Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Multiple Things, Need Help!


  • Please log in to reply
12 replies to this topic

#1 blackchaos93

blackchaos93

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:02 PM

Posted 03 January 2008 - 12:25 PM

I think I picked up a few viruses and malware on my computer recently. It first started with a rogue anti-virus scanner popping up on my computer. I got rid of it and I thought it was alright. When I logged on today, the computer was very very slow. Running AVG Anti-Spyware, multiple things came up infected with Dropper.Agent.dpo. I can't supply you with a report, sorry. It spread to other applications and also onto the Anti-Spyware itself. Now, my internet browsers, IE, Opera, and Firefox don't work and my anti-virus/anti-spyware/firewall won't update. I've tried to fix it with Winsockxpfix, but that didn't work.

Also, Spyware Doctor detected Trojan.Virtumonde, Adware.Windows_ControlAd, Adware.Powersearch_Toolbar, Adware.Advertising, Spyware.Known_Bad_Sites, Trojan-PurityScan, Trojan.Downloader.Small.DCU, Adware.WhenU_SaveNow, and Trojan-Downloader.Small.CML.

I tried to remove them, but it looks like they're back.

I can't really use Spybot, Ad-aware, or any of the browser scanners on my computer as Spybot S&D and Ad-aware won't update and my internet browsers don't work.

Here's my Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:56 AM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\nero startsmart\nerostartsmart.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\nero\nero.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvtr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\nnnomll.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: nnnomll - C:\WINDOWS\SYSTEM32\nnnomll.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 13089 bytes

Please help!
I hate my life :(

BC AdBot (Login to Remove)

 


#2 blackchaos93

blackchaos93
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:02 PM

Posted 04 January 2008 - 11:51 AM

Also ran Vundofix and got this:

VundoFix V6.7.7

Checking Java version...

Scan started at 9:52:16 PM 1/2/2008

Listing files found while scanning....


VundoFix V6.7.7

Checking Java version...

Scan started at 9:28:00 AM 1/3/2008

Listing files found while scanning....

C:\windows\system32\drvpihr.dll
C:\WINDOWS\system32\fccdcby.dll
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\wintuh32.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvpihr.dll
C:\windows\system32\drvpihr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccdcby.dll
C:\WINDOWS\system32\fccdcby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wintuh32.dll
C:\WINDOWS\system32\wintuh32.dll Has been deleted!

Performing Repairs to the registry.
Done!
I hate my life :(

#3 blackchaos93

blackchaos93
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:02 PM

Posted 05 January 2008 - 09:14 PM

Can anybody please help me? The computer's getting slower and more things are being infected!
I hate my life :(

#4 blackchaos93

blackchaos93
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:02 PM

Posted 09 January 2008 - 10:56 PM

I think I've gotten rid of it. Vundofix, VirtumondoBegone, Spybot S&D, Mcafee Stinger, Superantispyware, AVG Anti-virus, and Spyware Doctor scans are all clean. I've also gotten the use of my internet back. I'm posting an updated Hijackthis log to check if the malware is hiding:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:49 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Catherine\Desktop\7-12-igp_xp32_dd_ccc_wdm_sb_gart_enu_55811.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11256 bytes
I hate my life :(

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:02 PM

Posted 13 January 2008 - 04:24 PM

Hello blackchaos93 and welcome to the BC HijackThis forum. The log looks clean. Just to be sure, let's try a different scanner and see what that shows.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 blackchaos93

blackchaos93
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:02 PM

Posted 19 January 2008 - 09:32 PM

Sorry for the late reply!

Thanks for he

WinPFind35 logfile created on: 1/19/2008 6:27:28 PM
WinPFind35U Version Beta26 Folder = C:\Documents and Settings\Catherine\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

894.48 Mb Total Physical Memory | 264.00 Mb Available Physical Memory | 29.51% Memory free
2.12 Gb Paging File | 1.45 Gb Available in Paging File | 68.41% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 365.87 Gb Total Space | 339.43 Gb Free Space | 92.77% Space Free | Partition Type: NTFS
Drive D: | 6.71 Gb Total Space | 0.40 Gb Free Space | 6.00% Space Free | Partition Type: FAT32
Drive E: | 6.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded

Computer Name: CAI4
Current User Name: Catherine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 8:49:06 PM | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Ahead Software AG [Ver = 4, 2, 2, 3 | Size = 876656 bytes | Modified Date = 3/24/2004 5:40:44 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 8:49:06 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/7/2008 4:52:30 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/7/2008 4:52:33 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/8/2008 6:23:17 PM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 11:42:38 AM | Attr = ]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 5.0.01.0600 | Size = 1524512 bytes | Modified Date = 7/16/2007 10:58:02 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.22.1 | Size = 38912 bytes | Modified Date = 3/17/2005 10:17:34 AM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 6:14:36 PM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.3 | Size = 311112 bytes | Modified Date = 11/2/2007 5:24:58 PM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.24 | Size = 1418056 bytes | Modified Date = 11/2/2007 5:25:04 PM | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 12/28/2007 2:08:28 PM | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.33 | Size = 1065800 bytes | Modified Date = 1/8/2008 6:52:10 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/8/2008 6:23:16 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.11.2.0 | Size = 486856 bytes | Modified Date = 1/3/2008 5:54:45 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/5/2004 1:28:24 AM | Attr = ]
updates from hp.exe -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 4/28/2005 5:28:14 PM | Attr = ]
rtlwake.exe -> %ProgramFiles%\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe -> [Ver = 2, 1, 0, 0 | Size = 745472 bytes | Modified Date = 3/18/2005 1:59:52 PM | Attr = ]
sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:35 PM | Attr = ]
rtwlan.exe -> %ProgramFiles%\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe -> [Ver = 1, 0, 0, 5 | Size = 491520 bytes | Modified Date = 3/25/2005 9:13:20 AM | Attr = ]
sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [Ver = 2.02.0001 | Size = 233472 bytes | Modified Date = 8/29/2003 11:14:56 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ]
pg2 .exe -> %ProgramFiles%\PeerGuardian2\pg2 .exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 1/2/2008 12:48:55 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306176 bytes | Modified Date = 1/19/2008 1:35:44 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 8:49:06 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/7/2008 4:52:30 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/7/2008 4:52:33 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/8/2008 6:23:17 PM | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 11:42:38 AM | Attr = ]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 5.0.01.0600 | Size = 1524512 bytes | Modified Date = 7/16/2007 10:58:02 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 9/8/2007 7:32:58 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 9:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Ahead Software AG [Ver = 4, 2, 2, 3 | Size = 876656 bytes | Modified Date = 3/24/2004 5:40:44 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.22.1 | Size = 38912 bytes | Modified Date = 3/17/2005 10:17:34 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 6:14:36 PM | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Disabled | Stopped] -> %System32%\PnkBstrA.exe -> File not found
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.3 | Size = 311112 bytes | Modified Date = 11/2/2007 5:24:58 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.24 | Size = 1418056 bytes | Modified Date = 11/2/2007 5:25:04 PM | Attr = ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 12/28/2007 2:08:28 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> File not found
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/8/2008 6:23:16 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ]
SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.33 | Size = 1065800 bytes | Modified Date = 1/8/2008 6:52:10 PM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.11.2.0 | Size = 486856 bytes | Modified Date = 1/3/2008 5:54:45 AM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ]
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 1/28/2005 1:41:38 AM | Attr = HS]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/5/2004 1:28:24 AM | Attr = ]
%AllUsersStartup%\Updates from HP.lnk -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 4/28/2005 5:28:14 PM | Attr = ]
%AllUsersStartup%\VPN Client.lnk -> %SystemRoot%\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico -> [Ver = | Size = 6144 bytes | Modified Date = 11/3/2007 3:48:04 PM | Attr = R ]
%AllUsersStartup%\WG111v2 Smart Wizard Wireless Setting.lnk -> %ProgramFiles%\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe -> [Ver = 2, 1, 0, 0 | Size = 745472 bytes | Modified Date = 3/18/2005 1:59:52 PM | Attr = ]
< Catherine Startup Folder > -> C:\Documents and Settings\Catherine\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 1/28/2005 1:41:38 AM | Attr = HS]
%UserStartup%\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:35 PM | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
-> -> File not found
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
{81559C35-8464-49F7-BB0E-07A383BEF910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 8/2/2003 11:20:57 PM | Attr = R ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 61440 bytes | Modified Date = 3/14/2005 8:49:58 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (223724 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4179 domain(s) found. ->
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6285 domain(s) found. ->
41 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 12/4/2007 1:02:24 PM | Attr = ]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 8/2/2003 11:24:01 PM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:33 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 1/7/2008 3:54:40 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ScriptInocUI Class] -> File not found
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 927008 bytes | Modified Date = 12/4/2007 1:02:24 PM | Attr = ]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 11:26:28 AM | Attr = ]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 1/7/2008 3:54:40 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 11:26:28 AM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 11:26:28 AM | Attr = ]
WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 1/7/2008 3:54:40 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:33 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Connection Help] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\MenuText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Script [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\ToolTip [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Clean Traces -> %ProgramFiles%\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 9/13/2007 8:33:26 PM | Attr = ]
&Download with &DAP -> %ProgramFiles%\DAP\dapextie.htm -> [Ver = | Size = 2020 bytes | Modified Date = 9/13/2007 8:33:28 PM | Attr = ]
Download &all with DAP -> %ProgramFiles%\DAP\dapextie2.htm -> [Ver = | Size = 1041 bytes | Modified Date = 9/13/2007 8:33:28 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 4:05:42 PM | Attr = ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{36D8CAC4-62D2-40B5-A9E9-3634FD4DB136} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{44407F52-4AE1-4958-A788-891B7B1E27D3} -> (NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter) ->
{60BB8941-1B50-49CC-9F9D-FB7710AEFBBC} -> (1394 Net Adapter) ->
{E697A658-FD94-4CAB-8093-3C1E0FE8A733} -> () ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 12/4/2007 1:02:24 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{99FE5072-78AA-4FEE-89BA-69A5FA55343F}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/B/3...44/igdtoolx.cab[IGDTester Class] ->
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab[Shockwave Flash Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MSI_Place_holder -> "9x Msi uninstaller fix" ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
C:\WINDOWS\system32\pmkhg -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 9:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 6:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 8:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 608 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\\MaxPacketSize -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 4222 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\iTunes\iTunes.exe -> iTunes.exe [%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 4:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe -> C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion] -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 4/28/2005 5:28:14 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 4:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 11:42:38 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire\FrostWire.exe -> C:\Program Files\FrostWire\FrostWire.exe [C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 1/17/2008 7:21:27 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/2/2006 11:17:27 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\win4F6.exe -> C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\win4F6.exe [C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\win4F6.exe:*:Enabled:win4F6] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 1/8/2008 6:23:17 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/7/2008 4:52:30 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/8/2008 6:23:16 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/8/2008 6:23:17 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 11/15/2007 1:10:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 8:39:49 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 8:39:49 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\0 -> Root\LEGACY_TLNTSVR\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 8:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 3:55:59 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
ĺ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DesktopShortcut -> no ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 1/7/2008 9:06:32 PM | Attr = RH ]
2091324483 -> %SystemDrive%\2091324483 -> [Ver = | Size = 2 bytes | Created Date = 1/1/2008 3:46:08 PM | Attr = ]
ATI -> %SystemDrive%\ATI -> [Folder | Created Date = 1/9/2008 7:53:35 PM | Attr = ]
boot.ini.SAB -> %SystemDrive%\boot.ini.SAB -> [Ver = | Size = 281 bytes | Created Date = 1/10/2008 6:26:11 PM | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 938004480 bytes | Created Date = 1/13/2008 12:49:52 PM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 449 bytes | Created Date = 12/27/2007 11:21:25 AM | Attr = H ]
spoolerlogs -> %SystemDrive%\spoolerlogs -> [Folder | Created Date = 1/15/2008 9:03:21 PM | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 1/14/2008 8:54:07 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 1/14/2008 8:54:07 PM | Attr = H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 1/2/2008 9:52:16 PM | Attr = ]
3cwmcru.sys -> %System32%\dllcache\3cwmcru.sys -> 3Com, Inc. [Ver = 1.44.008.0020 | Size = 762780 bytes | Created Date = 1/4/2008 9:18:03 PM | Attr = ]
3dfxvs.dll -> %System32%\dllcache\3dfxvs.dll -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 689216 bytes | Created Date = 1/4/2008 9:18:03 PM | Attr = ]
3dfxvsm.sys -> %System32%\dllcache\3dfxvsm.sys -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 148352 bytes | Created Date = 1/4/2008 9:18:03 PM | Attr = ]
a3d.dll -> %System32%\dllcache\a3d.dll -> Aureal Semiconductor [Ver = 2.09 | Size = 98304 bytes | Created Date = 1/4/2008 9:18:06 PM | Attr = ]
a3dapi.dll -> %System32%\dllcache\a3dapi.dll -> Aureal Inc. [Ver = 3.02 | Size = 462848 bytes | Created Date = 1/4/2008 9:18:06 PM | Attr = ]
ac97ali.sys -> %System32%\dllcache\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Created Date = 1/4/2008 9:18:07 PM | Attr = ]
ac97intc.sys -> %System32%\dllcache\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Created Date = 1/4/2008 9:18:08 PM | Attr =

Thanks for the help! Sorry for the late reply!

#7 blackchaos93

blackchaos93
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:02 PM

Posted 19 January 2008 - 09:35 PM

Oops... sorry I only pasted about half the log XD.

Here, I uploaded the entire thing.
Attached File  WinPFind35.Txt   408.11KB   12 downloads
I hate my life :(

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:02 PM

Posted 20 January 2008 - 11:49 AM

Hi blackchaos93. Ok, let's get started. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire\FrostWire.exe -> C:\Program Files\FrostWire\FrostWire.exe [C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\win4F6.exe -> C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\win4F6.exe [C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\win4F6.exe:*:Enabled:win4F6]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes
YN -> ADP -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize
YN -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DesktopShortcut -> no
[Files/Folders - Created Within 30 days]
NY -> 2091324483 -> %SystemDrive%\2091324483
NY -> ali5261.sys -> %System32%\dllcache\ali5261.sys
NY -> cem33n5.sys -> %System32%\dllcache\cem33n5.sys
NY -> d3d9caps.dat -> %System32%\d3d9caps.dat
NY -> rtvwa.ini2 -> %System32%\rtvwa.ini2
[Files/Folders - Modified Within 30 days]
NY -> 2091324483 -> %SystemDrive%\2091324483
NY -> rtvwa.ini2 -> %System32%\rtvwa.ini2
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 125 bytes -> %AllUsersAppData%\TEMP:0F8F5844
NY -> @Alternate Data Stream - 145 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 blackchaos93

blackchaos93
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:02 PM

Posted 21 January 2008 - 12:24 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2008 at 08:44 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384
Trace Rules Database Version: 1378

Scan type : Complete Scan
Total Scan Time : 03:52:16

Memory items scanned : 553
Memory threats detected : 0
Registry items scanned : 7607
Registry threats detected : 0
File items scanned : 144378
File threats detected : 0

WinPFind35u/Moved Files Log:
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire\FrostWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\CATHER~1\LOCALS~1\Temp\win4F6.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes:ADP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel deleted successfully.
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize:*ItemSize* .
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DesktopShortcut deleted successfully.
[Files/Folders - Created Within 30 days]
C:\2091324483 moved successfully.
C:\WINDOWS\System32\dllcache\ali5261.sys moved successfully.
C:\WINDOWS\System32\dllcache\cem33n5.sys moved successfully.
C:\WINDOWS\System32\d3d9caps.dat moved successfully.
C:\WINDOWS\System32\rtvwa.ini2 moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\2091324483 not found!
File C:\WINDOWS\System32\rtvwa.ini2 not found!
C:\WINDOWS\imsins.BAK moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
< End of fix log >
WinPFind35U Version Beta26 fix logfile created on 01202008_140454
I hate my life :(

#10 blackchaos93

blackchaos93
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:02 PM

Posted 21 January 2008 - 12:28 AM

WinPFind35 logfile created on: 1/20/2008 9:21:05 PM
WinPFind35U Version Beta26 Folder = C:\Documents and Settings\Catherine\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

