007 10:02:20 AM | Attr = ]
Chapter 11.doc -> %UserDocuments%\Chapter 11.doc -> [Ver = | Size = 26112 bytes | Modified Date = 1/14/2008 8:48:48 PM | Attr = ]
dotnetfx.exe -> %UserDocuments%\dotnetfx.exe -> Microsoft [Ver = 1.1.4322.573 | Size = 24265736 bytes | Modified Date = 12/23/2007 9:46:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\dotnetfx.exe:Zone.Identifier
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 12/29/2007 6:58:51 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier
setupeng.exe -> %UserDocuments%\setupeng.exe -> [Ver = 4, 7, 0, 0 | Size = 18500624 bytes | Modified Date = 12/20/2007 8:39:46 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupeng.exe:Zone.Identifier
setupframeworkskd.exe -> %UserDocuments%\setupframeworkskd.exe -> Microsoft [Ver = 1.1.4322.591 | Size = 111366152 bytes | Modified Date = 12/23/2007 10:00:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\setupframeworkskd.exe:Zone.Identifier
TurboDelphi.exe -> %UserDocuments%\TurboDelphi.exe -> Borland Software Corporation [Ver = | Size = 340910242 bytes | Modified Date = 12/23/2007 8:56:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TurboDelphi.exe:Zone.Identifier
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Modified Date = 12/20/2007 8:42:40 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 1/13/2008 6:20:54 PM | Attr = ]
avenger.zip -> %UserDesktop%\avenger.zip -> [Ver = | Size = 127378 bytes | Modified Date = 1/19/2008 8:45:56 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avenger.zip:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 12/29/2007 6:59:53 PM | Attr = ]
jre-6u4-windows-i586-p.exe -> %UserDesktop%\jre-6u4-windows-i586-p.exe -> [Ver = | Size = 15852952 bytes | Modified Date = 1/13/2008 8:44:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u4-windows-i586-p.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 1/13/2008 9:23:32 AM | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 1/13/2008 6:19:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/14/2008 9:31:11 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 1/13/2008 8:48:15 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 1/13/2008 8:45:10 AM | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 12/23/2007 10:03:18 AM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/13/2008 6:20:26 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 9751 bytes | Modified Date = 1/19/2008 8:51:07 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 9751 bytes | Modified Date = 1/19/2008 8:51:08 AM | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 3798 bytes | Modified Date = 6/29/2006 4:15:24 PM | Attr = ]
avg7act.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\avg7act.dat -> [Ver = | Size = 108093 bytes | Modified Date = 12/20/2007 8:32:30 PM | Attr = ]
Perflib_Perfdata_1d4.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_1d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/28/2007 6:41:02 PM | Attr = ]
Perflib_Perfdata_230.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_230.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/7/2007 5:26:57 AM | Attr = ]
Perflib_Perfdata_424.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_424.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/25/2007 5:47:18 PM | Attr = ]
Perflib_Perfdata_6e0.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_6e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/8/2007 1:17:43 PM | Attr = ]
Perflib_Perfdata_7cc.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_7cc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/13/2007 6:55:41 PM | Attr = ]
Perflib_Perfdata_7fc.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_7fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/21/2007 12:07:29 PM | Attr = ]
Perflib_Perfdata_a7c.dat -> C:\Documents and Settings\dobrien\Local Settings\Temp\Perflib_Perfdata_a7c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/20/2007 9:34:49 PM | Attr = ]
bdemerge.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\bdemerge.ini -> [Ver = | Size = 27 bytes | Modified Date = 12/23/2007 9:51:21 AM | Attr = ]
DLL_{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\DLL_{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}.ini -> [Ver = | Size = 351 bytes | Modified Date = 12/23/2007 9:51:20 AM | Attr = ]
setup.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\setup.ini -> [Ver = | Size = 4248 bytes | Modified Date = 11/11/2007 6:02:28 PM | Attr = ]
0x0409.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\Turbo Delphi\Install\0x0409.ini -> [Ver = | Size = 4632 bytes | Modified Date = 2/25/2003 11:04:28 AM | Attr = ]
Setup.ini -> C:\Documents and Settings\dobrien\Local Settings\Temp\Turbo Delphi\Install\Setup.ini -> [Ver = | Size = 1196 bytes | Modified Date = 9/7/2006 5:18:26 PM | Attr = ]

< End of report >

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:45 AM

Posted 19 January 2008 - 08:24 PM

Hi Modron. That looks pretty good. Just a little final housekeeping. How are things running now?