894.48 Mb Total Physical Memory | 161.37 Mb Available Physical Memory | 18.04% Memory free
2.12 Gb Paging File | 1.08 Gb Available in Paging File | 51.15% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 365.87 Gb Total Space | 342.54 Gb Free Space | 93.62% Space Free | Partition Type: NTFS
Drive D: | 6.71 Gb Total Space | 0.40 Gb Free Space | 6.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: CAI4
Current User Name: Catherine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 8:49:06 PM | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Ahead Software AG [Ver = 4, 2, 2, 3 | Size = 876656 bytes | Modified Date = 3/24/2004 5:40:44 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 8:49:06 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/8/2008 6:23:16 PM | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.33 | Size = 1065800 bytes | Modified Date = 1/8/2008 6:52:10 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.11.2.0 | Size = 486856 bytes | Modified Date = 1/3/2008 5:54:45 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/7/2008 4:52:30 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/7/2008 4:52:33 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/8/2008 6:23:17 PM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 11:42:38 AM | Attr = ]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 5.0.01.0600 | Size = 1524512 bytes | Modified Date = 7/16/2007 10:58:02 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.22.1 | Size = 38912 bytes | Modified Date = 3/17/2005 10:17:34 AM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 6:14:36 PM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.3 | Size = 311112 bytes | Modified Date = 11/2/2007 5:24:58 PM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.24 | Size = 1418056 bytes | Modified Date = 11/2/2007 5:25:04 PM | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 12/28/2007 2:08:28 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/5/2004 1:28:24 AM | Attr = ]
updates from hp.exe -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 4/28/2005 5:28:14 PM | Attr = ]
rtlwake.exe -> %ProgramFiles%\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe -> [Ver = 2, 1, 0, 0 | Size = 745472 bytes | Modified Date = 3/18/2005 1:59:52 PM | Attr = ]
sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:35 PM | Attr = ]
rtwlan.exe -> %ProgramFiles%\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe -> [Ver = 1, 0, 0, 5 | Size = 491520 bytes | Modified Date = 3/25/2005 9:13:20 AM | Attr = ]
sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [Ver = 2.02.0001 | Size = 233472 bytes | Modified Date = 8/29/2003 11:14:56 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 11/30/2007 8:11:30 PM | Attr = ]
pg2 .exe -> %ProgramFiles%\PeerGuardian2\pg2 .exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 1/2/2008 12:48:55 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306176 bytes | Modified Date = 1/19/2008 1:35:44 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 8:49:06 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/7/2008 4:52:30 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/7/2008 4:52:33 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/8/2008 6:23:17 PM | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 11:42:38 AM | Attr = ]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 5.0.01.0600 | Size = 1524512 bytes | Modified Date = 7/16/2007 10:58:02 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 9/8/2007 7:32:58 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 9:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Ahead Software AG [Ver = 4, 2, 2, 3 | Size = 876656 bytes | Modified Date = 3/24/2004 5:40:44 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.22.1 | Size = 38912 bytes | Modified Date = 3/17/2005 10:17:34 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 6:14:36 PM | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Disabled | Stopped] -> %System32%\PnkBstrA.exe -> File not found
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.3 | Size = 311112 bytes | Modified Date = 11/2/2007 5:24:58 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.24 | Size = 1418056 bytes | Modified Date = 11/2/2007 5:25:04 PM | Attr = ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 12/28/2007 2:08:28 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> File not found
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/8/2008 6:23:16 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ]
SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.33 | Size = 1065800 bytes | Modified Date = 1/8/2008 6:52:10 PM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.11.2.0 | Size = 486856 bytes | Modified Date = 1/3/2008 5:54:45 AM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.0.0.40 | Size = 307200 bytes | Modified Date = 11/22/2004 8:18:02 AM | Attr = R ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ]
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 1/28/2005 1:41:38 AM | Attr = HS]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/5/2004 1:28:24 AM | Attr = ]
%AllUsersStartup%\Updates from HP.lnk -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 4/28/2005 5:28:14 PM | Attr = ]
%AllUsersStartup%\VPN Client.lnk -> %SystemRoot%\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico -> [Ver = | Size = 6144 bytes | Modified Date = 11/3/2007 3:48:04 PM | Attr = R ]
%AllUsersStartup%\WG111v2 Smart Wizard Wireless Setting.lnk -> %ProgramFiles%\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe -> [Ver = 2, 1, 0, 0 | Size = 745472 bytes | Modified Date = 3/18/2005 1:59:52 PM | Attr = ]
< Catherine Startup Folder > -> C:\Documents and Settings\Catherine\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 1/28/2005 1:41:38 AM | Attr = HS]
%UserStartup%\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:35 PM | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
-> -> File not found
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
{81559C35-8464-49F7-BB0E-07A383BEF910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 8/2/2003 11:20:57 PM | Attr = R ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 61440 bytes | Modified Date = 3/14/2005 8:49:58 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (223724 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4179 domain(s) found. ->
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6285 domain(s) found. ->
41 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 12/4/2007 1:02:24 PM | Attr = ]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 8/2/2003 11:24:01 PM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:33 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 1/7/2008 3:54:40 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ScriptInocUI Class] -> File not found
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 927008 bytes | Modified Date = 12/4/2007 1:02:24 PM | Attr = ]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 11:26:28 AM | Attr = ]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 1/7/2008 3:54:40 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 11:26:28 AM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 11:26:28 AM | Attr = ]
WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 1/7/2008 3:54:40 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:33 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Connection Help] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\MenuText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Script [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\ToolTip [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Clean Traces -> %ProgramFiles%\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 9/13/2007 8:33:26 PM | Attr = ]
&Download with &DAP -> %ProgramFiles%\DAP\dapextie.htm -> [Ver = | Size = 2020 bytes | Modified Date = 9/13/2007 8:33:28 PM | Attr = ]
Download &all with DAP -> %ProgramFiles%\DAP\dapextie2.htm -> [Ver = | Size = 1041 bytes | Modified Date = 9/13/2007 8:33:28 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 4:05:42 PM | Attr = ]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{36D8CAC4-62D2-40B5-A9E9-3634FD4DB136} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{44407F52-4AE1-4958-A788-891B7B1E27D3} -> (NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter) ->
{60BB8941-1B50-49CC-9F9D-FB7710AEFBBC} -> (1394 Net Adapter) ->
{E697A658-FD94-4CAB-8093-3C1E0FE8A733} -> () ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 12/4/2007 1:02:24 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{99FE5072-78AA-4FEE-89BA-69A5FA55343F}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/B/3...44/igdtoolx.cab[IGDTester Class] ->
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab[Shockwave Flash Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MSI_Place_holder -> "9x Msi uninstaller fix" ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
C:\WINDOWS\system32\pmkhg -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 9:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 6:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 8:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 608 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\\MaxPacketSize -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 4395 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\iTunes\iTunes.exe -> iTunes.exe [%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 4:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe -> C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion] -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 4/28/2005 5:28:14 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 4:44:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 11:42:38 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 1/17/2008 7:21:27 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/2/2006 11:17:27 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 1/8/2008 6:23:17 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/7/2008 4:52:30 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/8/2008 6:23:16 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/8/2008 6:23:17 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 11/15/2007 1:10:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 8:39:49 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\0 -> Root\LEGACY_TLNTSVR\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 8:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 3:55:59 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
ĺ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 1/7/2008 9:06:32 PM | Attr = RH ]
ATI -> %SystemDrive%\ATI -> [Folder | Created Date = 1/9/2008 7:53:35 PM | Attr = ]
boot.ini.SAB -> %SystemDrive%\boot.ini.SAB -> [Ver = | Size = 281 bytes | Created Date = 1/10/2008 6:26:11 PM | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 938004480 bytes | Created Date = 1/13/2008 12:49:52 PM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 449 bytes | Created Date = 12/27/2007 11:21:25 AM | Attr = H ]
OUT_MEDIA_FILESGackt - MARS - 01. Ares.mp3 -> %SystemDrive%\OUT_MEDIA_FILESGackt - MARS - 01. Ares.mp3 -> [Ver = | Size = 3792896 bytes | Created Date = 1/20/2008 12:38:02 PM | Attr = ]
OUT_MEDIA_FILESGackt - MARS - 02. Asrun Dream.mp3 -> %SystemDrive%\OUT_MEDIA_FILESGackt - MARS - 02. Asrun Dream.mp3 -> [Ver = | Size = 10717184 bytes | Created Date = 1/20/2008 12:38:02 PM | Attr = ]
spoolerlogs -> %SystemDrive%\spoolerlogs -> [Folder | Created Date = 1/15/2008 9:03:21 PM | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 1/14/2008 8:54:07 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 1/14/2008 8:54:07 PM | Attr = H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 1/2/2008 9:52:16 PM | Attr = ]
3cwmcru.sys -> %System32%\dllcache\3cwmcru.sys -> 3Com, Inc. [Ver = 1.44.008.0020 | Size = 762780 bytes | Created Date = 1/4/2008 9:18:03 PM | Attr = ]
3dfxvs.dll -> %System32%\dllcache\3dfxvs.dll -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 689216 bytes | Created Date = 1/4/2008 9:18:03 PM | Attr = ]
3dfxvsm.sys -> %System32%\dllcache\3dfxvsm.sys -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 148352 bytes | Created Date = 1/4/2008 9:18:03 PM | Attr = ]
a3d.dll -> %System32%\dllcache\a3d.dll -> Aureal Semiconductor [Ver = 2.09 | Size = 98304 bytes | Created Date = 1/4/2008 9:18:06 PM | Attr = ]
a3dapi.dll -> %System32%\dllcache\a3dapi.dll -> Aureal Inc. [Ver = 3.02 | Size = 462848 bytes | Created Date = 1/4/2008 9:18:06 PM | Attr = ]
ac97ali.sys -> %System32%\dllcache\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Created Date = 1/4/2008 9:18:07 PM | Attr = ]
ac97intc.sys -> %System32%\dllcache\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Created Date = 1/4/2008 9:18:08 PM | Attr = ]
ac97sis.sys -> %System32%\dllcache\ac97sis.sys -> Silicon Integrated Systems Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 297728 bytes | Created Date = 1/4/2008 9:18:09 PM | Attr = ]
ac97via.sys -> %System32%\dllcache\ac97via.sys -> VIA Technologies, Inc. [Ver = 5.10.00.3622 built by: WinDDK | Size = 84480 bytes | Created Date = 1/4/2008 9:18:09 PM | Attr = ]
acerscad.dll -> %System32%\dllcache\acerscad.dll -> Color Flatbed Scanner [Ver = 1, 0, 0, 0 | Size = 61440 bytes | Created Date = 1/4/2008 9:18:10 PM | Attr = ]
adm8511.sys -> %System32%\dllcache\adm8511.sys -> ADMtek Incorporated [Ver = 2.04.2001.0719 built by: WinDDK | Size = 20160 bytes | Created Date = 1/4/2008 9:18:12 PM | Attr = ]
adm8810.sys -> %System32%\dllcache\adm8810.sys -> Aureal, Inc. [Ver = 5.12.01.3500 | Size = 584448 bytes | Created Date = 1/4/2008 9:18:13 PM | Attr = ]
adm8820.sys -> %System32%\dllcache\adm8820.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 553984 bytes | Created Date = 1/4/2008 9:18:13 PM | Attr = ]
adm8830.sys -> %System32%\dllcache\adm8830.sys -> Aureal, Inc. [Ver = 5.12.01.2500 | Size = 747392 bytes | Created Date = 1/4/2008 9:18:13 PM | Attr = ]
admjoy.sys -> %System32%\dllcache\admjoy.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 10880 bytes | Created Date = 1/4/2008 9:18:14 PM | Attr = ]
adptsf50.sys -> %System32%\dllcache\adptsf50.sys -> Adaptec, Inc [Ver = V5.10.22 | Size = 46112 bytes | Created Date = 1/4/2008 9:18:16 PM | Attr = ]
adv01nt5.dll -> %System32%\dllcache\adv01nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 1/4/2008 9:18:19 PM | Attr = ]
adv02nt5.dll -> %System32%\dllcache\adv02nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 1/4/2008 9:18:19 PM | Attr = ]
adv05nt5.dll -> %System32%\dllcache\adv05nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 1/4/2008 9:18:19 PM | Attr = ]
adv07nt5.dll -> %System32%\dllcache\adv07nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 1/4/2008 9:18:19 PM | Attr = ]
adv08nt5.dll -> %System32%\dllcache\adv08nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 1/4/2008 9:18:19 PM | Attr = ]
adv09nt5.dll -> %System32%\dllcache\adv09nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 1/4/2008 9:18:20 PM | Attr = ]
adv11nt5.dll -> %System32%\dllcache\adv11nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 1/4/2008 9:18:20 PM | Attr = ]
alifir.sys -> %System32%\dllcache\alifir.sys -> Acer Laboratories Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 26624 bytes | Created Date = 1/4/2008 9:18:30 PM | Attr = ]
aliide.sys -> %System32%\dllcache\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Created Date = 1/4/2008 9:18:30 PM | Attr = ]
amb8002.sys -> %System32%\dllcache\amb8002.sys -> AmbiCom, Inc. [Ver = v3.03 | Size = 16969 bytes | Created Date = 1/4/2008 9:18:31 PM | Attr = ]
amdagp.sys -> %System32%\dllcache\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Created Date = 1/4/2008 9:18:32 PM | Attr = ]
an983.sys -> %System32%\dllcache\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Created Date = 1/4/2008 9:18:34 PM | Attr = ]
asc.sys -> %System32%\dllcache\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Created Date = 1/4/2008 9:18:37 PM | Attr = ]
asc3550.sys -> %System32%\dllcache\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Created Date = 1/4/2008 9:18:38 PM | Attr = ]
aspndis3.sys -> %System32%\dllcache\aspndis3.sys -> Bay Networks, Inc. [Ver = 3.23.11 | Size = 97354 bytes | Created Date = 1/4/2008 9:18:39 PM | Attr = ]
ati.sys -> %System32%\dllcache\ati.sys -> ATI Technologies, Inc. [Ver = 3.0.62 (XPClient.010817-1148) | Size = 77568 bytes | Created Date = 1/4/2008 9:18:42 PM | Attr = ]
ati1btxx.sys -> %System32%\dllcache\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 1/4/2008 9:18:42 PM | Attr = ]
ati1mdxx.sys -> %System32%\dllcache\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 1/4/2008 9:18:43 PM | Attr = ]
ati1pdxx.sys -> %System32%\dllcache\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 1/4/2008 9:18:43 PM | Attr = ]
ati1raxx.sys -> %System32%\dllcache\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 1/4/2008 9:18:44 PM | Attr = ]
ati1rvxx.sys -> %System32%\dllcache\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 1/4/2008 9:18:45 PM | Attr = ]
ati1snxx.sys -> %System32%\dllcache\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 1/4/2008 9:18:46 PM | Attr = ]
ati1ttxx.sys -> %System32%\dllcache\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 1/4/2008 9:18:46 PM | Attr = ]
ati1tuxx.sys -> %System32%\dllcache\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 1/4/2008 9:18:47 PM | Attr = ]
ati1xbxx.sys -> %System32%\dllcache\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 1/4/2008 9:18:48 PM | Attr = ]
ati1xsxx.sys -> %System32%\dllcache\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 1/4/2008 9:18:48 PM | Attr = ]
ati2dvaa.dll -> %System32%\dllcache\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 1/4/2008 9:18:49 PM | Attr = ]
ati2mtaa.sys -> %System32%\dllcache\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 1/4/2008 9:18:49 PM | Attr = ]
ati3d1ag.dll -> %System32%\dllcache\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 1/4/2008 9:18:50 PM | Attr = ]
atibt829.sys -> %System32%\dllcache\atibt829.sys -> [Ver = | Size = 46464 bytes | Created Date = 1/4/2008 9:18:51 PM | Attr = ]
atidrab.dll -> %System32%\dllcache\atidrab.dll -> ATI Technologies Inc. [Ver = 5.01.2195.5012 (ReleasedBinaries.010718-0005) | Size = 382592 bytes | Created Date = 1/4/2008 9:18:52 PM | Attr = ]
atidrae.dll -> %System32%\dllcache\atidrae.dll -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 137216 bytes | Created Date = 1/4/2008 9:18:52 PM | Attr = ]
atidvai.dll -> %System32%\dllcache\atidvai.dll -> ATI Technologies Inc. [Ver = 5.10.2280.1028 (ReleasedBinaries.010715-1631) | Size = 268160 bytes | Created Date = 1/4/2008 9:18:52 PM | Attr = ]
atimpab.sys -> %System32%\dllcache\atimpab.sys -> ATI Technologies Inc. [Ver = 5.00.2195.5007 (ReleasedBinaries.010718-0005) | Size = 289664 bytes | Created Date = 1/4/2008 9:18:53 PM | Attr = ]
atimpae.sys -> %System32%\dllcache\atimpae.sys -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 75136 bytes | Created Date = 1/4/2008 9:18:54 PM | Attr = ]
atimtai.sys -> %System32%\dllcache\atimtai.sys -> ATI Technologies Inc. [Ver = 5.13.01.1140 (ReleasedBinaries.010715-1631) | Size = 281600 bytes | Created Date = 1/4/2008 9:18:54 PM | Attr = ]
atinbtxx.sys -> %System32%\dllcache\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 1/4/2008 9:18:54 PM | Attr = ]
atinmdxx.sys -> %System32%\dllcache\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 1/4/2008 9:18:55 PM | Attr = ]
atinpdxx.sys -> %System32%\dllcache\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 1/4/2008 9:18:56 PM | Attr = ]
atinraxx.sys -> %System32%\dllcache\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 1/4/2008 9:18:56 PM | Attr = ]
atinrvxx.sys -> %System32%\dllcache\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 1/4/2008 9:18:57 PM | Attr = ]
atinsnxx.sys -> %System32%\dllcache\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 1/4/2008 9:18:58 PM | Attr = ]
atinttxx.sys -> %System32%\dllcache\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 1/4/2008 9:18:59 PM | Attr = ]
atintuxx.sys -> %System32%\dllcache\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 1/4/2008 9:19:00 PM | Attr = ]
atinxbxx.sys -> %System32%\dllcache\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 1/4/2008 9:19:00 PM | Attr = ]
atinxsxx.sys -> %System32%\dllcache\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 1/4/2008 9:19:01 PM | Attr = ]
atipcxxx.sys -> %System32%\dllcache\atipcxxx.sys -> [Ver = | Size = 10240 bytes | Created Date = 1/4/2008 9:19:02 PM | Attr = ]
atiraged.dll -> %System32%\dllcache\atiraged.dll -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 104832 bytes | Created Date = 1/4/2008 9:19:02 PM | Attr = ]
atiragem.sys -> %System32%\dllcache\atiragem.sys -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 70528 bytes | Created Date = 1/4/2008 9:19:03 PM | Attr = ]

atirtcap.sys -> %System32%\dllcache\atirtcap.sys -> [Ver = | Size = 49920 bytes | Created Date = 1/4/2008 9:19:03 PM | Attr = ]
atirtsnd.sys -> %System32%\dllcache\atirtsnd.sys -> [Ver = | Size = 26880 bytes | Created Date = 1/4/2008 9:19:03 PM | Attr = ]
atitunep.sys -> %System32%\dllcache\atitunep.sys -> [Ver = | Size = 17152 bytes | Created Date = 1/4/2008 9:19:04 PM | Attr = ]
atitvsnd.sys -> %System32%\dllcache\atitvsnd.sys -> [Ver = | Size = 17152 bytes | Created Date = 1/4/2008 9:19:04 PM | Attr = ]
ativdaxx.ax -> %System32%\dllcache\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 1/4/2008 9:19:05 PM | Attr = ]
ativmdcd.sys -> %System32%\dllcache\ativmdcd.sys -> [Ver = | Size = 9472 bytes | Created Date = 1/4/2008 9:19:05 PM | Attr = ]
ativmvxx.ax -> %System32%\dllcache\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 1/4/2008 9:19:05 PM | Attr = ]
ativtmxx.dll -> %System32%\dllcache\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 1/4/2008 9:19:05 PM | Attr = ]
ativttxx.sys -> %System32%\dllcache\ativttxx.sys -> [Ver = | Size = 19456 bytes | Created Date = 1/4/2008 9:19:06 PM | Attr = ]
ativxbar.sys -> %System32%\dllcache\ativxbar.sys -> [Ver = | Size = 26624 bytes | Created Date = 1/4/2008 9:19:07 PM | Attr = ]
atixbar.sys -> %System32%\dllcache\atixbar.sys -> [Ver = | Size = 23552 bytes | Created Date = 1/4/2008 9:19:07 PM | Attr = ]
atv01nt5.dll -> %System32%\dllcache\atv01nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 1/4/2008 9:19:09 PM | Attr = ]
atv02nt5.dll -> %System32%\dllcache\atv02nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 1/4/2008 9:19:09 PM | Attr = ]
atv04nt5.dll -> %System32%\dllcache\atv04nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 1/4/2008 9:19:09 PM | Attr = ]
atv06nt5.dll -> %System32%\dllcache\atv06nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 1/4/2008 9:19:10 PM | Attr = ]
atv10nt5.dll -> %System32%\dllcache\atv10nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 1/4/2008 9:19:10 PM | Attr = ]
avmcoxp.dll -> %System32%\dllcache\avmcoxp.dll -> AVM GmbH [Ver = 2.4 | Size = 87552 bytes | Created Date = 1/4/2008 9:19:15 PM | Attr = ]
avmenum.dll -> %System32%\dllcache\avmenum.dll -> AVM GmbH [Ver = 1, 0, 0, 3 | Size = 144384 bytes | Created Date = 1/4/2008 9:19:15 PM | Attr = ]
avmwan.sys -> %System32%\dllcache\avmwan.sys -> AVM GmbH [Ver = 02.04.00 | Size = 37568 bytes | Created Date = 1/4/2008 9:19:16 PM | Attr = ]
aztw2320.sys -> %System32%\dllcache\aztw2320.sys -> Aztech Systems Ltd [Ver = 5.1.2501.0 built by: WinDDK | Size = 36992 bytes | Created Date = 1/6/2008 6:05:27 PM | Attr = ]
b1cbase.sys -> %System32%\dllcache\b1cbase.sys -> AVM GmbH [Ver = 5.2 | Size = 89952 bytes | Created Date = 1/6/2008 6:05:28 PM | Attr = ]
b57xp32.sys -> %System32%\dllcache\b57xp32.sys -> Broadcom Corporation [Ver = 2.16b.0.0 built by: WinDDK | Size = 96640 bytes | Created Date = 1/6/2008 6:05:28 PM | Attr = ]
banshee.dll -> %System32%\dllcache\banshee.dll -> 3Dfx Interactive, Inc. [Ver = 5.00.2462.60 | Size = 342336 bytes | Created Date = 1/6/2008 6:05:28 PM | Attr = ]
banshee.sys -> %System32%\dllcache\banshee.sys -> 3Dfx Interactive, Inc. [Ver = 5.00.2462.60 | Size = 36128 bytes | Created Date = 1/6/2008 6:05:29 PM | Attr = ]
bcm42u.sys -> %System32%\dllcache\bcm42u.sys -> Broadcom Corporation [Ver = 2.29.0.8 | Size = 66557 bytes | Created Date = 1/6/2008 6:05:30 PM | Attr = ]
bcm42xx5.sys -> %System32%\dllcache\bcm42xx5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 54271 bytes | Created Date = 1/6/2008 6:05:30 PM | Attr = ]
bcm4e5.sys -> %System32%\dllcache\bcm4e5.sys -> Broadcom Corporation [Ver = 2.31.0.2 | Size = 26568 bytes | Created Date = 1/6/2008 6:05:31 PM | Attr = ]
bcmdm.sys -> %System32%\dllcache\bcmdm.sys -> BCM [Ver = 3.2.12.9 07/17/2001 14:21:30 | Size = 871388 bytes | Created Date = 1/6/2008 6:05:31 PM | Attr = ]
brbidiif.dll -> %System32%\dllcache\brbidiif.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 19456 bytes | Created Date = 1/6/2008 6:05:33 PM | Attr = ]
brcoinst.dll -> %System32%\dllcache\brcoinst.dll -> Brother Industries Ltd. [Ver = 1.0.0.8 (Lab06_N.010129-0357) | Size = 9728 bytes | Created Date = 1/6/2008 6:05:34 PM | Attr = ]
brevif.dll -> %System32%\dllcache\brevif.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 12800 bytes | Created Date = 1/6/2008 6:05:34 PM | Attr = ]
brfilt.sys -> %System32%\dllcache\brfilt.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 2944 bytes | Created Date = 1/6/2008 6:05:35 PM | Attr = ]
brfiltlo.sys -> %System32%\dllcache\brfiltlo.sys -> Brother Industries, Ltd. [Ver = 1.09.000 (Lab06_N.010129-0357) | Size = 12160 bytes | Created Date = 1/6/2008 6:05:35 PM | Attr = ]
brfiltup.sys -> %System32%\dllcache\brfiltup.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (Lab06_N.010129-0357) | Size = 3968 bytes | Created Date = 1/6/2008 6:05:36 PM | Attr = ]
brmfbidi.dll -> %System32%\dllcache\brmfbidi.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 15360 bytes | Created Date = 1/6/2008 6:05:36 PM | Attr = ]
brmflpt.dll -> %System32%\dllcache\brmflpt.dll -> Brother Industries, Ltd. [Ver = 1.45.15.346 | Size = 29696 bytes | Created Date = 1/6/2008 6:05:37 PM | Attr = ]
brmfrsmg.exe -> %System32%\dllcache\brmfrsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 32256 bytes | Created Date = 1/6/2008 6:05:37 PM | Attr = ]
brmfusb.dll -> %System32%\dllcache\brmfusb.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 41472 bytes | Created Date = 1/6/2008 6:05:38 PM | Attr = ]
brparimg.sys -> %System32%\dllcache\brparimg.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 3168 bytes | Created Date = 1/6/2008 6:05:39 PM | Attr = ]
brparwdm.sys -> %System32%\dllcache\brparwdm.sys -> Brother Industries Ltd. [Ver = 1.00 | Size = 39552 bytes | Created Date = 1/6/2008 6:05:39 PM | Attr = ]
brscnrsm.dll -> %System32%\dllcache\brscnrsm.dll -> Brother Industries,Ltd. [Ver = 1.0.0.14 | Size = 5120 bytes | Created Date = 1/6/2008 6:05:40 PM | Attr = ]
brserif.dll -> %System32%\dllcache\brserif.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 9728 bytes | Created Date = 1/6/2008 6:05:40 PM | Attr = ]
brserwdm.sys -> %System32%\dllcache\brserwdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.15 (Lab06_N.010129-0357) | Size = 60416 bytes | Created Date = 1/6/2008 6:05:41 PM | Attr = ]
brusbmdm.sys -> %System32%\dllcache\brusbmdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 (Lab06_N.010129-0357) | Size = 11008 bytes | Created Date = 1/6/2008 6:05:41 PM | Attr = ]
brusbscn.sys -> %System32%\dllcache\brusbscn.sys -> Brother Industries Ltd. [Ver = 1,0,0,6 (Lab06_N.010129-0357) | Size = 10368 bytes | Created Date = 1/6/2008 6:05:42 PM | Attr = ]
brzwlan.sys -> %System32%\dllcache\brzwlan.sys -> BreezeCOM [Ver = 4.4.1.18 | Size = 31529 bytes | Created Date = 1/6/2008 6:05:42 PM | Attr = ]
cb102.sys -> %System32%\dllcache\cb102.sys -> Fast Ethernet Controller Provider [Ver = 2.20.0.0 | Size = 37916 bytes | Created Date = 1/6/2008 6:06:07 PM | Attr = ]
cb325.sys -> %System32%\dllcache\cb325.sys -> Silicom Ltd. [Ver = 4.106.24 | Size = 39680 bytes | Created Date = 1/6/2008 6:06:08 PM | Attr = ]
cben5.sys -> %System32%\dllcache\cben5.sys -> Xircom, Inc. [Ver = 3.14.05.00 | Size = 46108 bytes | Created Date = 1/6/2008 6:06:08 PM | Attr = ]
cbmdmkxx.sys -> %System32%\dllcache\cbmdmkxx.sys -> Xircom, Inc. [Ver = 1.90.7 | Size = 714698 bytes | Created Date = 1/6/2008 6:06:09 PM | Attr = ]
ce2n5.sys -> %System32%\dllcache\ce2n5.sys -> Xircom, Inc. [Ver = 3.06.04.00 | Size = 21530 bytes | Created Date = 1/6/2008 6:06:11 PM | Attr = ]
ce3n5.sys -> %System32%\dllcache\ce3n5.sys -> Xircom, Inc. [Ver = 2.11.01.00 | Size = 27164 bytes | Created Date = 1/6/2008 6:06:11 PM | Attr = ]
cem28n5.sys -> %System32%\dllcache\cem28n5.sys -> Xircom, Inc. [Ver = 1.22.02.00 | Size = 22044 bytes | Created Date = 1/6/2008 6:06:12 PM | Attr = ]
cem56n5.sys -> %System32%\dllcache\cem56n5.sys -> Xircom, Inc. [Ver = 2.70.02.00 | Size = 49182 bytes | Created Date = 1/6/2008 6:06:13 PM | Attr = ]
ch7xxnt5.dll -> %System32%\dllcache\ch7xxnt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 1/6/2008 6:06:14 PM | Attr = ]
chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 1/6/2008 6:06:16 PM | Attr = ]
cicap.sys -> %System32%\dllcache\cicap.sys -> Xircom [Ver = 4.0.0.41 | Size = 980034 bytes | Created Date = 1/6/2008 6:06:17 PM | Attr = ]
cinemclc.sys -> %System32%\dllcache\cinemclc.sys -> RAVISENT Technologies Inc. [Ver = 5.0.00.0081 | Size = 272640 bytes | Created Date = 1/6/2008 6:06:17 PM | Attr = ]
cmbp0wdm.sys -> %System32%\dllcache\cmbp0wdm.sys -> OMNIKEY AG [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 20736 bytes | Created Date = 1/6/2008 6:06:22 PM | Attr = ]
cmdide.sys -> %System32%\dllcache\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Created Date = 1/6/2008 6:06:23 PM | Attr = ]
cnxt1803.sys -> %System32%\dllcache\cnxt1803.sys -> Conexant Systems, Inc. [Ver = V1.15.7 | Size = 39936 bytes | Created Date = 1/6/2008 6:06:25 PM | Attr = ]
cpqndis5.sys -> %System32%\dllcache\cpqndis5.sys -> Compaq Computer Corporation [Ver = 3.06.04.00 | Size = 21533 bytes | Created Date = 1/6/2008 6:06:29 PM | Attr = ]
cpqtrnd5.sys -> %System32%\dllcache\cpqtrnd5.sys -> Compaq Computer Corp. [Ver = 5.84.02 | Size = 60970 bytes | Created Date = 1/6/2008 6:06:30 PM | Attr = ]
cpscan.dll -> %System32%\dllcache\cpscan.dll -> COMPAQ Inc. [Ver = 1.0.0.7 | Size = 216064 bytes | Created Date = 1/6/2008 6:06:31 PM | Attr = ]
crtaud.sys -> %System32%\dllcache\crtaud.sys -> Conexant Systems Inc. [Ver = 5.12.01.0326 | Size = 42112 bytes | Created Date = 1/6/2008 6:06:32 PM | Attr = ]
ctlfacem.sys -> %System32%\dllcache\ctlfacem.sys -> Creative Technology Ltd. [Ver = 5.12.01.2108 built by: WinDDK | Size = 6912 bytes | Created Date = 1/6/2008 6:06:34 PM | Attr = ]
ctljystk.sys -> %System32%\dllcache\ctljystk.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3712 bytes | Created Date = 1/6/2008 6:06:35 PM | Attr = ]
ctlsb16.sys -> %System32%\dllcache\ctlsb16.sys -> Copyright © Creative Technology Ltd. 1994-2001 [Ver = 5.1.2501.0 built by: WinDDK | Size = 96256 bytes | Created Date = 1/6/2008 6:06:36 PM | Attr = ]
ctmasetp.dll -> %System32%\dllcache\ctmasetp.dll -> Comtrol® Corporation [Ver = 5.1.2600.2180 | Size = 249856 bytes | Created Date = 1/6/2008 6:06:37 PM | Attr = ]
ctwdm32.dll -> %System32%\dllcache\ctwdm32.dll -> Creative Technology Ltd. [Ver = 5.0.0.2001 | Size = 4096 bytes | Created Date = 1/6/2008 6:06:37 PM | Attr = ]
cwbase.sys -> %System32%\dllcache\cwbase.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3072 bytes | Created Date = 1/6/2008 6:06:38 PM | Attr = ]
cwbmidi.sys -> %System32%\dllcache\cwbmidi.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3072 bytes | Created Date = 1/6/2008 6:06:41 PM | Attr = ]
cwbwdm.sys -> %System32%\dllcache\cwbwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 72832 bytes | Created Date = 1/6/2008 6:06:42 PM | Attr = ]
cwcosnt5.sys -> %System32%\dllcache\cwcosnt5.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3584 bytes | Created Date = 1/6/2008 6:06:43 PM | Attr = ]
cwcspud.sys -> %System32%\dllcache\cwcspud.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 111872 bytes | Created Date = 1/6/2008 6:06:44 PM | Attr = ]
cwcwdm.sys -> %System32%\dllcache\cwcwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 93952 bytes | Created Date = 1/6/2008 6:06:45 PM | Attr = ]
cwrwdm.sys -> %System32%\dllcache\cwrwdm.sys -> Crystal Semiconductor Corp. [Ver = 5.2.3790.0 built by: WinDDK | Size = 48640 bytes | Created Date = 1/6/2008 6:06:45 PM | Attr = ]
d100ib5.sys -> %System32%\dllcache\d100ib5.sys -> Intel Corporation [Ver = 5.41.17.0000 built by: WinDDK | Size = 117760 bytes | Created Date = 1/6/2008 6:06:53 PM | Attr = ]
dac2w2k.sys -> %System32%\dllcache\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Created Date = 1/6/2008 6:06:55 PM | Attr = ]
dc21x4.sys -> %System32%\dllcache\dc21x4.sys -> Intel Corporation. [Ver = 5.05.04 | Size = 63208 bytes | Created Date = 1/6/2008 6:07:00 PM | Attr = ]
defpa.sys -> %System32%\dllcache\defpa.sys -> Digital Networks, LLC [Ver = 5.5 built by: WinDDK | Size = 20928 bytes | Created Date = 1/6/2008 6:07:03 PM | Attr = ]
devcon32.dll -> %System32%\dllcache\devcon32.dll -> Creative Technology Ltd. [Ver = 4.06.651 | Size = 256512 bytes | Created Date = 1/6/2008 6:07:05 PM | Attr = ]
devldr32.exe -> %System32%\dllcache\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 17 | Size = 24064 bytes | Created Date = 1/6/2008 6:07:05 PM | Attr = ]
dfe650.sys -> %System32%\dllcache\dfe650.sys -> D-Link [Ver = 5.00.2128.1 | Size = 24648 bytes | Created Date = 1/6/2008 6:07:06 PM | Attr = ]
dfe650d.sys -> %System32%\dllcache\dfe650d.sys -> D-Link [Ver = 5.00.2128.1 | Size = 24649 bytes | Created Date = 1/6/2008 6:07:07 PM | Attr = ]
dgapci.sys -> %System32%\dllcache\dgapci.sys -> Digi International Inc. [Ver = v3.7.3.0 | Size = 29531 bytes | Created Date = 1/6/2008 6:07:08 PM | Attr = ]
dgconfig.dll -> %System32%\dllcache\dgconfig.dll -> Digi International [Ver = v3.7.3.0 | Size = 419357 bytes | Created Date = 1/6/2008 6:07:09 PM | Attr = ]
diapi2.sys -> %System32%\dllcache\diapi2.sys -> Eicon Technology [Ver = 1.0.1.390 | Size = 164923 bytes | Created Date = 1/6/2008 6:06:05 PM | Attr = ]
diapi2NT.dll -> %System32%\dllcache\diapi2NT.dll -> Eicon Technology Corporation [Ver = 2.10 101-390 | Size = 32256 bytes | Created Date = 1/6/2008 6:06:06 PM | Attr = ]
digiasyn.dll -> %System32%\dllcache\digiasyn.dll -> Digi International Inc. [Ver = 3.10 | Size = 65622 bytes | Created Date = 1/6/2008 6:07:11 PM | Attr = ]
digiasyn.sys -> %System32%\dllcache\digiasyn.sys -> Digi International Inc. [Ver = 3.10 | Size = 37735 bytes | Created Date = 1/6/2008 6:07:12 PM | Attr = ]
digidbp.dll -> %System32%\dllcache\digidbp.dll -> Digi International Inc. [Ver = 3.10 | Size = 131156 bytes | Created Date = 1/6/2008 6:07:13 PM | Attr = ]
digidxb.sys -> %System32%\dllcache\digidxb.sys -> Digi International Inc. [Ver = 3.10 | Size = 103044 bytes | Created Date = 1/6/2008 6:07:14 PM | Attr = ]
digifep5.sys -> %System32%\dllcache\digifep5.sys -> Digi International Inc. [Ver = v3.7.3.0 | Size = 90525 bytes | Created Date = 1/6/2008 6:07:15 PM | Attr = ]
digifwrk.dll -> %System32%\dllcache\digifwrk.dll -> Digi International Inc. [Ver = 3.10 | Size = 229462 bytes | Created Date = 1/6/2008 6:07:16 PM | Attr = ]
digihlc.dll -> %System32%\dllcache\digihlc.dll -> Digi International Inc. [Ver = 3.10 | Size = 159828 bytes | Created Date = 1/6/2008 6:07:17 PM | Attr = ]
digiinf.dll -> %System32%\dllcache\digiinf.dll -> Digi International Inc. [Ver = 3.10 | Size = 102484 bytes | Created Date = 1/6/2008 6:07:17 PM | Attr = ]
digiisdn.dll -> %System32%\dllcache\digiisdn.dll -> Digi International Inc. [Ver = 3.10 | Size = 41046 bytes | Created Date = 1/6/2008 6:07:19 PM | Attr = ]
digiisdn.sys -> %System32%\dllcache\digiisdn.sys -> Digi International Inc. [Ver = 3.10 | Size = 21606 bytes | Created Date = 1/6/2008 6:07:20 PM | Attr = ]
digirlpt.dll -> %System32%\dllcache\digirlpt.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 110621 bytes | Created Date = 1/6/2008 6:07:20 PM | Attr = ]
digirlpt.sys -> %System32%\dllcache\digirlpt.sys -> Digi International, Inc. [Ver = 2.3.7 | Size = 42432 bytes | Created Date = 1/6/2008 6:07:21 PM | Attr = ]
digiview.exe -> %System32%\dllcache\digiview.exe -> Digi International Inc. [Ver = 3.10 | Size = 614429 bytes | Created Date = 1/6/2008 6:07:22 PM | Attr = ]
dimaint.sys -> %System32%\dllcache\dimaint.sys -> Eicon Technology [Ver = 2.0.1.315 | Size = 91305 bytes | Created Date = 1/6/2008 6:07:23 PM | Attr = ]
disrvci.dll -> %System32%\dllcache\disrvci.dll -> Eicon Technology [Ver = 2.0.1.73 | Size = 6729 bytes | Created Date = 1/6/2008 6:07:25 PM | Attr = ]
disrvpp.dll -> %System32%\dllcache\disrvpp.dll -> Eicon Technology [Ver = 2.0.1.73 | Size = 31305 bytes | Created Date = 1/6/2008 6:07:26 PM | Attr = ]
disrvsu.dll -> %System32%\dllcache\disrvsu.dll -> Eicon Technology [Ver = 2.0.1.73 | Size = 38985 bytes | Created Date = 1/6/2008 6:07:27 PM | Attr = ]
ditrace.exe -> %System32%\dllcache\ditrace.exe -> Eicon Technology [Ver = 2.0.1.315 | Size = 236060 bytes | Created Date = 1/6/2008 6:07:28 PM | Attr = ]
divaci.dll -> %System32%\dllcache\divaci.dll -> [Ver = | Size = 6216 bytes | Created Date = 1/6/2008 6:07:29 PM | Attr = ]
divaprop.dll -> %System32%\dllcache\divaprop.dll -> [Ver = | Size = 37962 bytes | Created Date = 1/6/2008 6:07:30 PM | Attr = ]
divasu.dll -> %System32%\dllcache\divasu.dll -> [Ver = | Size = 29768 bytes | Created Date = 1/6/2008 6:07:31 PM | Attr = ]
diwan.sys -> %System32%\dllcache\diwan.sys -> Eicon Technology [Ver = 2.0.1.700 | Size = 952007 bytes | Created Date = 1/6/2008 6:07:32 PM | Attr = ]
dlh5xnd5.sys -> %System32%\dllcache\dlh5xnd5.sys -> D-Link Corporation [Ver = v2.5.4 | Size = 26698 bytes | Created Date = 1/6/2008 6:07:33 PM | Attr = ]
dm9pci5.sys -> %System32%\dllcache\dm9pci5.sys -> CNet Technology, Inc. [Ver = 1.23.01.0228 built by: WinDDK | Size = 29696 bytes | Created Date = 1/6/2008 6:07:34 PM | Attr = ]
dp83820.sys -> %System32%\dllcache\dp83820.sys -> National Semiconductor Coproration [Ver = 5.0.4.17 | Size = 28062 bytes | Created Date = 1/6/2008 6:07:38 PM | Attr = ]
ds1wdm.sys -> %System32%\dllcache\ds1wdm.sys -> Yamaha Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 334208 bytes | Created Date = 1/6/2008 6:07:41 PM | Attr = ]
e1000nt5.sys -> %System32%\dllcache\e1000nt5.sys -> Intel Corporation [Ver = 2.94.294.0 | Size = 50719 bytes | Created Date = 1/6/2008 6:07:44 PM | Attr = ]
e100b325.sys -> %System32%\dllcache\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Created Date = 1/6/2008 6:07:45 PM | Attr = ]
e100isa4.sys -> %System32%\dllcache\e100isa4.sys -> Intel Corporation [Ver = 5.0.5.0 | Size = 19594 bytes | Created Date = 1/6/2008 6:07:46 PM | Attr = ]
el515.sys -> %System32%\dllcache\el515.sys -> 3Com Corporation [Ver = 1.08.03 | Size = 44103 bytes | Created Date = 1/6/2008 6:07:48 PM | Attr = ]
el556nd5.sys -> %System32%\dllcache\el556nd5.sys -> 3Com Corporation [Ver = 1.21.00.001 | Size = 55999 bytes | Created Date = 1/6/2008 6:07:49 PM | Attr = ]