Start WinPFind35U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[msn]
YN -> {00000000-0000-0000-0000-000000000002} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkBhoGuard Class]
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {15F4D456-5BAA-4076-8486-EECB38CD3E57} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkScamBHO Class]
YN -> {512ACF1B-64D9-4928-B382-A80556F28DB4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ElnkPuB.dll [ElnkPubBHO Class]
YN -> {9579D574-D4D8-4335-9560-FE8641A013BD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ProtctIE.dll [ElnkProtectionBHO Class]
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {C7768536-96F8-4001-B1A2-90EE21279187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\Toolbar.dll [EarthLink Toolbar]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 Modron

Modron
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 19 January 2008 - 10:54 PM

Hey OT. The Run Fix went to "Not Responding", again. I rebooted the computer, did the Scan and got the log I'm posting below. It looks like you're taking out the Earthlink software. I appreciate that. I looked online at how to do that and the fixes I found looked really complicated.

WinPFind35 logfile created on: 1/19/2008 9:47:15 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\dobrien\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

734.42 Mb Total Physical Memory | 364.67 Mb Available Physical Memory | 49.65% Memory free
1.01 Gb Paging File | 0.62 Gb Available in Paging File | 61.73% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.42 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Drive D: | 325.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DEBSNOTEBOOK
Current User Name: dobrien
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 8:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 7:00:16 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 6:59:53 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 6:59:01 AM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 6:31:26 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 6:27:22 AM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1151453717\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/29/2006 3:44:21 AM | Attr = ]
dpmw32.exe -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
nwtray.exe -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 10/18/2007 3:21:56 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 7:00:23 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 3:42:38 AM | Attr = ]
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 9:20:54 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 11:16:08 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 8:36:33 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 7:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 6:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 6:59:01 AM | Attr = ]
(cusrvc) Client Update Service for Novell [Win32_Own | On_Demand | Stopped] -> %System32%\cusrvc.exe -> Novell, Inc. [Ver = v4.91 | Size = 36864 bytes | Modified Date = 1/18/2005 9:17:56 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 7:00:23 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1151453717\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 11:10:13 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 6:27:22 AM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb07.exe -> HP [Ver = 2,140,0,0 | Size = 188416 bytes | Modified Date = 1/6/2006 1:07:25 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 6:31:26 AM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 2/17/2006 10:59:46 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
NDPS -> %System32%\dpmw32.exe -> Novell, Inc. [Ver = v3.0.1 | Size = 32859 bytes | Modified Date = 5/17/2004 2:27:28 PM | Attr = ]
NWTRAY -> %System32%\nwtray.exe -> Novell, Inc. [Ver = v4.90 | Size = 28672 bytes | Modified Date = 3/12/2002 10:37:28 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/29/2006 3:44:21 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 3:42:38 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 10/18/2007 3:21:56 PM | Attr = ]
UserFaultCheck -> -> File not found
WatchDog -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 7/4/2005 3:47:24 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 9:20:54 AM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 17 | Size = 1347584 bytes | Modified Date = 8/29/2007 10:55:54 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/20/2006 7:13:24 PM | Attr = HS]
%AllUsersStartup%\DVD Check.lnk -> %ProgramFiles%\InterVideo\DVD Check\DVDCheck.exe -> InterVideo Inc. [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 7/4/2005 3:47:24 PM | Attr = ]
< dobrien Startup Folder > -> C:\Documents and Settings\dobrien\Start Menu\Programs\Startup ->
%UserStartup%\2WireSetup.lnk -> %ProgramFiles%\2Wire\WebWorks.exe -> [Ver = 1, 0, 0, 1 | Size = 638976 bytes | Modified Date = 10/27/2006 12:35:33 AM | Attr = ]
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/20/2006 7:13:24 PM | Attr = HS]
-> %UserStartup%\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 225280 bytes | Modified Date = 1/4/2007 1:45:11 PM | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
NWGINA.DLL -> %System32%\nwgina.dll -> Novell, Inc. [Ver = v6.5.1 (20050908) | Size = 356433 bytes | Modified Date = 10/25/2005 9:37:36 AM | Attr = ]
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3929 | Size = 344064 bytes | Modified Date = 10/8/2004 6:27:00 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\CompatibleRUPSecurity -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Hosts file not found -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4103 domain(s) found. ->
[msn] -> My Computer ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 37 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00000000-0000-0000-0000-000000000002} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkBhoGuard Class] -> File not found
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{15F4D456-5BAA-4076-8486-EECB38CD3E57} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\EScamBlk.dll [ElnkScamBHO Class] -> File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 10/18/2007 3:22:24 PM | Attr = ]
{512ACF1B-64D9-4928-B382-A80556F28DB4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ElnkPuB.dll [ElnkPubBHO Class] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 3:42:36 AM | Attr = ]
{9579D574-D4D8-4335-9560-FE8641A013BD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\ProtctIE.dll [ElnkProtectionBHO Class] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{C7768536-96F8-4001-B1A2-90EE21279187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EarthLink TotalAccess\Toolbar\Toolbar.dll [EarthLink Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\npjpi160_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 132496 bytes | Modified Date = 12/14/2007 3:42:37 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 3:42:36 AM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{7EF3898C-C287-4B9B-9D54-BDA9A8E03505} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{7F2B2DB0-A91B-4D56-BEC0-0F994FF2BDB4} -> (Broadcom 802.11b/g WLAN) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [Novell Directory Services Name Provider] -> %System32%\NetWare\nwws2nds.dll -> Novell, Inc. [Ver = 4.91 | Size = 36947 bytes | Modified Date = 10/27/2005 4:24:08 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000005 [Novell IPX/SPX SAP Name Provider] -> %System32%\NetWare\nwws2sap.dll -> Novell, Inc. [Ver = 4.91 | Size = 32851 bytes | Modified Date = 10/27/2005 4:24:08 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000006 [Novell SLP Provider] -> %System32%\NetWare\nwws2slp.dll -> Novell, Inc. [Ver = 4.91 | Size = 49235 bytes | Modified Date = 10/27/2005 4:24:10 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0000000A-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shock...director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?LinkID=39204[Windows Genuine Advantage Validation Tool] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\common\yinsthelper.dll[YInstStarter Class] ->
{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{38F5F92F-BD40-40DF-A569-6C1FCB638190}[HKEY_LOCAL_MACHINE] -> http://www.powerleap.com/cab_files/InSPECS3_0.cab[InSPECS3_0 Control] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[HpProductDetection Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1151541410543[MUWebControl Class] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}[HKEY_LOCAL_MACHINE] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx[Get_ActiveX Control] ->
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_04] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/web_...aploader_v6.cab[PopCapLoader Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 1/19/2008 8:50:06 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/13/2008 8:36:15 AM | Attr = HS]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 69632 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 139264 bytes | Created Date = 1/13/2008 8:45:59 AM | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Created Date = 12/23/2007 9:47:44 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 1/19/2008 8:50:06 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/13/2008 6:20:58 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/13/2008 6:20:53 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/19/2008 8:49:01 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/13/2008 8:26:05 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/14/2008 3:01:28 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/22/2007 7:31:10 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/14/2008 3:02:30 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/19/2008 8:50:09 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62484 bytes | Modified Date = 1/13/2008 9:00:19 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 400862 bytes | Modified Date = 1/13/2008 9:00:19 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 470828 bytes | Modified Date = 1/13/2008 9:00:15 PM | Attr = ]
URTTEMP -> %System32%\URTTEMP -> [Folder | Modified Date = 12/23/2007 9:47:44 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/19/2008 9:41:56 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/13/2008 8:24:21 AM | Attr = H ]
.jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Modified Date = 1/19/2008 9:29:01 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/23/2007 10:09:50 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/19/2008 9:41:28 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/23/2007 7:48:11 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/14/2008 3:02:22 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/14/2008 3:02:31 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/13/2008 6:20:58 PM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 12/23/2007 10:42:59 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/19/2008 8:47:50 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/24/2007 3:10:38 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/14/2008 9:04:08 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/19/2008 9:43:05 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/23/2007 9:30:14 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/19/2008 9:41:31 PM | Attr = H ]

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users