el574nd4.sys -> %System32%\dllcache\el574nd4.sys -> 3Com Corporation [Ver = 2.00.03.4001 | Size = 24653 bytes | Created Date = 1/6/2008 6:07:50 PM | Attr = ]
el575nd5.sys -> %System32%\dllcache\el575nd5.sys -> 3Com Corporation [Ver = 2.60.5000.0020 | Size = 69692 bytes | Created Date = 1/6/2008 6:07:51 PM | Attr = ]
el589nd5.sys -> %System32%\dllcache\el589nd5.sys -> 3Com Corporation [Ver = 2.50.50.0033 | Size = 26141 bytes | Created Date = 1/6/2008 6:07:52 PM | Attr = ]
el656cd5.sys -> %System32%\dllcache\el656cd5.sys -> 3Com Corporation [Ver = 3.00.5000.0004 | Size = 69194 bytes | Created Date = 1/6/2008 6:07:53 PM | Attr = ]
el656ct5.sys -> %System32%\dllcache\el656ct5.sys -> 3Com Corporation [Ver = 1.00.4002.0070 | Size = 634134 bytes | Created Date = 1/6/2008 6:07:55 PM | Attr = ]
el656nd5.sys -> %System32%\dllcache\el656nd5.sys -> 3Com Corporation [Ver = 1.50.5000.0007 | Size = 77386 bytes | Created Date = 1/6/2008 6:07:56 PM | Attr = ]
el656se5.sys -> %System32%\dllcache\el656se5.sys -> 3Com Corporation [Ver = 1.00.4002.0070 | Size = 241206 bytes | Created Date = 1/6/2008 6:07:57 PM | Attr = ]
el90xbc5.sys -> %System32%\dllcache\el90xbc5.sys -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Created Date = 1/6/2008 6:07:58 PM | Attr = ]
el90xnd5.sys -> %System32%\dllcache\el90xnd5.sys -> 3Com Corporation [Ver = 3.60.50.008 | Size = 153631 bytes | Created Date = 1/6/2008 6:07:59 PM | Attr = ]
el985n51.sys -> %System32%\dllcache\el985n51.sys -> 3Com Corporation. [Ver = 1.17.34.4 | Size = 455199 bytes | Created Date = 1/6/2008 6:08:00 PM | Attr = ]
el98xn5.sys -> %System32%\dllcache\el98xn5.sys -> 3Com Corporation [Ver = 4.0.0.13 | Size = 70174 bytes | Created Date = 1/6/2008 6:08:01 PM | Attr = ]
el99xn51.sys -> %System32%\dllcache\el99xn51.sys -> 3Com Corporation [Ver = 2.00.00.0030 built by: WinDDK | Size = 171520 bytes | Created Date = 1/6/2008 6:08:03 PM | Attr = ]
elnk3.sys -> %System32%\dllcache\elnk3.sys -> 3Com Corporation [Ver = 5.32.40 | Size = 25159 bytes | Created Date = 1/6/2008 6:08:05 PM | Attr = ]
em556n4.sys -> %System32%\dllcache\em556n4.sys -> 3Com Corporation [Ver = 1.10.02 | Size = 19996 bytes | Created Date = 1/6/2008 6:08:06 PM | Attr = ]
emu10k1m.sys -> %System32%\dllcache\emu10k1m.sys -> Creative Technology Ltd. [Ver = 5.12.01.3300 built by: WinDDK | Size = 283904 bytes | Created Date = 1/6/2008 6:08:09 PM | Attr = ]
epro4.sys -> %System32%\dllcache\epro4.sys -> Intel Corporation [Ver = 3.70.00.0000 | Size = 18503 bytes | Created Date = 1/6/2008 6:08:12 PM | Attr = ]
eqn.sys -> %System32%\dllcache\eqn.sys -> Equinox Systems Inc. [Ver = 5.0.U72 Intel built by: WinDDK | Size = 629952 bytes | Created Date = 1/6/2008 6:08:15 PM | Attr = ]
eqndiag.exe -> %System32%\dllcache\eqndiag.exe -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 53248 bytes | Created Date = 1/6/2008 6:08:17 PM | Attr = ]
eqnlogr.exe -> %System32%\dllcache\eqnlogr.exe -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 51200 bytes | Created Date = 1/6/2008 6:08:18 PM | Attr = ]
eqnloop.exe -> %System32%\dllcache\eqnloop.exe -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 61952 bytes | Created Date = 1/6/2008 6:08:20 PM | Attr = ]
es1370mp.sys -> %System32%\dllcache\es1370mp.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 37120 bytes | Created Date = 1/6/2008 6:08:22 PM | Attr = ]
es1371mp.sys -> %System32%\dllcache\es1371mp.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 40704 bytes | Created Date = 1/6/2008 6:08:23 PM | Attr = ]
es1969.sys -> %System32%\dllcache\es1969.sys -> ESS Technology Inc. [Ver = 5.1.2501.0 built by: WinDDK | Size = 72192 bytes | Created Date = 1/6/2008 6:08:25 PM | Attr = ]
es198x.sys -> %System32%\dllcache\es198x.sys -> ESS Technology, Inc. [Ver = 5.1.2526.0 built by: WinDDK | Size = 174464 bytes | Created Date = 1/6/2008 6:08:27 PM | Attr = ]
es56cvmp.sys -> %System32%\dllcache\es56cvmp.sys -> ESS Technology, Inc. [Ver = V4.43.049 | Size = 595647 bytes | Created Date = 1/6/2008 6:08:29 PM | Attr = ]
es56hpi.sys -> %System32%\dllcache\es56hpi.sys -> ESS Technology, Inc. [Ver = V4.43.049 | Size = 594238 bytes | Created Date = 1/6/2008 6:08:30 PM | Attr = ]
es56tpi.sys -> %System32%\dllcache\es56tpi.sys -> ESS Technology, Inc. [Ver = V4.43.049 | Size = 347550 bytes | Created Date = 1/6/2008 6:08:32 PM | Attr = ]
ess.sys -> %System32%\dllcache\ess.sys -> ESS Technology, Inc. [Ver = 5.1.2501.0 built by: WinDDK | Size = 63360 bytes | Created Date = 1/6/2008 6:08:34 PM | Attr = ]
essm2e.sys -> %System32%\dllcache\essm2e.sys -> ESS Technology, Inc. [Ver = 5.1.3612.0 built by: WinDDK | Size = 137088 bytes | Created Date = 1/6/2008 6:08:36 PM | Attr = ]
esucm.dll -> %System32%\dllcache\esucm.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 43008 bytes | Created Date = 1/6/2008 6:08:36 PM | Attr = ]
esuimg.dll -> %System32%\dllcache\esuimg.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 34816 bytes | Created Date = 1/6/2008 6:08:38 PM | Attr = ]
esuni.dll -> %System32%\dllcache\esuni.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45568 bytes | Created Date = 1/6/2008 6:08:40 PM | Attr = ]
esunib.dll -> %System32%\dllcache\esunib.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45568 bytes | Created Date = 1/6/2008 6:08:42 PM | Attr = ]
ex10.sys -> %System32%\dllcache\ex10.sys -> Intel Corporation [Ver = 1.51.00.0000 | Size = 16998 bytes | Created Date = 1/6/2008 6:08:45 PM | Attr = ]
f3ab18xi.sys -> %System32%\dllcache\f3ab18xi.sys -> FUJITSU LIMITED [Ver = 3,00,10,0022 | Size = 12362 bytes | Created Date = 1/6/2008 6:08:48 PM | Attr = ]
f3ab18xj.sys -> %System32%\dllcache\f3ab18xj.sys -> FUJITSU LIMITED [Ver = 3,00,10,0022 | Size = 11850 bytes | Created Date = 1/6/2008 6:08:50 PM | Attr = ]
fa312nd5.sys -> %System32%\dllcache\fa312nd5.sys -> NETGEAR Corp. [Ver = 5.00.119.0 | Size = 16074 bytes | Created Date = 1/6/2008 6:08:52 PM | Attr = ]
fa410nd5.sys -> %System32%\dllcache\fa410nd5.sys -> NETGEAR [Ver = 5.00.2128.1 | Size = 24618 bytes | Created Date = 1/6/2008 6:08:53 PM | Attr = ]
fem556n5.sys -> %System32%\dllcache\fem556n5.sys -> 3Com Corporation [Ver = 1.01.08.6001 | Size = 22090 bytes | Created Date = 1/6/2008 6:08:56 PM | Attr = ]
fetnd5.sys -> %System32%\dllcache\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Created Date = 1/6/2008 6:09:01 PM | Attr = ]
forehe.sys -> %System32%\dllcache\forehe.sys -> Marconi Communications, Inc. [Ver = 5.0.12.6327 | Size = 34173 bytes | Created Date = 1/6/2008 6:09:05 PM | Attr = ]
fpcibase.sys -> %System32%\dllcache\fpcibase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 444416 bytes | Created Date = 1/6/2008 6:09:06 PM | Attr = ]
fpcmbase.sys -> %System32%\dllcache\fpcmbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 441728 bytes | Created Date = 1/6/2008 6:09:08 PM | Attr = ]
fpnpbase.sys -> %System32%\dllcache\fpnpbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 442240 bytes | Created Date = 1/6/2008 6:09:10 PM | Attr = ]
fus2base.sys -> %System32%\dllcache\fus2base.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 455680 bytes | Created Date = 1/6/2008 6:09:12 PM | Attr = ]
fusbbase.sys -> %System32%\dllcache\fusbbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 455296 bytes | Created Date = 1/6/2008 6:09:14 PM | Attr = ]
fxusbase.sys -> %System32%\dllcache\fxusbase.sys -> AVM GmbH [Ver = 3.0 built by: WinDDK | Size = 454912 bytes | Created Date = 1/6/2008 6:09:19 PM | Attr = ]
g200d.dll -> %System32%\dllcache\g200d.dll -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 470144 bytes | Created Date = 1/6/2008 6:09:21 PM | Attr = ]
g200m.sys -> %System32%\dllcache\g200m.sys -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 320384 bytes | Created Date = 1/6/2008 6:09:23 PM | Attr = ]
g400d.dll -> %System32%\dllcache\g400d.dll -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 1733120 bytes | Created Date = 1/6/2008 6:09:24 PM | Attr = ]
g400m.sys -> %System32%\dllcache\g400m.sys -> Matrox Graphics Inc. [Ver = 5.12.01.1200 (ReleasedBinaries.010308-1115) | Size = 322432 bytes | Created Date = 1/6/2008 6:09:26 PM | Attr = ]
gpr400.sys -> %System32%\dllcache\gpr400.sys -> Gemplus [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 17408 bytes | Created Date = 1/6/2008 6:09:31 PM | Attr = ]
grclass.sys -> %System32%\dllcache\grclass.sys -> Gemplus [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 82304 bytes | Created Date = 1/6/2008 6:09:33 PM | Attr = ]
grserial.sys -> %System32%\dllcache\grserial.sys -> Gemplus [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 28288 bytes | Created Date = 1/6/2008 6:09:34 PM | Attr = ]
hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 1/6/2008 6:09:35 PM | Attr = ]
hcf_msft.sys -> %System32%\dllcache\hcf_msft.sys -> Conexant [Ver = 2.1.2.171.021.003 | Size = 907456 bytes | Created Date = 1/6/2008 6:09:36 PM | Attr = ]
hpgt21.dll -> %System32%\dllcache\hpgt21.dll -> [Ver = 1, 0, 0, 1 | Size = 83968 bytes | Created Date = 1/6/2008 6:09:48 PM | Attr = ]
hpgt33.dll -> %System32%\dllcache\hpgt33.dll -> [Ver = 1, 0, 0, 1 | Size = 89088 bytes | Created Date = 1/6/2008 6:09:52 PM | Attr = ]
hpgt34.dll -> %System32%\dllcache\hpgt34.dll -> [Ver = 1, 0, 0, 1 | Size = 101376 bytes | Created Date = 1/6/2008 6:09:56 PM | Attr = ]
hpgt34tk.dll -> %System32%\dllcache\hpgt34tk.dll -> Hewlett Packard [Ver = 4.11.2000.0 | Size = 126976 bytes | Created Date = 1/6/2008 6:09:58 PM | Attr = ]
hpgt42.dll -> %System32%\dllcache\hpgt42.dll -> [Ver = 1, 0, 0, 1 | Size = 93696 bytes | Created Date = 1/6/2008 6:10:00 PM | Attr = ]
hpgt53.dll -> %System32%\dllcache\hpgt53.dll -> [Ver = 1, 0, 0, 1 | Size = 165888 bytes | Created Date = 1/6/2008 6:10:04 PM | Attr = ]
hpgt53tk.dll -> %System32%\dllcache\hpgt53tk.dll -> Avisioin [Ver = 1,0,7,0210 | Size = 68608 bytes | Created Date = 1/6/2008 6:10:06 PM | Attr = ]
hsfbs2s2.sys -> %System32%\dllcache\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 1/6/2008 6:10:50 PM | Attr = ]
hsfcisp2.dll -> %System32%\dllcache\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 1/6/2008 6:10:51 PM | Attr = ]
hsfcxts2.sys -> %System32%\dllcache\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 1/6/2008 6:10:51 PM | Attr = ]
hsfdpsp2.sys -> %System32%\dllcache\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 1/6/2008 6:10:52 PM | Attr = ]
hsf_amos.sys -> %System32%\dllcache\hsf_amos.sys -> Conexant [Ver = 3.05.12.04 | Size = 150239 bytes | Created Date = 1/6/2008 6:10:21 PM | Attr = ]
hsf_bsc2.sys -> %System32%\dllcache\hsf_bsc2.sys -> Conexant [Ver = 3.05.12.04 | Size = 67167 bytes | Created Date = 1/6/2008 6:10:24 PM | Attr = ]
hsf_fall.sys -> %System32%\dllcache\hsf_fall.sys -> Conexant [Ver = 3.05.12.04 | Size = 289887 bytes | Created Date = 1/6/2008 6:10:26 PM | Attr = ]
hsf_faxx.sys -> %System32%\dllcache\hsf_faxx.sys -> Conexant [Ver = 3.05.12.04 | Size = 199711 bytes | Created Date = 1/6/2008 6:10:28 PM | Attr = ]
hsf_fsks.sys -> %System32%\dllcache\hsf_fsks.sys -> Conexant [Ver = 3.05.12.04 | Size = 115807 bytes | Created Date = 1/6/2008 6:10:30 PM | Attr = ]
hsf_inst.dll -> %System32%\dllcache\hsf_inst.dll -> Conexant [Ver = 3.05.12.04 | Size = 9759 bytes | Created Date = 1/6/2008 6:10:32 PM | Attr = ]
hsf_k56k.sys -> %System32%\dllcache\hsf_k56k.sys -> Conexant [Ver = 3.05.12.04 | Size = 391199 bytes | Created Date = 1/6/2008 6:10:35 PM | Attr = ]
hsf_msft.sys -> %System32%\dllcache\hsf_msft.sys -> Conexant [Ver = 3.05.12.06 | Size = 542879 bytes | Created Date = 1/6/2008 6:10:37 PM | Attr = ]
hsf_samp.sys -> %System32%\dllcache\hsf_samp.sys -> Conexant [Ver = 3.05.12.05 | Size = 57471 bytes | Created Date = 1/6/2008 6:10:39 PM | Attr = ]
hsf_soar.sys -> %System32%\dllcache\hsf_soar.sys -> Conexant [Ver = 3.05.12.05 | Size = 44863 bytes | Created Date = 1/6/2008 6:10:41 PM | Attr = ]
hsf_spkp.sys -> %System32%\dllcache\hsf_spkp.sys -> Conexant [Ver = 3.05.12.04 | Size = 73279 bytes | Created Date = 1/6/2008 6:10:43 PM | Attr = ]
hsf_tone.sys -> %System32%\dllcache\hsf_tone.sys -> Conexant [Ver = 3.05.12.04 | Size = 50751 bytes | Created Date = 1/6/2008 6:10:46 PM | Attr = ]
hsf_v124.sys -> %System32%\dllcache\hsf_v124.sys -> Conexant [Ver = 3.05.12.04 | Size = 488383 bytes | Created Date = 1/6/2008 6:10:48 PM | Attr = ]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 1/6/2008 6:10:53 PM | Attr = ]
i740dnt5.dll -> %System32%\dllcache\i740dnt5.dll -> Intel Corporation [Ver = 5.0.01.0604.0920 | Size = 353184 bytes | Created Date = 1/6/2008 6:10:57 PM | Attr = ]
i740nt5.sys -> %System32%\dllcache\i740nt5.sys -> Intel Corporation [Ver = 5.0.01.0604.0920 | Size = 58592 bytes | Created Date = 1/6/2008 6:10:59 PM | Attr = ]
i81xdnt5.dll -> %System32%\dllcache\i81xdnt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 702845 bytes | Created Date = 1/6/2008 6:11:01 PM | Attr = ]
i81xnt5.sys -> %System32%\dllcache\i81xnt5.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Created Date = 1/6/2008 6:11:01 PM | Attr = ]
ibmexmp.sys -> %System32%\dllcache\ibmexmp.sys -> IBM Corp. [Ver = 3.14.00.0000 | Size = 28700 bytes | Created Date = 1/6/2008 6:11:02 PM | Attr = ]
ibmsgnet.dll -> %System32%\dllcache\ibmsgnet.dll -> IBM Corporation [Ver = 1.00.00.0000 | Size = 9216 bytes | Created Date = 1/6/2008 6:11:05 PM | Attr = ]
ibmtok.sys -> %System32%\dllcache\ibmtok.sys -> IBM Corporation [Ver = 12.23.04.0050 | Size = 100936 bytes | Created Date = 1/6/2008 6:11:07 PM | Attr = ]
ibmtrp.sys -> %System32%\dllcache\ibmtrp.sys -> IBM Corporation [Ver = 5.33.02.0050 | Size = 109085 bytes | Created Date = 1/6/2008 6:11:09 PM | Attr = ]
iconf32.dll -> %System32%\dllcache\iconf32.dll -> Xircom [Ver = 1.1.0.11 | Size = 372824 bytes | Created Date = 1/6/2008 6:11:32 PM | Attr = ]
imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 1/6/2008 6:11:36 PM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 1/6/2008 6:11:39 PM | Attr = ]
imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 1/6/2008 6:11:40 PM | Attr = ]
io8.sys -> %System32%\dllcache\io8.sys -> Perle Systems Ltd. [Ver = 1.0.1.0022 (XPClient.010817-1148) | Size = 38784 bytes | Created Date = 1/6/2008 6:11:47 PM | Attr = ]
io8ports.dll -> %System32%\dllcache\io8ports.dll -> Perle Systems Ltd. [Ver = 1.0.0.0008 | Size = 90200 bytes | Created Date = 1/6/2008 6:11:50 PM | Attr = ]
ip5515.sys -> %System32%\dllcache\ip5515.sys -> Interphase ® Corporation a Windows ® 2000 DDK Driver Provider [Ver = 5.1.2257.1 built by: Administrator | Size = 45632 bytes | Created Date = 1/6/2008 6:11:52 PM | Attr = ]
irmk7.sys -> %System32%\dllcache\irmk7.sys -> MKNet Corporation [Ver = 4.1.0 | Size = 23552 bytes | Created Date = 1/6/2008 6:11:57 PM | Attr = ]
irstusb.sys -> %System32%\dllcache\irstusb.sys -> SigmaTel, Inc. [Ver = 1, 20, 0, 0 | Size = 26624 bytes | Created Date = 1/6/2008 6:12:02 PM | Attr = ]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 1/6/2008 6:12:33 PM | Attr = ]
ktc111.sys -> %System32%\dllcache\ktc111.sys -> Kingston Technology Company [Ver = 2.00 | Size = 19016 bytes | Created Date = 1/6/2008 6:12:37 PM | Attr = ]
lanepic5.sys -> %System32%\dllcache\lanepic5.sys -> SMSC [Ver = 3.40.0000.0000 | Size = 26442 bytes | Created Date = 1/6/2008 6:12:39 PM | Attr = ]
lbrtfdc.sys -> %System32%\dllcache\lbrtfdc.sys -> Toshiba Corp. [Ver = Version 5.10.3 (xpsp_sp2_rtm.040803-2158) | Size = 34688 bytes | Created Date = 1/6/2008 6:12:41 PM | Attr = ]
lit220p.sys -> %System32%\dllcache\lit220p.sys -> Litronic Industries [Ver = 1 | Size = 15744 bytes | Created Date = 1/6/2008 6:12:42 PM | Attr = ]
lmndis3.sys -> %System32%\dllcache\lmndis3.sys -> D-Link [Ver = 5.00.2128.1 | Size = 25065 bytes | Created Date = 1/6/2008 6:12:45 PM | Attr = ]
lne100.sys -> %System32%\dllcache\lne100.sys -> The Linksts Group [Ver = 2.00 | Size = 20573 bytes | Created Date = 1/6/2008 6:12:47 PM | Attr = ]
lne100tx.sys -> %System32%\dllcache\lne100tx.sys -> Linksys Group, Inc. [Ver = 4.55 | Size = 70730 bytes | Created Date = 1/6/2008 6:12:50 PM | Attr = ]
ltck000c.sys -> %System32%\dllcache\ltck000c.sys -> Xircom, Inc. [Ver = 1.98.2 | Size = 727786 bytes | Created Date = 1/6/2008 6:12:56 PM | Attr = ]
ltmdmnt.sys -> %System32%\dllcache\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Created Date = 1/6/2008 6:12:58 PM | Attr = ]
ltmdmntl.sys -> %System32%\dllcache\ltmdmntl.sys -> LT [Ver = 3.01.3 | Size = 576746 bytes | Created Date = 1/6/2008 6:12:59 PM | Attr = ]
ltmdmntt.sys -> %System32%\dllcache\ltmdmntt.sys -> LT [Ver = 6.08 | Size = 420992 bytes | Created Date = 1/6/2008 6:13:01 PM | Attr = ]
ltsm.sys -> %System32%\dllcache\ltsm.sys -> Lucent Technologies [Ver = 3.1.92.1 3.1.92.1 07/18/2001 12:51:10 | Size = 802683 bytes | Created Date = 1/6/2008 6:13:02 PM | Attr = ]
ltsmt.sys -> %System32%\dllcache\ltsmt.sys -> LT [Ver = 3.1.92.1 07/18/2001 13:02:42 | Size = 797500 bytes | Created Date = 1/6/2008 6:13:05 PM | Attr = ]
lwadihid.sys -> %System32%\dllcache\lwadihid.sys -> Logitech Inc. [Ver = 5.1.420.093 | Size = 20864 bytes | Created Date = 1/6/2008 6:13:08 PM | Attr = ]
lwusbhid.sys -> %System32%\dllcache\lwusbhid.sys -> Logitech Inc. [Ver = 5.1.410.190 | Size = 22848 bytes | Created Date = 1/6/2008 6:13:08 PM | Attr = ]
maestro.sys -> %System32%\dllcache\maestro.sys -> ESS Technology, Inc. [Ver = 5.1.2501.0 built by: WinDDK | Size = 48768 bytes | Created Date = 1/6/2008 6:13:16 PM | Attr = ]
mdgndis5.sys -> %System32%\dllcache\mdgndis5.sys -> Madge Networks Ltd [Ver = 6.06 | Size = 164586 bytes | Created Date = 1/6/2008 6:13:22 PM | Attr = ]
memstpci.sys -> %System32%\dllcache\memstpci.sys -> Sony Corporation [Ver = 1.00.1120.0 (xpsp_sp2_rtm.040803-2158) | Size = 26112 bytes | Created Date = 1/6/2008 6:13:30 PM | Attr = ]
mgaud.dll -> %System32%\dllcache\mgaud.dll -> Matrox Graphics Inc. [Ver = 5.00.2475.1200 (ReleasedBinaries.010308-1115) | Size = 235648 bytes | Created Date = 1/6/2008 6:13:32 PM | Attr = ]
mgaum.sys -> %System32%\dllcache\mgaum.sys -> Matrox Graphics Inc. [Ver = 5.00.2475.1200 (ReleasedBinaries.010308-1115) | Size = 320384 bytes | Created Date = 1/6/2008 6:13:34 PM | Attr = ]
mraid35x.sys -> %System32%\dllcache\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Created Date = 1/6/2008 6:13:50 PM | Attr = ]
mtlmnt5.sys -> %System32%\dllcache\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 1/6/2008 6:14:14 PM | Attr = ]
mtlstrm.sys -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 1/6/2008 6:14:15 PM | Attr = ]
mtxparhd.dll -> %System32%\dllcache\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 1/6/2008 6:14:16 PM | Attr = ]
mtxparhm.sys -> %System32%\dllcache\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 1/6/2008 6:14:17 PM | Attr = ]
mtxvideo.sys -> %System32%\dllcache\mtxvideo.sys -> Matrox Graphics Inc [Ver = 1.00.25 | Size = 103296 bytes | Created Date = 1/6/2008 6:14:17 PM | Attr = ]
mxcard.sys -> %System32%\dllcache\mxcard.sys -> Moxa Technologies Co., Ltd. [Ver = 1.1 (XPClient.010817-1148) | Size = 21888 bytes | Created Date = 1/6/2008 6:14:21 PM | Attr = ]
mxicfg.dll -> %System32%\dllcache\mxicfg.dll -> Moxa Technologies Co., Ltd [Ver = 1.1 | Size = 19968 bytes | Created Date = 1/6/2008 6:14:24 PM | Attr = ]
mxnic.sys -> %System32%\dllcache\mxnic.sys -> Macronix International Co., Ltd. [Ver = 2.12 (XPClient.010817-1148) | Size = 19968 bytes | Created Date = 1/6/2008 6:14:27 PM | Attr = ]
mxport.dll -> %System32%\dllcache\mxport.dll -> Moxa Technologies Co., Ltd [Ver = 1.1 | Size = 7168 bytes | Created Date = 1/6/2008 6:14:30 PM | Attr = ]
mxport.sys -> %System32%\dllcache\mxport.sys -> Moxa Technologies Co., Ltd. [Ver = 1.1 (XPClient.010817-1148) | Size = 75520 bytes | Created Date = 1/6/2008 6:14:32 PM | Attr = ]
n1000nt5.sys -> %System32%\dllcache\n1000nt5.sys -> Compaq Computer Corporation [Ver = 2.94.294.0 | Size = 52255 bytes | Created Date = 1/6/2008 6:14:35 PM | Attr = ]
n100325.sys -> %System32%\dllcache\n100325.sys -> Compaq Computer Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 128000 bytes | Created Date = 1/6/2008 6:14:38 PM | Attr = ]
n9i128.dll -> %System32%\dllcache\n9i128.dll -> Number Nine Visual Technology Corp. [Ver = 5.01.101.03 | Size = 35392 bytes | Created Date = 1/6/2008 6:14:40 PM | Attr = ]
n9i128.sys -> %System32%\dllcache\n9i128.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.101.03 | Size = 13664 bytes | Created Date = 1/6/2008 6:14:43 PM | Attr = ]
n9i128v2.dll -> %System32%\dllcache\n9i128v2.dll -> Number Nine Visual Technology Corp. [Ver = 5.01.102.35 | Size = 59104 bytes | Created Date = 1/6/2008 6:14:45 PM | Attr = ]
n9i128v2.sys -> %System32%\dllcache\n9i128v2.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.102.35 | Size = 33088 bytes | Created Date = 1/6/2008 6:14:48 PM | Attr = ]
n9i3d.sys -> %System32%\dllcache\n9i3d.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.103.09 | Size = 27936 bytes | Created Date = 1/6/2008 6:14:51 PM | Attr = ]
n9i3disp.dll -> %System32%\dllcache\n9i3disp.dll -> Number Nine Visual Technology Corp. [Ver = 5.01.103.09 | Size = 91488 bytes | Created Date = 1/6/2008 6:14:53 PM | Attr = ]
neo20xx.dll -> %System32%\dllcache\neo20xx.dll -> NeoMagic Corporation [Ver = 5.31.00 (ReleasedBinaries.010308-1115) | Size = 60480 bytes | Created Date = 1/6/2008 6:15:01 PM | Attr = ]
neo20xx.sys -> %System32%\dllcache\neo20xx.sys -> NeoMagic Corporation [Ver = 5.31.00 (ReleasedBinaries.010308-1115) | Size = 39264 bytes | Created Date = 1/6/2008 6:15:04 PM | Attr = ]
netflx3.sys -> %System32%\dllcache\netflx3.sys -> Compaq Computer Corporation [Ver = 5.0.1.18 | Size = 65278 bytes | Created Date = 1/6/2008 6:15:07 PM | Attr = ]
netwlan5.sys -> %System32%\dllcache\netwlan5.sys -> 802.11b [Ver = 3, 1, 4, 26 | Size = 132695 bytes | Created Date = 1/6/2008 6:15:10 PM | Attr = ]
ngrpci.sys -> %System32%\dllcache\ngrpci.sys -> NETGEAR Corporation. [Ver = 4.56 | Size = 32840 bytes | Created Date = 1/6/2008 6:15:11 PM | Attr = ]
nm5a2wdm.sys -> %System32%\dllcache\nm5a2wdm.sys -> NeoMagic Corporation [Ver = 5.1.2501.0 built by: WinDDK | Size = 126080 bytes | Created Date = 1/6/2008 6:15:14 PM | Attr = ]
nm6wdm.sys -> %System32%\dllcache\nm6wdm.sys -> NeoMagic Corporation [Ver = 5.1.2501.0 built by: WinDDK | Size = 87040 bytes | Created Date = 1/6/2008 6:15:17 PM | Attr = ]
nscirda.sys -> %System32%\dllcache\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Created Date = 1/6/2008 6:15:20 PM | Attr = ]
ntgrip.sys -> %System32%\dllcache\ntgrip.sys -> Kensington Technology Group [Ver = 1.00 | Size = 51552 bytes | Created Date = 1/6/2008 6:15:27 PM | Attr = ]
ntmtlfax.sys -> %System32%\dllcache\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 1/6/2008 6:15:31 PM | Attr = ]
nv3.dll -> %System32%\dllcache\nv3.dll -> NVIDIA Corporation [Ver = 5.1.3528.0343 (ReleasedBinaries.010717-0141) | Size = 123776 bytes | Created Date = 1/6/2008 6:15:32 PM | Attr = ]
nv3.sys -> %System32%\dllcache\nv3.sys -> NVIDIA Corporation [Ver = 5.1.3528.0343 (ReleasedBinaries.010717-0141) | Size = 198144 bytes | Created Date = 1/6/2008 6:15:35 PM | Attr = ]
nv4_disp.dll -> %System32%\dllcache\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 1/6/2008 6:15:38 PM | Attr = ]
nv4_mini.sys -> %System32%\dllcache\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 1/6/2008 6:15:38 PM | Attr = ]
opl3sax.sys -> %System32%\dllcache\opl3sax.sys -> Yamaha Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 54528 bytes | Created Date = 1/6/2008 6:15:41 PM | Attr = ]
otc06x5.sys -> %System32%\dllcache\otc06x5.sys -> Ositech Communications, Inc. [Ver = 1.01.020 | Size = 27209 bytes | Created Date = 1/6/2008 6:15:44 PM | Attr = ]
otceth5.sys -> %System32%\dllcache\otceth5.sys -> Ositech Communications, Inc. [Ver = 1.02.014.3 | Size = 43689 bytes | Created Date = 1/6/2008 6:15:46 PM | Attr = ]
otcsercb.sys -> %System32%\dllcache\otcsercb.sys -> Ositech Communications, Inc. [Ver = 1.05.02 | Size = 54186 bytes | Created Date = 1/6/2008 6:15:49 PM | Attr = ]
pc100nds.sys -> %System32%\dllcache\pc100nds.sys -> Linksys [Ver = 5.00.2195.1 | Size = 30495 bytes | Created Date = 1/6/2008 6:16:24 PM | Attr = ]
pca200e.sys -> %System32%\dllcache\pca200e.sys -> Marconi Communications, Inc. [Ver = 5.0.12.6327 | Size = 29502 bytes | Created Date = 1/6/2008 6:16:26 PM | Attr = ]
pcmlm56.sys -> %System32%\dllcache\pcmlm56.sys -> Linksys [Ver = 5.00.2128.1 | Size = 26153 bytes | Created Date = 1/6/2008 6:16:27 PM | Attr = ]
pcntn5hl.sys -> %System32%\dllcache\pcntn5hl.sys -> AMD Inc. [Ver = 1.09.001 | Size = 30282 bytes | Created Date = 1/6/2008 6:16:30 PM | Attr = ]
pcntn5m.sys -> %System32%\dllcache\pcntn5m.sys -> AMD Inc. [Ver = 4.09.00 | Size = 29769 bytes | Created Date = 1/6/2008 6:16:33 PM | Attr = ]
pcntpci5.sys -> %System32%\dllcache\pcntpci5.sys -> AMD Inc. [Ver = 4.38.00 built by: WinDDK | Size = 35328 bytes | Created Date = 1/6/2008 6:16:36 PM | Attr = ]
pctspk.exe -> %System32%\dllcache\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Created Date = 1/6/2008 6:16:39 PM | Attr = ]
pcx500.sys -> %System32%\dllcache\pcx500.sys -> Cisco Systems [Ver = 7.50.01 Firmware built by: Cisco Systems | Size = 169984 bytes | Created Date = 1/6/2008 6:16:42 PM | Attr = ]
perm2.sys -> %System32%\dllcache\perm2.sys -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 1.00-0009 (MS) (xpsp_sp2_rtm.040803-2158) | Size = 27904 bytes | Created Date = 1/6/2008 6:16:49 PM | Attr = ]
perm2dll.dll -> %System32%\dllcache\perm2dll.dll -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 211712 bytes | Created Date = 1/6/2008 6:16:49 PM | Attr = ]
perm3.sys -> %System32%\dllcache\perm3.sys -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 1.00 (xpsp_sp2_rtm.040803-2158) | Size = 28032 bytes | Created Date = 1/6/2008 6:16:50 PM | Attr = ]
perm3dd.dll -> %System32%\dllcache\perm3dd.dll -> Microsoft Corp., 3Dlabs Inc. Ltd. [Ver = 1.00 (xpsp_sp2_rtm.040803-2158) | Size = 259328 bytes | Created Date = 1/6/2008 6:16:50 PM | Attr = ]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 1/6/2008 6:17:11 PM | Attr = ]
pscr.sys -> %System32%\dllcache\pscr.sys -> SCM Microsystems, Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 16128 bytes | Created Date = 1/6/2008 6:17:23 PM | Attr = ]
ptserli.sys -> %System32%\dllcache\ptserli.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 128286 bytes | Created Date = 1/6/2008 6:17:32 PM | Attr = ]
ptserlp.sys -> %System32%\dllcache\ptserlp.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 112574 bytes | Created Date = 1/6/2008 6:17:35 PM | Attr = ]
ptserlv.sys -> %System32%\dllcache\ptserlv.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 130942 bytes | Created Date = 1/6/2008 6:17:38 PM | Attr = ]
ql1080.sys -> %System32%\dllcache\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Created Date = 1/6/2008 6:17:42 PM | Attr = ]
ql12160.sys -> %System32%\dllcache\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Created Date = 1/6/2008 6:17:48 PM | Attr = ]
ql1280.sys -> %System32%\dllcache\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Created Date = 1/6/2008 6:17:54 PM | Attr = ]
r2mdkxga.sys -> %System32%\dllcache\r2mdkxga.sys -> Xircom, Inc. [Ver = 1.90.7 | Size = 899146 bytes | Created Date = 1/6/2008 6:18:03 PM | Attr = ]
r2mdmkxx.sys -> %System32%\dllcache\r2mdmkxx.sys -> Xircom, Inc. [Ver = 1.90.7 | Size = 714762 bytes | Created Date = 1/6/2008 6:18:06 PM | Attr = ]
recagent.sys -> %System32%\dllcache\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 1/6/2008 6:18:14 PM | Attr = ]
reslog32.dll -> %System32%\dllcache\reslog32.dll -> Xircom [Ver = 1.0.0.6 | Size = 86097 bytes | Created Date = 1/6/2008 6:18:15 PM | Attr = ]
rlnet5.sys -> %System32%\dllcache\rlnet5.sys -> RadioLAN [Ver = 2.30 | Size = 37563 bytes | Created Date = 1/6/2008 6:18:19 PM | Attr = ]
rocket.sys -> %System32%\dllcache\rocket.sys -> Comtrol Corporation [Ver = 4.50 | Size = 79104 bytes | Created Date = 1/6/2008 6:18:23 PM | Attr = ]
rpfun.sys -> %System32%\dllcache\rpfun.sys -> Conexant Systems Inc. [Ver = 5.12.01.0326 | Size = 3840 bytes | Created Date = 1/6/2008 6:18:24 PM | Attr = ]
rsmgrstr.dll -> %System32%\dllcache\rsmgrstr.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 9216 bytes | Created Date = 1/6/2008 6:18:27 PM | Attr = ]
rthwcls.sys -> %System32%\dllcache\rthwcls.sys -> Conexant Systems Inc. [Ver = 5.12.01.0326 | Size = 30720 bytes | Created Date = 1/6/2008 6:18:30 PM | Attr = ]
rtl8029.sys -> %System32%\dllcache\rtl8029.sys -> Realtek Semiconductor Corporation [Ver = 5.508.0803.2000 | Size = 19017 bytes | Created Date = 1/6/2008 6:18:33 PM | Attr = ]
rw430ext.dll -> %System32%\dllcache\rw430ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 24576 bytes | Created Date = 1/6/2008 6:18:37 PM | Attr = ]
rw450ext.dll -> %System32%\dllcache\rw450ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 1/6/2008 6:18:39 PM | Attr = ]
rwia430.dll -> %System32%\dllcache\rwia430.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/6/2008 6:18:43 PM | Attr = ]
rwia450.dll -> %System32%\dllcache\rwia450.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 82432 bytes | Created Date = 1/6/2008 6:18:45 PM | Attr = ]
s3gnb.dll -> %System32%\dllcache\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 1/6/2008 6:18:49 PM | Attr = ]
s3gnbm.sys -> %System32%\dllcache\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 1/6/2008 6:18:49 PM | Attr = ]
s3m.sys -> %System32%\dllcache\s3m.sys -> S3 Incorporated [Ver = 5.1024.329.0002 (ReleasedBinaries.010308-1115) | Size = 166720 bytes | Created Date = 1/6/2008 6:18:53 PM | Attr = ]
s3mt3d.dll -> %System32%\dllcache\s3mt3d.dll -> S3 Incorporated [Ver = 5.01.526.0007 (ReleasedBinaries.010718-0005) | Size = 182272 bytes | Created Date = 1/6/2008 6:18:56 PM | Attr = ]
s3mt3d.sys -> %System32%\dllcache\s3mt3d.sys -> S3 Incorporated [Ver = 5.01.526.0007 (ReleasedBinaries.010718-0005) | Size = 41216 bytes | Created Date = 1/6/2008 6:18:59 PM | Attr = ]
s3mtrio.dll -> %System32%\dllcache\s3mtrio.dll -> S3 Incorporated [Ver = 5.1024.329.0002 (ReleasedBinaries.010308-1115) | Size = 62496 bytes | Created Date = 1/6/2008 6:19:02 PM | Attr = ]
s3mvirge.dll -> %System32%\dllcache\s3mvirge.dll -> S3 Incorporated [Ver = 5.1024.329.0002 (ReleasedBinaries.010308-1115) | Size = 210496 bytes | Created Date = 1/6/2008 6:19:04 PM | Attr = ]
s3sav3d.dll -> %System32%\dllcache\s3sav3d.dll -> S3 Incorporated [Ver = 5.01.620.0006 (ReleasedBinaries.010308-1115) | Size = 179264 bytes | Created Date = 1/6/2008 6:19:07 PM | Attr = ]
s3sav3dm.sys -> %System32%\dllcache\s3sav3dm.sys -> S3 Incorporated [Ver = 5.01.620.0006 (ReleasedBinaries.010308-1115) | Size = 61504 bytes | Created Date = 1/6/2008 6:19:10 PM | Attr = ]
s3sav4.dll -> %System32%\dllcache\s3sav4.dll -> S3 Incorporated [Ver = 5.12.01.8012-8.40.03 built by: ReleasedBinaries | Size = 198400 bytes | Created Date = 1/6/2008 6:19:13 PM | Attr = ]
s3sav4m.sys -> %System32%\dllcache\s3sav4m.sys -> S3 Incorporated [Ver = 5.12.01.8012-8.40.03 built by: ReleasedBinaries | Size = 77824 bytes | Created Date = 1/6/2008 6:19:16 PM | Attr = ]
s3savmx.dll -> %System32%\dllcache\s3savmx.dll -> S3 Graphics, Inc. [Ver = 5.13.01.7056-7.50.16 | Size = 245632 bytes | Created Date = 1/6/2008 6:19:19 PM | Attr = ]
s3savmxm.sys -> %System32%\dllcache\s3savmxm.sys -> S3 Graphics, Inc. [Ver = 5.13.01.7056-7.50.16 | Size = 75392 bytes | Created Date = 1/6/2008 6:19:22 PM | Attr = ]
sblfx.dll -> %System32%\dllcache\sblfx.dll -> Creative Technology Ltd. [Ver = 5.12.01.3210 | Size = 495616 bytes | Created Date = 1/6/2008 6:19:25 PM | Attr = ]
sccmn50m.sys -> %System32%\dllcache\sccmn50m.sys -> OMNIKEY AG [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 23936 bytes | Created Date = 1/6/2008 6:19:29 PM | Attr = ]
sccmusbm.sys -> %System32%\dllcache\sccmusbm.sys -> OMNIKEY AG [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 23936 bytes | Created Date = 1/6/2008 6:19:32 PM | Attr = ]
scr111.sys -> %System32%\dllcache\scr111.sys -> SCM Microsystems [Ver = 1.01.006 (XPClient.010817-1148) | Size = 17280 bytes | Created Date = 1/6/2008 6:19:38 PM | Attr = ]
sfmanm.sys -> %System32%\dllcache\sfmanm.sys -> Creative Technology Ltd. [Ver = 4.10.3300 | Size = 36480 bytes | Created Date = 1/6/2008 6:19:57 PM | Attr = ]
sgiul50.dll -> %System32%\dllcache\sgiul50.dll -> Trident Microsystems Inc. [Ver = 5.1.2462.0032 (ReleasedBinaries.010308-1115) | Size = 386560 bytes | Created Date = 1/6/2008 6:20:00 PM | Attr = ]
sgiulnt5.sys -> %System32%\dllcache\sgiulnt5.sys -> Trident Microsystems Inc. [Ver = 5.1.2462.0032 (ReleasedBinaries.010308-1115) | Size = 98080 bytes | Created Date = 1/6/2008 6:20:03 PM | Attr = ]
sgsmld.sys -> %System32%\dllcache\sgsmld.sys -> Micro Systemation [Ver = 1.1 | Size = 18400 bytes | Created Date = 1/6/2008 6:20:06 PM | Attr = ]
sgsmusb.sys -> %System32%\dllcache\sgsmusb.sys -> Micro Systemation [Ver = 1, 0, 0, 4 | Size = 161568 bytes | Created Date = 1/6/2008 6:20:08 PM | Attr = ]
siint5.dll -> %System32%\dllcache\siint5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 1/6/2008 6:20:13 PM | Attr = ]
sis300ip.sys -> %System32%\dllcache\sis300ip.sys -> Silicon Integrated Systems Corporation [Ver = 5.13.01.1100 (Lab01_N(ericks).010612-1818) | Size = 101760 bytes | Created Date = 1/6/2008 6:20:14 PM | Attr = ]
sis300iv.dll -> %System32%\dllcache\sis300iv.dll -> Silicon Integrated Systems Corporation [Ver = 5.13.01.1100 (Lab01_N(ericks).010612-1818) | Size = 252032 bytes | Created Date = 1/6/2008 6:20:17 PM | Attr = ]
sis6306p.sys -> %System32%\dllcache\sis6306p.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1080 (Lab01_N(ericks).010522-2022) | Size = 68608 bytes | Created Date = 1/6/2008 6:20:20 PM | Attr = ]
sis6306v.dll -> %System32%\dllcache\sis6306v.dll -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1080 (Lab01_N(ericks).010522-2022) | Size = 150144 bytes | Created Date = 1/6/2008 6:20:23 PM | Attr = ]
sisagp.sys -> %System32%\dllcache\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Created Date = 1/6/2008 6:20:26 PM | Attr = ]
sisgrp.sys -> %System32%\dllcache\sisgrp.sys -> Silicon Integrated Systems Corporation [Ver = 5.13.01.2000 (ReleasedBinaries.010625-1804) | Size = 104064 bytes | Created Date = 1/6/2008 6:20:27 PM | Attr = ]
sisgrv.dll -> %System32%\dllcache\sisgrv.dll -> Silicon Integrated Systems Corporation [Ver = 5.13.01.2000 (ReleasedBinaries.010625-1804) | Size = 238592 bytes | Created Date = 1/6/2008 6:20:29 PM | Attr = ]
sisnic.sys -> %System32%\dllcache\sisnic.sys -> SiS Corporation [Ver = 1.16.00.05 built by: WinDDK | Size = 32768 bytes | Created Date = 1/6/2008 6:20:32 PM | Attr = ]
sisv.sys -> %System32%\dllcache\sisv.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1300 (Lab01_N(ericks).010522-2022) | Size = 50432 bytes | Created Date = 1/6/2008 6:20:33 PM | Attr = ]
sisv256.dll -> %System32%\dllcache\sisv256.dll -> Silicon Integrated Systems Corporation [Ver = 5.12.01.1300 (Lab01_N(ericks).010522-2022) | Size = 157696 bytes | Created Date = 1/6/2008 6:20:36 PM | Attr = ]
sk98xwin.sys -> %System32%\dllcache\sk98xwin.sys -> SysKonnect GmbH. [Ver = 3.12 | Size = 94698 bytes | Created Date = 1/6/2008 6:20:39 PM | Attr = ]
skfpwin.sys -> %System32%\dllcache\skfpwin.sys -> SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH. [Ver = 5.13 | Size = 91294 bytes | Created Date = 1/6/2008 6:20:42 PM | Attr = ]
sla30nd5.sys -> %System32%\dllcache\sla30nd5.sys -> Symbol Technologies [Ver = 4.2.0.8 | Size = 63547 bytes | Created Date = 1/6/2008 6:20:45 PM | Attr = ]
slcoinst.dll -> %System32%\dllcache\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 1/6/2008 6:20:46 PM | Attr = ]
slextspk.dll -> %System32%\dllcache\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 1/6/2008 6:20:47 PM | Attr = ]
slgen.dll -> %System32%\dllcache\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 1/6/2008 6:20:47 PM | Attr = ]
slnt7554.sys -> %System32%\dllcache\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 1/6/2008 6:20:48 PM | Attr = ]
slntamr.sys -> %System32%\dllcache\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 1/6/2008 6:20:49 PM | Attr = ]
slnthal.sys -> %System32%\dllcache\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 1/6/2008 6:20:50 PM | Attr = ]
slrundll.exe -> %System32%\dllcache\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 1/6/2008 6:20:51 PM | Attr = ]
slserv.exe -> %System32%\dllcache\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 1/6/2008 6:20:51 PM | Attr = ]
slwdmsup.sys -> %System32%\dllcache\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 1/6/2008 6:20:52 PM | Attr = ]
smc8000n.sys -> %System32%\dllcache\smc8000n.sys -> SMC Networks, Inc. [Ver = 3.13.1025.2000 built by: yfeng | Size = 24576 bytes | Created Date = 1/6/2008 6:21:14 PM | Attr = ]
smcirda.sys -> %System32%\dllcache\smcirda.sys -> SMC [Ver = 5.1.2462.0 | Size = 35913 bytes | Created Date = 1/6/2008 6:21:17 PM | Attr = ]
smcpwr2n.sys -> %System32%\dllcache\smcpwr2n.sys -> SMC Networks, Inc. [Ver = 3.28.1214.2000 | Size = 25034 bytes | Created Date = 1/6/2008 6:21:20 PM | Attr = ]
smidispb.dll -> %System32%\dllcache\smidispb.dll -> Silicon Motion Inc. [Ver = 5.01.2401.0143e | Size = 147200 bytes | Created Date = 1/6/2008 6:21:23 PM | Attr = ]
smiminib.sys -> %System32%\dllcache\smiminib.sys -> Silicon Motion Inc. [Ver = 5.01.2401.0143e | Size = 58368 bytes | Created Date = 1/6/2008 6:21:26 PM | Attr = ]
sonync.sys -> %System32%\dllcache\sonync.sys -> Sony Corporation [Ver = 6.0.0.05300 | Size = 20752 bytes | Created Date = 1/6/2008 6:21:39 PM | Attr = ]
sonypi.dll -> %System32%\dllcache\sonypi.dll -> Sony Corporation [Ver = 1.5.090699 | Size = 114688 bytes | Created Date = 1/6/2008 6:21:42 PM | Attr = ]
sonypi.sys -> %System32%\dllcache\sonypi.sys -> Sony Corporation [Ver = 6.0.5.07140 | Size = 37040 bytes | Created Date = 1/6/2008 6:21:46 PM | Attr = ]
sonypvu1.sys -> %System32%\dllcache\sonypvu1.sys -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Created Date = 1/6/2008 6:21:49 PM | Attr = ]
sparrow.sys -> %System32%\dllcache\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Created Date = 1/6/2008 6:21:52 PM | Attr = ]
spdports.dll -> %System32%\dllcache\spdports.dll -> Perle Systems Ltd. [Ver = 1.0.0.0012 | Size = 106584 bytes | Created Date = 1/6/2008 6:21:55 PM | Attr = ]
speed.sys -> %System32%\dllcache\speed.sys -> Perle Systems Ltd. [Ver = 1.0.4.0021 (XPClient.010817-1148) | Size = 61824 bytes | Created Date = 1/6/2008 6:21:58 PM | Attr = ]
spxupchk.dll -> %System32%\dllcache\spxupchk.dll -> Perle Systems Ltd. [Ver = 1.0.0.0002 | Size = 24660 bytes | Created Date = 1/6/2008 6:22:02 PM | Attr = ]
srwlnd5.sys -> %System32%\dllcache\srwlnd5.sys -> 3Com [Ver = 3.0.4 alpha | Size = 48736 bytes | Created Date = 1/6/2008 6:22:08 PM | Attr = ]
stcusb.sys -> %System32%\dllcache\stcusb.sys -> SCM Microsystems, Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 16896 bytes | Created Date = 1/6/2008 6:22:12 PM | Attr = ]
stlnata.sys -> %System32%\dllcache\stlnata.sys -> Stallion Technologies [Ver = 5.6.5 | Size = 285760 bytes | Created Date = 1/6/2008 6:22:16 PM | Attr = ]
stlncoin.dll -> %System32%\dllcache\stlncoin.dll -> Stallion Technologies [Ver = 5.6.5 | Size = 53248 bytes | Created Date = 1/6/2008 6:22:18 PM | Attr = ]
stlnprop.dll -> %System32%\dllcache\stlnprop.dll -> Stallion Technologies [Ver = 5.6.4 | Size = 155648 bytes | Created Date = 1/6/2008 6:22:22 PM | Attr = ]
sx.sys -> %System32%\dllcache\sx.sys -> Perle Systems Ltd. [Ver = 1.1.2.0031 (XPClient.010817-1148) | Size = 103936 bytes | Created Date = 1/6/2008 6:22:41 PM | Attr = ]
sxports.dll -> %System32%\dllcache\sxports.dll -> Perle Systems Ltd. [Ver = 1.0.0.0008 | Size = 94293 bytes | Created Date = 1/6/2008 6:22:44 PM | Attr = ]
symc810.sys -> %System32%\dllcache\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Created Date = 1/6/2008 6:22:53 PM | Attr = ]
symc8xx.sys -> %System32%\dllcache\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Created Date = 1/6/2008 6:22:56 PM | Attr = ]
sym_hi.sys -> %System32%\dllcache\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Created Date = 1/6/2008 6:22:47 PM | Attr = ]
sym_u3.sys -> %System32%\dllcache\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Created Date = 1/6/2008 6:22:50 PM | Attr = ]
t2r4disp.dll -> %System32%\dllcache\t2r4disp.dll -> Number Nine Visual Technology [Ver = 5.01.104.09 | Size = 172768 bytes | Created Date = 1/6/2008 6:23:01 PM | Attr = ]
t2r4mini.sys -> %System32%\dllcache\t2r4mini.sys -> Number Nine Visual Technology Corp. [Ver = 5.01.104.09 | Size = 36640 bytes | Created Date = 1/6/2008 6:23:04 PM | Attr = ]
tbatm155.sys -> %System32%\dllcache\tbatm155.sys -> Toshiba Corporation [Ver = 0.4.0.0 (XPClient.010817-1148) | Size = 30464 bytes | Created Date = 1/6/2008 6:23:11 PM | Attr = ]
tdk100b.sys -> %System32%\dllcache\tdk100b.sys -> TDK Corporation [Ver = 1.00 | Size = 37961 bytes | Created Date = 1/6/2008 6:23:15 PM | Attr = ]
tdkcd31.sys -> %System32%\dllcache\tdkcd31.sys -> TDK Corporation [Ver = 5.00.2128.1 | Size = 17129 bytes | Created Date = 1/6/2008 6:23:18 PM | Attr = ]
tffsport.sys -> %System32%\dllcache\tffsport.sys -> M-Systems [Ver = 5.02 | Size = 149376 bytes | Created Date = 1/6/2008 6:23:23 PM | Attr = ]
tgiul50.dll -> %System32%\dllcache\tgiul50.dll -> Trident Microsystems Inc. [Ver = 5.1.2462.0015 (ReleasedBinaries.010308-1115) | Size = 81408 bytes | Created Date = 1/6/2008 6:23:24 PM | Attr = ]
tgiulnt5.sys -> %System32%\dllcache\tgiulnt5.sys -> Trident Microsystems Inc. [Ver = 5.1.2462.0015 (ReleasedBinaries.010308-1115) | Size = 138528 bytes | Created Date = 1/6/2008 6:23:27 PM | Attr = ]
tjisdn.sys -> %System32%\dllcache\tjisdn.sys -> Tiger Jet Network [Ver = 3.03 | Size = 123995 bytes | Created Date = 1/6/2008 6:23:31 PM | Attr = ]
tos4mo.sys -> %System32%\dllcache\tos4mo.sys -> TOSHIBA Corporation [Ver = 2.23 | Size = 28232 bytes | Created Date = 1/6/2008 6:23:35 PM | Attr = ]
tosdvd02.sys -> %System32%\dllcache\tosdvd02.sys -> Toshiba Corporation [Ver = 1.00.99.1004 (XPClient.010817-1148) | Size = 241664 bytes | Created Date = 1/6/2008 6:23:38 PM | Attr = ]
tosdvd03.sys -> %System32%\dllcache\tosdvd03.sys -> Toshiba Corporation [Ver = 1.00.99.1003 (XPClient.010817-1148) | Size = 230912 bytes | Created Date = 1/6/2008 6:23:42 PM | Attr = ]
tp4.dll -> %System32%\dllcache\tp4.dll -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 31744 bytes | Created Date = 1/6/2008 6:23:50 PM | Attr = ]
tp4mon.exe -> %System32%\dllcache\tp4mon.exe -> IBM Corporation [Ver = 6.03 (xpsp_sp2_rtm.040803-2158) | Size = 82432 bytes | Created Date = 1/6/2008 6:23:53 PM | Attr = ]
tp4res.dll -> %System32%\dllcache\tp4res.dll -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 42496 bytes | Created Date = 1/6/2008 6:23:54 PM | Attr = ]
tpro4.sys -> %System32%\dllcache\tpro4.sys -> Intel Corporation [Ver = 3.06.02.0000 | Size = 34375 bytes | Created Date = 1/6/2008 6:23:57 PM | Attr = ]
trid3d.dll -> %System32%\dllcache\trid3d.dll -> Trident Microsystems Inc. [Ver = 5.1.2471.0046 (ReleasedBinaries.000421-1946) | Size = 315520 bytes | Created Date = 1/6/2008 6:24:01 PM | Attr = ]
trid3dm.sys -> %System32%\dllcache\trid3dm.sys -> Trident Microsystems Inc. [Ver = 5.1.2471.0032 (ReleasedBinaries.000421-1946) | Size = 222336 bytes | Created Date = 1/6/2008 6:24:04 PM | Attr = ]
tridkb.dll -> %System32%\dllcache\tridkb.dll -> Trident Microsystems Inc. [Ver = 5.1.2489.0045 (ReleasedBinaries.000421-1946) | Size = 440576 bytes | Created Date = 1/6/2008 6:24:07 PM | Attr = ]
tridkbm.sys -> %System32%\dllcache\tridkbm.sys -> Trident Microsystems Inc. [Ver = 5.1.2489.0032 (ReleasedBinaries.000421-1946) | Size = 159232 bytes | Created Date = 1/6/2008 6:24:11 PM | Attr = ]
tridxp.dll -> %System32%\dllcache\tridxp.dll -> Trident Microsystems Inc. [Ver = 5.1.2475.0115 (ReleasedBinaries.010510-2313) | Size = 525568 bytes | Created Date = 1/6/2008 6:24:14 PM | Attr = ]
tridxpm.sys -> %System32%\dllcache\tridxpm.sys -> Trident Microsystems Inc. [Ver = 5.1.2475.96 (ReleasedBinaries.010510-2313) | Size = 166784 bytes | Created Date = 1/6/2008 6:24:17 PM | Attr = ]
twotrack.sys -> %System32%\dllcache\twotrack.sys -> IBM Corporation [Ver = 6.03 (XPClient.010817-1148) | Size = 11520 bytes | Created Date = 1/6/2008 6:24:22 PM | Attr = ]
ultra.sys -> %System32%\dllcache\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Created Date = 1/6/2008 6:24:27 PM | Attr = ]
um34scan.dll -> %System32%\dllcache\um34scan.dll -> UMAX Data Systems Inc. [Ver = 1.0.0.7 | Size = 216064 bytes | Created Date = 1/6/2008 6:24:30 PM | Attr = ]
um54scan.dll -> %System32%\dllcache\um54scan.dll -> UMAX Data Systems Inc. [Ver = 1.0.0.8 | Size = 211968 bytes | Created Date = 1/6/2008 6:24:33 PM | Attr = ]
umaxscan.dll -> %System32%\dllcache\umaxscan.dll -> UMAX DATA SYSTEMS INC. [Ver = 5.00.2434.1 | Size = 50688 bytes | Created Date = 1/6/2008 6:24:47 PM | Attr = ]
usb101et.sys -> %System32%\dllcache\usb101et.sys -> KLSI USA, Inc. [Ver = 3.43.0005.0000 | Size = 32384 bytes | Created Date = 1/6/2008 6:25:06 PM | Attr = ]
usr1801.sys -> %System32%\dllcache\usr1801.sys -> U.S. Robotics, Inc. [Ver = 1.00.034 | Size = 794654 bytes | Created Date = 1/6/2008 6:25:13 PM | Attr = ]
usr1806.sys -> %System32%\dllcache\usr1806.sys -> U.S. Robotics, Inc. [Ver = 1.00.036 | Size = 793598 bytes | Created Date = 1/6/2008 6:25:16 PM | Attr = ]
usr1806v.sys -> %System32%\dllcache\usr1806v.sys -> U.S. Robotics, Inc. [Ver = 1.00.036 | Size = 794399 bytes | Created Date = 1/6/2008 6:25:19 PM | Attr = ]
usr1807a.sys -> %System32%\dllcache\usr1807a.sys -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 224802 bytes | Created Date = 1/6/2008 6:25:23 PM | Attr = ]
usroslba.sys -> %System32%\dllcache\usroslba.sys -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 7556 bytes | Created Date = 1/6/2008 6:25:26 PM | Attr = ]
usrpda.sys -> %System32%\dllcache\usrpda.sys -> U.S. Robotics Corporation [Ver = 4. 11. 22 | Size = 113762 bytes | Created Date = 1/6/2008 6:25:29 PM | Attr = ]
usrti.sys -> %System32%\dllcache\usrti.sys -> U.S. Robotics, Inc. [Ver = 2.60.005 | Size = 765884 bytes | Created Date = 1/6/2008 6:25:33 PM | Attr = ]
usrwdxjs.sys -> %System32%\dllcache\usrwdxjs.sys -> U.S. Robotics Corporation [Ver = 3.27.036.0005 | Size = 687999 bytes | Created Date = 1/6/2008 6:25:36 PM | Attr = ]
vchnt5.dll -> %System32%\dllcache\vchnt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 1/6/2008 6:25:40 PM | Attr = ]
viairda.sys -> %System32%\dllcache\viairda.sys -> VIA Technologies, Inc. [Ver = 5,1,2480,0 (XPClient.010817-1148) | Size = 24576 bytes | Created Date = 1/6/2008 6:25:42 PM | Attr = ]
vinwm.sys -> %System32%\dllcache\vinwm.sys -> Xircom [Ver = 2.1.0.10 | Size = 249402 bytes | Created Date = 1/6/2008 6:25:46 PM | Attr = ]
vmodem.sys -> %System32%\dllcache\vmodem.sys -> PCTEL, INC. [Ver = 7.60.10A | Size = 604253 bytes | Created Date = 1/6/2008 6:25:49 PM | Attr = ]
vpctcom.sys -> %System32%\dllcache\vpctcom.sys -> PCtel, Inc. [Ver = 8.00-9K | Size = 397502 bytes | Created Date = 1/6/2008 6:25:53 PM | Attr = ]
vvoice.sys -> %System32%\dllcache\vvoice.sys -> PCtel, Inc. [Ver = 3.53.00 | Size = 64605 bytes | Created Date = 1/6/2008 6:25:57 PM | Attr = ]
w840nd.sys -> %System32%\dllcache\w840nd.sys -> Winbond Electronics Corporation [Ver = 2.40 | Size = 19528 bytes | Created Date = 1/6/2008 6:26:02 PM | Attr = ]
w926nd.sys -> %System32%\dllcache\w926nd.sys -> Winbond Electronics Corporation [Ver = 1.60 | Size = 19016 bytes | Created Date = 1/6/2008 6:26:05 PM | Attr = ]
w940nd.sys -> %System32%\dllcache\w940nd.sys -> Winbond Electronics Corporation [Ver = 3.22 | Size = 16925 bytes | Created Date = 1/6/2008 6:26:09 PM | Attr = ]
wadv01nt.sys -> %System32%\dllcache\wadv01nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Created Date = 1/6/2008 6:26:14 PM | Attr = ]
wadv02nt.sys -> %System32%\dllcache\wadv02nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Created Date = 1/6/2008 6:26:15 PM | Attr = ]
wadv05nt.sys -> %System32%\dllcache\wadv05nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Created Date = 1/6/2008 6:26:16 PM | Attr = ]
wadv07nt.sys -> %System32%\dllcache\wadv07nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 1/6/2008 6:26:17 PM | Attr = ]
wadv08nt.sys -> %System32%\dllcache\wadv08nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 1/6/2008 6:26:17 PM | Attr = ]
wadv09nt.sys -> %System32%\dllcache\wadv09nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 1/6/2008 6:26:19 PM | Attr = ]
wadv11nt.sys -> %System32%\dllcache\wadv11nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 1/6/2008 6:26:19 PM | Attr = ]
watv01nt.sys -> %System32%\dllcache\watv01nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Created Date = 1/6/2008 6:26:21 PM | Attr = ]
watv02nt.sys -> %System32%\dllcache\watv02nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Created Date = 1/6/2008 6:26:21 PM | Attr = ]
watv04nt.sys -> %System32%\dllcache\watv04nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Created Date = 1/6/2008 6:26:22 PM | Attr = ]
watv06nt.sys -> %System32%\dllcache\watv06nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 1/6/2008 6:26:23 PM | Attr = ]
watv10nt.sys -> %System32%\dllcache\watv10nt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 1/6/2008 6:26:24 PM | Attr = ]
wbfirdma.sys -> %System32%\dllcache\wbfirdma.sys -> Winbond Electronics Corp. [Ver = 5.4.9820.0306 | Size = 35871 bytes | Created Date = 1/6/2008 6:26:26 PM | Attr = ]
wch7xxnt.sys -> %System32%\dllcache\wch7xxnt.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Created Date = 1/6/2008 6:26:30 PM | Attr = ]
wdhaalba.sys -> %System32%\dllcache\wdhaalba.sys -> 3Com Corporation [Ver = 3.34.034.0075 | Size = 701386 bytes | Created Date = 1/6/2008 6:26:31 PM | Attr = ]
winacisa.sys -> %System32%\dllcache\winacisa.sys -> Rockwell [Ver = 2,0,2,111 | Size = 771581 bytes | Created Date = 1/6/2008 6:26:43 PM | Attr = ]
wlandrv2.sys -> %System32%\dllcache\wlandrv2.sys -> Raytheon Corp. [Ver = 4.00.00.0004 | Size = 34890 bytes | Created Date = 1/6/2008 6:26:49 PM | Attr = ]
wlluc48.sys -> %System32%\dllcache\wlluc48.sys -> Lucent Technologies [Ver = 7.43.0.9 | Size = 154624 bytes | Created Date = 1/6/2008 6:26:52 PM | Attr = ]
wsiintxx.sys -> %System32%\dllcache\wsiintxx.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Created Date = 1/6/2008 6:27:01 PM | Attr = ]
wvchntxx.sys -> %System32%\dllcache\wvchntxx.sys -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Created Date = 1/6/2008 6:27:04 PM | Attr = ]
xem336n5.sys -> %System32%\dllcache\xem336n5.sys -> US Robotics MCD (Megahertz) [Ver = 1.25.014 | Size = 16970 bytes | Created Date = 1/6/2008 6:27:05 PM | Attr = ]
xlog.exe -> %System32%\dllcache\xlog.exe -> Eicon Technology [Ver = 2.0.1.315 | Size = 99865 bytes | Created Date = 1/6/2008 6:27:09 PM | Attr = ]
xrxftplt.exe -> %System32%\dllcache\xrxftplt.exe -> [Ver = 1, 0, 0, 2 | Size = 27648 bytes | Created Date = 1/6/2008 6:27:23 PM | Attr = ]
xrxscnui.dll -> %System32%\dllcache\xrxscnui.dll -> [Ver = 1, 0, 0, 1 | Size = 17408 bytes | Created Date = 1/6/2008 6:27:27 PM | Attr = ]
xrxwbtmp.dll -> %System32%\dllcache\xrxwbtmp.dll -> Xerox Corporation [Ver = 1, 0, 0, 1 | Size = 23040 bytes | Created Date = 1/6/2008 6:27:30 PM | Attr = ]
xrxwiadr.dll -> %System32%\dllcache\xrxwiadr.dll -> Xerox [Ver = 1, 0, 0, 2 | Size = 116224 bytes | Created Date = 1/6/2008 6:27:34 PM | Attr = ]
ASPI32.SYS -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Created Date = 1/20/2008 11:54:37 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 1/7/2008 4:52:49 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 1/7/2008 4:52:52 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 1/7/2008 4:52:53 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 1/7/2008 4:52:57 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 1/7/2008 4:52:57 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 1/7/2008 4:52:57 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 15441952 bytes | Created Date = 1/7/2008 4:01:02 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 180620 bytes | Created Date = 1/7/2008 4:01:02 PM | Attr = HS]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Created Date = 1/2/2008 8:40:32 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 56832 bytes | Created Date = 1/2/2008 8:40:32 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 74240 bytes | Created Date = 1/2/2008 8:40:32 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 1/2/2008 8:40:32 PM | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 1/7/2008 3:49:44 PM | Attr = ]
sptd.sys -> %System32%\drivers\sptd.sys -> [Ver = | Size = 715248 bytes | Created Date = 12/24/2007 9:13:04 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/2/2008 10:14:01 AM | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 12/25/2007 12:45:46 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 1/7/2008 3:49:16 PM | Attr = ]
NeroCheck .exe -> %System32%\NeroCheck .exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Created Date = 1/2/2008 9:41:14 AM | Attr = ]
OpenAL32.dll -> %System32%\OpenAL32.dll -> Portions © Creative Labs Inc. and NVIDIA Corp. [Ver = 6.14.0357.19 | Size = 114688 bytes | Created Date = 1/13/2008 8:52:28 PM | Attr = ]
SpoonUninstall-dBpoweramp Music Converter.bmp -> %System32%\SpoonUninstall-dBpoweramp Music Converter.bmp -> [Ver = | Size = 33846 bytes | Created Date = 1/19/2008 9:43:33 PM | Attr = ]
SpoonUninstall-dBpoweramp Music Converter.dat -> %System32%\SpoonUninstall-dBpoweramp Music Converter.dat -> [Ver = | Size = 12896 bytes | Created Date = 1/19/2008 9:43:33 PM | Attr = ]
SpoonUninstall.exe -> %System32%\SpoonUninstall.exe -> [Ver = | Size = 4230520 bytes | Created Date = 1/19/2008 9:43:33 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353366 bytes | Created Date = 1/7/2008 3:48:35 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 103912 bytes | Created Date = 1/7/2008 3:48:38 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 275944 bytes | Created Date = 1/7/2008 3:48:39 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Created Date = 1/7/2008 3:49:15 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 472552 bytes | Created Date = 1/7/2008 3:46:51 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 46568 bytes | Created Date = 1/7/2008 3:48:47 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 99816 bytes | Created Date = 1/7/2008 3:48:43 PM | Attr = ]
WNASPI32.DLL -> %System32%\WNASPI32.DLL -> Jukka Poikolainen Software [Ver = 5, 0, 0, 1 | Size = 22528 bytes | Created Date = 1/20/2008 11:54:37 AM | Attr = ]
wrap_oal.dll -> %System32%\wrap_oal.dll -> Creative Labs [Ver = 2.1.4.0 | Size = 409600 bytes | Created Date = 1/13/2008 8:52:28 PM | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 1/9/2008 8:22:08 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Created Date = 1/7/2008 3:49:07 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Created Date = 1/7/2008 3:49:07 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 1/7/2008 3:50:43 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 1/7/2008 3:48:40 PM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 1/7/2008 3:48:43 PM | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 73 bytes | Created Date = 1/4/2008 10:03:32 PM | Attr = ]
lhsp -> %SystemRoot%\lhsp -> [Folder | Created Date = 1/19/2008 7:08:05 PM | Attr = ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 216 bytes | Created Date = 12/29/2007 6:36:49 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 1/12/2008 4:49:15 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/14/2008 9:48:42 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/14/2008 9:48:42 PM | Attr = H ]
speech -> %SystemRoot%\speech -> [Folder | Created Date = 1/19/2008 7:07:52 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 129 bytes | Created Date = 1/6/2008 7:16:03 PM | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75248 bytes | Created Date = 1/7/2008 3:50:27 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Created Date = 12/27/2007 11:30:20 AM | Attr = ]
AOL OCP -> %AllUsersAppData%\AOL OCP -> [Folder | Created Date = 12/27/2007 11:30:20 AM | Attr = ]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Created Date = 1/6/2008 5:07:15 PM | Attr = ]
Avira -> %AllUsersAppData%\Avira -> [Folder | Created Date = 1/5/2008 6:29:11 PM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 1/2/2008 9:55:45 AM | Attr = ]
MailFrontier -> %AllUsersAppData%\MailFrontier -> [Folder | Created Date = 1/7/2008 3:50:53 PM | Attr = ]
Screaming Bee -> %AllUsersAppData%\Screaming Bee -> [Folder | Created Date = 1/19/2008 7:32:58 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 1/6/2008 5:11:02 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/3/2008 10:13:13 AM | Attr = ]
Trymedia -> %AllUsersAppData%\Trymedia -> [Folder | Created Date = 1/9/2008 7:09:10 PM | Attr = ]
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Created Date = 12/27/2007 11:34:35 AM | Attr = ]
WLInstaller -> %AllUsersAppData%\WLInstaller -> [Folder | Created Date = 1/14/2008 8:38:46 PM | Attr = ]
AccurateRip -> %UserAppData%\AccurateRip -> [Folder | Created Date = 1/19/2008 9:43:37 PM | Attr = ]
Audacity -> %UserAppData%\Audacity -> [Folder | Created Date = 1/18/2008 7:21:17 PM | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Created Date = 1/7/2008 5:01:10 PM | Attr = ]
DAEMON Tools -> %UserAppData%\DAEMON Tools -> [Folder | Created Date = 12/29/2007 6:33:59 PM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 1/2/2008 9:56:38 AM | Attr = ]
Leadertech -> %UserAppData%\Leadertech -> [Folder | Created Date = 1/11/2008 6:23:24 PM | Attr = ]
Opera -> %UserAppData%\Opera -> [Folder | Created Date = 1/2/2008 9:18:19 PM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Created Date = 1/2/2008 8:40:24 PM | Attr = ]
Screaming Bee -> %UserAppData%\Screaming Bee -> [Folder | Created Date = 1/19/2008 7:33:33 PM | Attr = ]
Sonic -> %UserAppData%\Sonic -> [Folder | Created Date = 1/11/2008 6:23:35 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/3/2008 10:12:11 AM | Attr = ]
SystemRequirementsLab -> %UserAppData%\SystemRequirementsLab -> [Folder | Created Date = 1/9/2008 7:37:48 PM | Attr = ]
Thunderbird -> %UserAppData%\Thunderbird -> [Folder | Created Date = 1/7/2008 5:36:20 PM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Created Date = 12/27/2007 11:35:23 AM | Attr = ]
PCHealth -> %LocalAppData%\PCHealth -> [Folder | Created Date = 1/14/2008 8:41:07 PM | Attr = ]
Thunderbird -> %LocalAppData%\Thunderbird -> [Folder | Created Date = 1/7/2008 5:36:20 PM | Attr = ]
MCE Logs -> %AllUsersDocuments%\MCE Logs -> [Folder | Created Date = 1/19/2008 5:31:04 PM | Attr = HS]
6 Week Publicity Plan.doc -> %UserDocuments%\6 Week Publicity Plan.doc -> [Ver = | Size = 22528 bytes | Created Date = 12/27/2007 3:33:29 PM | Attr = ]
My DVDs -> %UserDocuments%\My DVDs -> [Folder | Created Date = 1/11/2008 6:15:45 PM | Attr = S]
My Games -> %UserDocuments%\My Games -> [Folder | Created Date = 1/1/2008 4:15:36 PM | Attr = ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Created Date = 1/14/2008 8:52:14 PM | Attr = ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 595 bytes | Created Date = 1/15/2008 6:59:01 PM | Attr = ]
Props Laramie.doc -> %UserDocuments%\Props Laramie.doc -> [Ver = | Size = 26112 bytes | Created Date = 1/15/2008 9:36:44 PM | Attr = ]
Theme Laramie.doc -> %UserDocuments%\Theme Laramie.doc -> [Ver = | Size = 29696 bytes | Created Date = 12/24/2007 3:29:44 PM | Attr = ]
1001books_arukiyomi.xls -> %UserDesktop%\1001books_arukiyomi.xls -> [Ver = | Size = 129024 bytes | Created Date = 1/15/2008 8:21:39 PM | Attr = ]
33666_madness.fla -> %UserDesktop%\33666_madness.fla -> [Ver = | Size = 1540608 bytes | Created Date = 1/20/2008 8:30:02 PM | Attr = ]
Aidyn Chronicles - The First Mage -> %UserDesktop%\Aidyn Chronicles - The First Mage -> [Folder | Created Date = 1/18/2008 2:28:46 PM | Attr = ]
Backups -> %UserDesktop%\Backups -> [Folder | Created Date = 1/19/2008 5:11:35 PM | Attr = ]
Cueator v3.0 (win).zip -> %UserDesktop%\Cueator v3.0 (win).zip -> [Ver = | Size = 101666 bytes | Created Date = 12/24/2007 9:24:10 PM | Attr = ]
djscratches1 -> %UserDesktop%\djscratches1 -> [Folder | Created Date = 1/19/2008 8:42:45 PM | Attr = ]
Elevayta_Extra_Boy_Pro_Demo -> %UserDesktop%\Elevayta_Extra_Boy_Pro_Demo -> [Folder | Created Date = 1/19/2008 5:12:18 PM | Attr = ]
even more madness stuff.fla -> %UserDesktop%\even more madness stuff.fla -> [Ver = | Size = 2508800 bytes | Created Date = 1/20/2008 8:21:52 PM | Attr = ]
ff8_amin.zip -> %UserDesktop%\ff8_amin.zip -> [Ver = | Size = 238636 bytes | Created Date = 12/31/2007 4:43:11 PM | Attr = ]
ff8_medleyn.zip -> %UserDesktop%\ff8_medleyn.zip -> [Ver = | Size = 696296 bytes | Created Date = 12/31/2007 4:45:59 PM | Attr = ]
Flatline.mp3 -> %UserDesktop%\Flatline.mp3 -> [Ver = | Size = 60065 bytes | Created Date = 12/24/2007 4:54:14 PM | Attr = ]
Gackt - Last Song.pdf -> %UserDesktop%\Gackt - Last Song.pdf -> [Ver = | Size = 98790 bytes | Created Date = 1/20/2008 12:56:12 PM | Attr = ]
Heart monitor.mp3 -> %UserDesktop%\Heart monitor.mp3 -> [Ver = | Size = 60292 bytes | Created Date = 12/24/2007 4:52:52 PM | Attr = ]
History.doc -> %UserDesktop%\History.doc -> [Ver = | Size = 21504 bytes | Created Date = 1/16/2008 7:56:02 PM | Attr = ]
Hitman 2 -> %UserDesktop%\Hitman 2 -> [Folder | Created Date = 12/28/2007 5:10:47 PM | Attr = ]
Hitman 3 -> %UserDesktop%\Hitman 3 -> [Folder | Created Date = 12/28/2007 4:51:32 PM | Attr = ]
hitmancontracts-nocd-1_74-ENG.zip -> %UserDesktop%\hitmancontracts-nocd-1_74-ENG.zip -> [Ver = | Size = 2647678 bytes | Created Date = 12/25/2007 2:36:13 PM | Attr = ]
Hospital ICU.mp3 -> %UserDesktop%\Hospital ICU.mp3 -> [Ver = | Size = 60078 bytes | Created Date = 12/24/2007 4:53:50 PM | Attr = ]
lpminutestomidnightbook -> %UserDesktop%\lpminutestomidnightbook -> [Folder | Created Date = 1/19/2008 8:57:50 PM | Attr = ]
Madness faces an all the stuff(PLUS losts of backgrounds).fla -> %UserDesktop%\Madness faces an all the stuff(PLUS losts of backgrounds).fla -> [Ver = | Size = 3350016 bytes | Created Date = 1/20/2008 8:21:51 PM | Attr = ]
more madness stuff.fla -> %UserDesktop%\more madness stuff.fla -> [Ver = | Size = 9155072 bytes | Created Date = 1/20/2008 8:21:51 PM | Attr = ]
Mudvayne.jpg -> %UserDesktop%\Mudvayne.jpg -> [Ver = | Size = 6051 bytes | Created Date = 1/15/2008 7:36:48 PM | Attr = ]
New Mexico Float Decoration 2007.jpg -> %UserDesktop%\New Mexico Float Decoration 2007.jpg -> [Ver = | Size = 188433 bytes | Created Date = 1/1/2008 12:49:02 PM | Attr = ]
Newgrounds Music -> %UserDesktop%\Newgrounds Music -> [Folder | Created Date = 1/19/2008 9:13:13 PM | Attr = ]
penumbra_overture_wt -> %UserDesktop%\penumbra_overture_wt -> [Folder | Created Date = 1/14/2008 7:25:12 PM | Attr = ]
Project.fla -> %UserDesktop%\Project.fla -> [Ver = | Size = 213504 bytes | Created Date = 1/1/2008 1:44:11 PM | Attr = ]
Project.swf -> %UserDesktop%\Project.swf -> [Ver = | Size = 121293 bytes | Created Date = 1/1/2008 1:47:01 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/19/2008 6:05:59 PM | Attr = ]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1768 bytes | Created Date = 1/18/2008 10:24:35 AM | Attr = ]
AOL -> %CommonProgramFiles%\AOL -> [Folder | Created Date = 12/27/2007 11:22:59 AM | Attr = ]
Screaming Bee -> %CommonProgramFiles%\Screaming Bee -> [Folder | Created Date = 1/19/2008 7:33:33 PM | Attr = ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 1/14/2008 8:39:14 PM | Attr = HS]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 1/19/2008 9:47:50 PM | Attr = RH ]
ATI -> %SystemDrive%\ATI -> [Folder | Modified Date = 1/9/2008 7:53:35 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 279 bytes | Modified Date = 1/15/2008 9:31:32 PM | Attr = H ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/20/2008 11:01:56 AM | Attr = H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 938004480 bytes | Modified Date = 1/20/2008 4:50:03 PM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 449 bytes | Modified Date = 12/27/2007 11:35:24 AM | Attr = H ]
OUT_MEDIA_FILESGackt - MARS - 01. Ares.mp3 -> %SystemDrive%\OUT_MEDIA_FILESGackt - MARS - 01. Ares.mp3 -> [Ver = | Size = 3792896 bytes | Modified Date = 1/20/2008 12:38:06 PM | Attr = ]
OUT_MEDIA_FILESGackt - MARS - 02. Asrun Dream.mp3 -> %SystemDrive%\OUT_MEDIA_FILESGackt - MARS - 02. Asrun Dream.mp3 -> [Ver = | Size = 10717184 bytes | Modified Date = 1/20/2008 12:38:34 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/20/2008 12:39:53 PM | Attr = ]
spoolerlogs -> %SystemDrive%\spoolerlogs -> [Folder | Modified Date = 1/15/2008 9:03:21 PM | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/14/2008 8:54:07 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/14/2008 8:54:07 PM | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/2/2008 9:54:04 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 1/11/2008 6:18:58 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/12/2008 8:14:59 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/20/2008 4:51:11 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/7/2008 4:52:49 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 1/7/2008 4:52:52 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 1/7/2008 4:52:53 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/8/2008 6:23:17 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 1/8/2008 6:23:14 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 1/7/2008 4:52:57 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/17/2008 8:25:32 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 223724 bytes | Modified Date = 1/17/2008 8:25:32 PM | Attr = R ]
hosts.20080106-171130.backup -> %System32%\drivers\etc\hosts.20080106-171130.backup -> [Ver = | Size = 736 bytes | Modified Date = 1/4/2008 8:50:09 PM | Attr = ]
hosts.20080106-171411.backup -> %System32%\drivers\etc\hosts.20080106-171411.backup -> [Ver = | Size = 65806 bytes | Modified Date = 1/6/2008 5:11:30 PM | Attr = R ]
hosts.20080117-195721.backup -> %System32%\drivers\etc\hosts.20080117-195721.backup -> [Ver = | Size = 65806 bytes | Modified Date = 1/6/2008 5:14:11 PM | Attr = R ]
hosts.20080117-202532.backup -> %System32%\drivers\etc\hosts.20080117-202532.backup -> [Ver = | Size = 223724 bytes | Modified Date = 1/17/2008 7:57:21 PM | Attr = R ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 15441952 bytes | Modified Date = 1/20/2008 9:17:11 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 180620 bytes | Modified Date = 1/20/2008 2:18:06 PM | Attr = HS]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 56832 bytes | Modified Date = 1/8/2008 6:52:04 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 74240 bytes | Modified Date = 1/8/2008 6:52:04 PM | Attr = ]
sptd.sys -> %System32%\drivers\sptd.sys -> [Ver = | Size = 715248 bytes | Modified Date = 12/24/2007 9:13:05 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/12/2008 9:22:49 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/19/2008 9:51:52 PM | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 12/25/2007 3:02:53 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 1/9/2008 7:20:01 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/20/2008 2:04:54 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/20/2008 4:51:21 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 1/14/2008 8:52:00 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 1/9/2008 8:22:11 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 263024 bytes | Modified Date = 1/10/2008 5:34:13 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 1/19/2008 8:35:16 PM | Attr = ]
NeroCheck .exe -> %System32%\NeroCheck .exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 1/2/2008 1:59:50 PM | Attr = ]
OpenAL32.dll -> %System32%\OpenAL32.dll -> Portions © Creative Labs Inc. and NVIDIA Corp. [Ver = 6.14.0357.19 | Size = 114688 bytes | Modified Date = 1/13/2008 8:52:28 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 72184 bytes | Modified Date = 1/9/2008 8:22:40 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 443296 bytes | Modified Date = 1/9/2008 8:22:40 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 522502 bytes | Modified Date = 1/9/2008 8:22:40 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 1/9/2008 8:00:05 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/2/2008 9:54:04 AM | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 1/9/2008 8:21:41 PM | Attr = ]
SpoonUninstall-dBpoweramp Music Converter.bmp -> %System32%\SpoonUninstall-dBpoweramp Music Converter.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 1/19/2008 9:43:18 PM | Attr = ]
SpoonUninstall-dBpoweramp Music Converter.dat -> %System32%\SpoonUninstall-dBpoweramp Music Converter.dat -> [Ver = | Size = 12896 bytes | Modified Date = 1/19/2008 9:43:33 PM | Attr = ]
SpoonUninstall.exe -> %System32%\SpoonUninstall.exe -> [Ver = | Size = 4230520 bytes | Modified Date = 1/19/2008 7:04:32 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353366 bytes | Modified Date = 1/20/2008 4:51:51 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 1/15/2008 6:04:15 PM | Attr = ]
wrap_oal.dll -> %System32%\wrap_oal.dll -> Creative Labs [Ver = 2.1.4.0 | Size = 409600 bytes | Modified Date = 1/13/2008 8:52:28 PM | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 1/9/2008 8:22:08 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 1/7/2008 3:54:49 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 1/7/2008 3:50:34 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/12/2008 9:22:50 PM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 1/10/2008 6:52:40 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/20/2008 4:50:12 PM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 73 bytes | Modified Date = 1/4/2008 10:03:52 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/6/2008 8:09:14 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 1/19/2008 7:08:05 PM | Attr = R S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/19/2008 7:41:42 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/20/2008 1:01:34 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 1/20/2008 9:22:34 PM | Attr = ]
lhsp -> %SystemRoot%\lhsp -> [Folder | Modified Date = 1/19/2008 7:08:05 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 1/9/2008 8:45:38 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 12/27/2007 3:51:12 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 1/19/2008 5:01:16 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 1/6/2008 5:30:49 PM | Attr = ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat -> [Ver = | Size = 216 bytes | Modified Date = 12/29/2007 6:36:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/20/2008 8:57:46 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/12/2008 4:50:17 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/14/2008 9:48:53 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/20/2008 4:50:55 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/20/2008 4:51:54 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/6/2008 5:18:54 PM | Attr = ]
speech -> %SystemRoot%\speech -> [Folder | Modified Date = 1/19/2008 7:24:06 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 1/7/2008 4:47:25 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/15/2008 9:31:32 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/20/2008 2:04:54 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/7/2008 4:42:34 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/20/2008 5:23:23 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 623 bytes | Modified Date = 1/15/2008 9:31:32 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 129 bytes | Modified Date = 1/10/2008 9:03:52 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/9/2008 8:22:55 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 12/31/2007 2:18:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/20/2008 4:50:30 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Modified Date = 12/27/2007 11:30:20 AM | Attr = ]
AOL OCP -> %AllUsersAppData%\AOL OCP -> [Folder | Modified Date = 12/27/2007 11:36:00 AM | Attr = ]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Modified Date = 1/7/2008 5:42:34 PM | Attr = ]
Avira -> %AllUsersAppData%\Avira -> [Folder | Modified Date = 1/5/2008 6:29:11 PM | Attr = ]
Comodo -> %AllUsersAppData%\Comodo -> [Folder | Modified Date = 1/7/2008 4:00:59 PM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 1/7/2008 4:52:26 PM | Attr = ]
MailFrontier -> %AllUsersAppData%\MailFrontier -> [Folder | Modified Date = 1/7/2008 3:50:53 PM | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 1/14/2008 8:52:57 PM | Attr = S]
Screaming Bee -> %AllUsersAppData%\Screaming Bee -> [Folder | Modified Date = 1/19/2008 7:39:27 PM | Attr = ]
SiteAdvisor -> %AllUsersAppData%\SiteAdvisor -> [Folder | Modified Date = 1/1/2008 4:00:18 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 1/6/2008 5:16:00 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/3/2008 10:13:13 AM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 1/20/2008 4:51:21 PM | Attr = ]
@Alternate Data Stream - 145 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
Trymedia -> %AllUsersAppData%\Trymedia -> [Folder | Modified Date = 1/9/2008 7:09:11 PM | Attr = ]
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Modified Date = 12/27/2007 11:34:35 AM | Attr = ]
WLInstaller -> %AllUsersAppData%\WLInstaller -> [Folder | Modified Date = 1/14/2008 8:41:23 PM | Attr = ]
AccurateRip -> %UserAppData%\AccurateRip -> [Folder | Modified Date = 1/19/2008 9:43:37 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 1/19/2008 9:00:21 PM | Attr = ]
AdobeUM -> %UserAppData%\AdobeUM -> [Folder | Modified Date = 1/20/2008 4:50:49 PM | Attr = ]
Ahead -> %UserAppData%\Ahead -> [Folder | Modified Date = 12/24/2007 9:17:03 PM | Attr = ]
Audacity -> %UserAppData%\Audacity -> [Folder | Modified Date = 1/18/2008 7:28:58 PM | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 1/20/2008 5:59:10 PM | Attr = ]
Comodo -> %UserAppData%\Comodo -> [Folder | Modified Date = 1/7/2008 4:00:59 PM | Attr = ]
DAEMON Tools -> %UserAppData%\DAEMON Tools -> [Folder | Modified Date = 12/29/2007 9:38:52 PM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 1/2/2008 9:56:38 AM | Attr = ]
gtk-2.0 -> %UserAppData%\gtk-2.0 -> [Folder | Modified Date = 1/15/2008 9:07:05 PM | Attr = ]
Leadertech -> %UserAppData%\Leadertech -> [Folder | Modified Date = 1/11/2008 6:23:24 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 1/19/2008 5:30:57 PM | Attr = S]
Move Networks -> %UserAppData%\Move Networks -> [Folder | Modified Date = 1/18/2008 3:24:59 PM | Attr = ]
Mozilla -> %UserAppData%\Mozilla -> [Folder | Modified Date = 1/7/2008 5:36:37 PM | Attr = ]
Opera -> %UserAppData%\Opera -> [Folder | Modified Date = 1/2/2008 9:18:19 PM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Modified Date = 1/2/2008 8:40:24 PM | Attr = ]
Screaming Bee -> %UserAppData%\Screaming Bee -> [Folder | Modified Date = 1/19/2008 7:39:31 PM | Attr = ]
SiteAdvisor -> %UserAppData%\SiteAdvisor -> [Folder | Modified Date = 1/19/2008 9:00:43 PM | Attr = ]
Sonic -> %UserAppData%\Sonic -> [Folder | Modified Date = 1/11/2008 6:23:35 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/3/2008 10:12:11 AM | Attr = ]
SystemRequirementsLab -> %UserAppData%\SystemRequirementsLab -> [Folder | Modified Date = 1/9/2008 7:38:01 PM | Attr = ]
Thunderbird -> %UserAppData%\Thunderbird -> [Folder | Modified Date = 1/7/2008 5:36:25 PM | Attr = ]
U3 -> %UserAppData%\U3 -> [Folder | Modified Date = 1/19/2008 5:22:04 PM | Attr = ]
uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 1/20/2008 5:57:56 PM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Modified Date = 12/27/2007 11:35:23 AM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 1/19/2008 5:31:40 PM | Attr = ]
Ares -> %LocalAppData%\Ares -> [Folder | Modified Date = 1/14/2008 6:10:21 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 12288 bytes | Modified Date = 1/19/2008 5:05:44 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 67808 bytes | Modified Date = 1/11/2008 6:16:11 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1105674 bytes | Modified Date = 1/18/2008 2:35:55 PM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/15/2008 6:58:35 PM | Attr = ]
PCHealth -> %LocalAppData%\PCHealth -> [Folder | Modified Date = 1/14/2008 8:41:07 PM | Attr = ]
Thunderbird -> %LocalAppData%\Thunderbird -> [Folder | Modified Date = 1/7/2008 5:36:41 PM | Attr = ]
MCE Logs -> %AllUsersDocuments%\MCE Logs -> [Folder | Modified Date = 1/19/2008 5:31:04 PM | Attr = HS]
6 Week Publicity Plan.doc -> %UserDocuments%\6 Week Publicity Plan.doc -> [Ver = | Size = 22528 bytes | Modified Date = 12/27/2007 3:33:29 PM | Attr = ]
Band -> %UserDocuments%\Band -> [Folder | Modified Date = 1/16/2008 10:17:30 PM | Attr = ]
Incomplete -> %UserDocuments%\Incomplete -> [Folder | Modified Date = 1/19/2008 5:55:43 PM | Attr = ]
My Completed Downloads -> %UserDocuments%\My Completed Downloads -> [Folder | Modified Date = 1/4/2008 9:13:14 PM | Attr = ]
My DVDs -> %UserDocuments%\My DVDs -> [Folder | Modified Date = 1/11/2008 6:15:45 PM | Attr = S]
My Games -> %UserDocuments%\My Games -> [Folder | Modified Date = 1/19/2008 5:31:17 PM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 12/23/2007 9:26:34 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/19/2008 5:21:51 PM | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 1/14/2008 8:52:14 PM | Attr = ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 595 bytes | Modified Date = 1/18/2008 5:36:28 PM | Attr = ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 12/23/2007 9:27:17 PM | Attr = R ]
Props Laramie.doc -> %UserDocuments%\Props Laramie.doc -> [Ver = | Size = 26112 bytes | Modified Date = 1/18/2008 12:00:01 PM | Attr = ]
The Laramie Poster.doc -> %UserDocuments%\The Laramie Poster.doc -> [Ver = | Size = 261120 bytes | Modified Date = 12/27/2007 3:03:02 PM | Attr = ]
Theme Laramie.doc -> %UserDocuments%\Theme Laramie.doc -> [Ver = | Size = 29696 bytes | Modified Date = 1/1/2008 1:53:41 PM | Attr = ]
Ticket Design Laramie.doc -> %UserDocuments%\Ticket Design Laramie.doc -> [Ver = | Size = 132608 bytes | Modified Date = 12/27/2007 3:02:18 PM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2341 bytes | Modified Date = 1/14/2008 9:48:34 PM | Attr = ]
1001books_arukiyomi.xls -> %UserDesktop%\1001books_arukiyomi.xls -> [Ver = | Size = 129024 bytes | Modified Date = 1/15/2008 8:21:38 PM | Attr = ]
33666_madness.fla -> %UserDesktop%\33666_madness.fla -> [Ver = | Size = 1540608 bytes | Modified Date = 1/20/2008 8:30:09 PM | Attr = ]
Aidyn Chronicles - The First Mage -> %UserDesktop%\Aidyn Chronicles - The First Mage -> [Folder | Modified Date = 1/18/2008 2:28:47 PM | Attr = ]
Backups -> %UserDesktop%\Backups -> [Folder | Modified Date = 1/19/2008 5:12:49 PM | Attr = ]
Cueator v3.0 (win).zip -> %UserDesktop%\Cueator v3.0 (win).zip -> [Ver = | Size = 101666 bytes | Modified Date = 12/24/2007 9:24:09 PM | Attr = ]
djscratches1 -> %UserDesktop%\djscratches1 -> [Folder | Modified Date = 1/19/2008 8:42:47 PM | Attr = ]
Elevayta_Extra_Boy_Pro_Demo -> %UserDesktop%\Elevayta_Extra_Boy_Pro_Demo -> [Folder | Modified Date = 1/19/2008 5:12:18 PM | Attr = ]
even more madness stuff.fla -> %UserDesktop%\even more madness stuff.fla -> [Ver = | Size = 2508800 bytes | Modified Date = 1/4/2008 1:23:56 PM | Attr = ]
ff8_amin.zip -> %UserDesktop%\ff8_amin.zip -> [Ver = | Size = 238636 bytes | Modified Date = 12/31/2007 4:43:13 PM | Attr = ]
ff8_medleyn.zip -> %UserDesktop%\ff8_medleyn.zip -> [Ver = | Size = 696296 bytes | Modified Date = 12/31/2007 4:46:04 PM | Attr = ]
Flatline.mp3 -> %UserDesktop%\Flatline.mp3 -> [Ver = | Size = 60065 bytes | Modified Date = 12/24/2007 4:54:15 PM | Attr = ]
Gackt - Last Song.pdf -> %UserDesktop%\Gackt - Last Song.pdf -> [Ver = | Size = 98790 bytes | Modified Date = 1/20/2008 12:56:12 PM | Attr = ]
Heart monitor.mp3 -> %UserDesktop%\Heart monitor.mp3 -> [Ver = | Size = 60292 bytes | Modified Date = 12/24/2007 4:54:43 PM | Attr = ]
History.doc -> %UserDesktop%\History.doc -> [Ver = | Size = 21504 bytes | Modified Date = 1/16/2008 8:00:48 PM | Attr = ]
Hitman 2 -> %UserDesktop%\Hitman 2 -> [Folder | Modified Date = 12/28/2007 5:25:09 PM | Attr = ]
Hitman 3 -> %UserDesktop%\Hitman 3 -> [Folder | Modified Date = 12/28/2007 5:04:55 PM | Attr = ]
hitmancontracts-nocd-1_74-ENG.zip -> %UserDesktop%\hitmancontracts-nocd-1_74-ENG.zip -> [Ver = | Size = 2647678 bytes | Modified Date = 12/25/2007 2:37:20 PM | Attr = ]
Hospital ICU.mp3 -> %UserDesktop%\Hospital ICU.mp3 -> [Ver = | Size = 60078 bytes | Modified Date = 12/24/2007 4:53:50 PM | Attr = ]
lpminutestomidnightbook -> %UserDesktop%\lpminutestomidnightbook -> [Folder | Modified Date = 1/19/2008 8:57:50 PM | Attr = ]
Madness faces an all the stuff(PLUS losts of backgrounds).fla -> %UserDesktop%\Madness faces an all the stuff(PLUS losts of backgrounds).fla -> [Ver = | Size = 3350016 bytes | Modified Date = 1/3/2008 7:37:50 PM | Attr = ]
Mudvayne.jpg -> %UserDesktop%\Mudvayne.jpg -> [Ver = | Size = 6051 bytes | Modified Date = 1/15/2008 7:36:45 PM | Attr = ]
New Mexico Float Decoration 2007.jpg -> %UserDesktop%\New Mexico Float Decoration 2007.jpg -> [Ver = | Size = 188433 bytes | Modified Date = 1/1/2008 12:49:03 PM | Attr = ]
Newgrounds Music -> %UserDesktop%\Newgrounds Music -> [Folder | Modified Date = 1/19/2008 9:41:55 PM | Attr = ]
penumbra_overture_wt -> %UserDesktop%\penumbra_overture_wt -> [Folder | Modified Date = 1/14/2008 7:25:12 PM | Attr = ]
Project.fla -> %UserDesktop%\Project.fla -> [Ver = | Size = 213504 bytes | Modified Date = 1/1/2008 1:44:11 PM | Attr = ]
Project.swf -> %UserDesktop%\Project.swf -> [Ver = | Size = 121293 bytes | Modified Date = 1/1/2008 1:47:01 PM | Attr = ]
Underworld -> %UserDesktop%\Underworld -> [Folder | Modified Date = 1/20/2008 12:37:29 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/19/2008 6:28:08 PM | Attr = ]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1768 bytes | Modified Date = 1/18/2008 10:24:35 AM | Attr = ]
VPN Client.lnk -> %AllUsersStartup%\VPN Client.lnk -> [Ver = | Size = 2447 bytes | Modified Date = 1/20/2008 4:52:01 PM | Attr = ]
SpywareGuard.lnk -> %UserStartup%\SpywareGuard.lnk -> [Ver = | Size = 661 bytes | Modified Date = 1/7/2008 9:45:38 PM | Attr = ]
AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 1/2/2008 1:58:58 PM | Attr = ]
DVDVideoSoft -> %CommonProgramFiles%\DVDVideoSoft -> [Folder | Modified Date = 1/2/2008 2:33:35 PM | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 1/19/2008 7:24:10 PM | Attr = ]
Screaming Bee -> %CommonProgramFiles%\Screaming Bee -> [Folder | Modified Date = 1/19/2008 7:33:33 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 1/7/2008 5:24:43 PM | Attr = ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 1/14/2008 8:51:20 PM | Attr = HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/10/2008 6:19:18 PM | Attr = ]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/19/2008 5:27:30 PM | Attr = H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/19/2008 5:31:30 PM | Attr = H ]
eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 5:37:02 PM | Attr = H ]
eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 6:18:20 PM | Attr = H ]
eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 6:49:14 PM | Attr = H ]
eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-13.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 7:24:54 PM | Attr = H ]
eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-14.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 7:56:41 PM | Attr = H ]
eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-15.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 8:10:09 PM | Attr = H ]
eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-16.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 9:01:43 PM | Attr = H ]
eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-17.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 9:14:33 PM | Attr = H ]
eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-18.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/10/2008 9:20:22 PM | Attr = H ]
eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-19.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/11/2008 5:36:42 PM | Attr = H ]
eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/19/2008 5:45:15 PM | Attr = H ]
eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-20.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/11/2008 5:52:29 PM | Attr = H ]
eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-21.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/11/2008 6:56:49 PM | Attr = H ]
eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-22.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/11/2008 7:09:48 PM | Attr = H ]
eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-23.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/11/2008 9:05:58 PM | Attr = H ]
eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-24.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/12/2008 4:12:43 PM | Attr = H ]
eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-25.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/12/2008 4:17:22 PM | Attr = H ]
eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-26.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/12/2008 4:32:29 PM | Attr = H ]
eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-27.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/12/2008 4:42:39 PM | Attr = H ]
eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-28.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/13/2008 11:38:17 AM | Attr = H ]
eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-29.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/13/2008 12:51:14 PM | Attr = H ]
eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/19/2008 5:50:18 PM | Attr = H ]
eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-30.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/13/2008 4:47:35 PM | Attr = H ]
eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-31.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/13/2008 5:15:16 PM | Attr = H ]
eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-32.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/13/2008 6:13:34 PM | Attr = H ]
eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-33.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/13/2008 7:25:41 PM | Attr = H ]
eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-34.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/13/2008 7:31:55 PM | Attr = H ]
eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-35.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/14/2008 5:21:21 PM | Attr = H ]
eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-36.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/14/2008 5:30:49 PM | Attr = H ]
eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-37.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/14/2008 5:43:51 PM | Attr = H ]
eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-38.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/15/2008 6:06:27 PM | Attr = H ]
eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-39.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/15/2008 9:27:54 PM | Attr = H ]
eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/19/2008 5:53:35 PM | Attr = H ]
eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-40.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/15/2008 9:40:39 PM | Attr = H ]
eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-41.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/16/2008 7:09:20 PM | Attr = H ]
eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-42.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/17/2008 5:33:00 PM | Attr = H ]
eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-43.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/17/2008 7:12:30 PM | Attr = H ]
eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-44.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/18/2008 9:08:52 AM | Attr = H ]
eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-45.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/18/2008 2:48:21 PM | Attr = H ]
eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-46.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/18/2008 5:46:14 PM | Attr = H ]
eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-47.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/19/2008 4:10:26 PM | Attr = H ]
eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/20/2008 11:04:01 AM | Attr = H ]
eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/20/2008 4:52:05 PM | Attr = H ]
eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/7/2008 5:25:41 PM | Attr = H ]
eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/8/2008 6:19:40 PM | Attr = H ]
eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat -> [Ver = | Size = 268 bytes | Modified Date = 1/9/2008 4:17:28 PM | Attr = H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5394 bytes | Modified Date = 1/20/2008 4:52:18 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5394 bytes | Modified Date = 1/20/2008 4:52:18 PM | Attr = ]
Perflib_Perfdata_ba4.dat -> C:\Documents and Settings\Catherine\Local Settings\Temp\Perflib_Perfdata_ba4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/20/2008 4:53:04 PM | Attr = ]

< End of report >
I hate my life :(

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:02 PM

Posted 21 January 2008 - 01:30 AM

Hi blackchaos93. The log is clean. Just 1 left-over registry item to take care of.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YN -> C:\WINDOWS\system32\pmkhg -> 
< BotCheck > ->

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Other than that things look good. How are things running now?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 blackchaos93

blackchaos93
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:12:02 PM

Posted 21 January 2008 - 02:38 PM

[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\pmkhg deleted successfully.
< End of fix log >
WinPFind35U Version Beta26 fix logfile created on 01212008_113717

Thanks!! Everything is running great, I can go on the internet just fine and no weird pop-ups or anything are coming up... and the startup's not SLOWWWW anymore!

Thank you so much for your help, I really really appreciate it!
I hate my life :(

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:02 PM

Posted 21 January 2008 - 02:49 PM

Hi blackchaos93. Glad to hear it. Let it run out for a couple of days to make sure it is stable and then let me know if you have any further issues.

If you want, you can go ahead and delete all the tools we downloaded and any files and folders that they created. We won't need them any further.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users