Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojans And Mass-mailer Problem


  • This topic is locked This topic is locked
12 replies to this topic

#1 mojojo

mojojo

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 07 January 2008 - 08:57 PM

Whenever I logged on/connected to the internet, norton would pop up with a few messages that went something like "Trojan.xxx blocked as security risk. Computer is secure." After about 30 seconds, my screen would flood with Norton's "scanning message 0 of 1" popups. My only solution was to disconnect from the internet. I managed to install the ZoneAlarm firewall, which allowed me to prevent the email client program from sending anything. Other strange .exe programs (such as 3F7FA51B.exe) were also trying to get through the firewall (although recently neither the mailer nor any of these .exe's have come up).

Interestingly, my computer shuts down in the middle of malware scans, sending me to a blue screen saying "A problem has been detected and windows has been shut down to avoid damage to your computer." Bit Defender is the only program that has avoided this problem (and it found several cool trojans like Trojan.vundo.DUI, Trojan.kobcka.BE, Trojan.Dropper.RNY, and Trojan.Srizbi.AF. After each one it said "Disinfection Failed" and then "Deleted"). I can include the log if needed. However, I'm almost positive it didn't fix anything. Since I can't use most malware scanners, I'm not sure what to do.

Also, I found an odd program with Autoruns, but am not sure what to do with it. It is called FFI, and has the path C:\WINDOWS\system32\svchost.exe:exm.exe .
I am running WindowsXP. Help is appreciated.

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:16 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11167 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:54 AM

Posted 13 January 2008 - 05:36 PM

Hello mojojo and welcome to the BC HijackThis forum. Let's see what else might be hiding in there.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 mojojo

mojojo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 14 January 2008 - 08:20 PM

Thanks OldTimer. This is one hell of a list.

WinPFind35 logfile created on: 1/14/2008 6:14:34 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\Joe Radomski\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1022.09 Mb Total Physical Memory | 567.24 Mb Available Physical Memory | 55.50% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.39 Gb Total Space | 146.28 Gb Free Space | 49.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 85.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded

Computer Name: DJ897HB1
Current User Name: Joe Radomski
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 1:19:28 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/1/2007 4:46:02 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8440 | Size = 143436 bytes | Modified Date = 4/1/2006 12:54:00 AM | Attr = ]
prismsvc.exe -> %System32%\PRISMSVC.exe -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 61526 bytes | Modified Date = 12/22/2005 6:21:44 PM | Attr = ]
prismsvr.exe -> %System32%\PRISMSVR.exe -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 381014 bytes | Modified Date = 12/22/2005 6:15:46 PM | Attr = ]
ctdvddet.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/17/2003 11:00:00 PM | Attr = ]
volpanel.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.52.0 | Size = 122880 bytes | Modified Date = 10/14/2005 9:01:06 AM | Attr = ]
dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.25.0 | Size = 49152 bytes | Modified Date = 11/4/2005 4:07:56 PM | Attr = ]
ctxfispi.exe -> %System32%\CTXFISPI.EXE -> Creative Technology Ltd [Ver = 1.0.21.1141 | Size = 717312 bytes | Modified Date = 3/2/2006 1:53:36 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 5:34:50 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460312 bytes | Modified Date = 6/18/2007 2:58:02 PM | Attr = ]
prismcfg.exe -> %ProgramFiles%\Dell Wireless\PRISMCFG.exe -> Dell Inc. [Ver = 2.03.17 | Size = 921704 bytes | Modified Date = 12/22/2005 7:14:54 PM | Attr = ]
mantispm.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe -> [Ver = 5, 0, 6, 8903 | Size = 804376 bytes | Modified Date = 5/11/2007 7:50:24 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 10:07:32 AM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
(AutoSyncService) Memeo AutoSync [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Memeo\AutoSync\MemeoService.exe -> Memeo [Ver = 2.0.0.0 | Size = 31768 bytes | Modified Date = 7/6/2007 5:28:44 PM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(comHost) COM Host [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 1/12/2007 8:40:58 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Disabled | Stopped] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 11:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(ELService) Intel® Quick Resume Technology Drivers [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr = ]
(FFI) FFI [Win32_Own | Auto | Stopped] -> %System32%\svchost.exe:exm.exe -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 6:40:21 PM | Attr = ]
(IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 5:55:58 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 1/14/2007 12:11:06 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 7:51:10 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 9:26:40 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8440 | Size = 143436 bytes | Modified Date = 4/1/2006 12:54:00 AM | Attr = ]
(PRISMSVC) PRISMSVC [Win32_Shared | Auto | Running] -> %System32%\PRISMSVC.exe -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 61526 bytes | Modified Date = 12/22/2005 6:21:44 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/1/2007 4:46:02 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 1:19:28 AM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 10/11/2005 10:04:34 PM | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 11:51:56 AM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 9:07:44 PM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 11:52:00 AM | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 11:51:58 AM | Attr = ]
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %System32%\drivers\asctrm.sys -> Windows ® 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 7/26/2006 11:46:20 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ATIAVPCI) ATI Unified AVStream service [Kernel | On_Demand | Running] -> %System32%\drivers\atinavrr.sys -> ATI Technologies Inc. [Ver = 6.14.10.133 | Size = 269952 bytes | Modified Date = 1/4/2006 12:58:00 AM | Attr = ]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\JOERAD~1\LOCALS~1\Temp\catchme.sys -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 11:51:54 AM | Attr = ]
(ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %System32%\drivers\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 502272 bytes | Modified Date = 11/8/2005 10:14:40 AM | Attr = R ]
(ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 439680 bytes | Modified Date = 11/8/2005 10:15:38 AM | Attr = R ]
(ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ctdvda2k.sys -> Creative Technology Ltd [Ver = 5.13.01.0463-1.56.0930 | Size = 340704 bytes | Modified Date = 7/13/2005 7:18:48 AM | Attr = R ]
(ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 7168 bytes | Modified Date = 11/8/2005 10:15:38 AM | Attr = R ]
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 143360 bytes | Modified Date = 11/8/2005 10:14:46 AM | Attr = R ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr = ]
(DELL_A02) Dell TrueMobile 1300 USB2.0 WLAN Card Driver [Kernel | On_Demand | Running] -> %System32%\drivers\PRISMA02.sys -> Conexant Systems, Inc. [Ver = 3.03.34 | Size = 353728 bytes | Modified Date = 11/11/2005 8:34:16 PM | Attr = ]
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %System32%\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 25628 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr = ]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %System32%\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 8/25/2005 10:16:52 AM | Attr = ]
(DLADResN) DLADResN [File_System | Auto | Running] -> %System32%\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 2496 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr = ]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %System32%\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 86524 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr = ]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %System32%\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 14684 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr = ]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %System32%\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 6364 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr = ]
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %System32%\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 8/25/2005 10:16:16 AM | Attr = ]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %System32%\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 94332 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr = ]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %System32%\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 87036 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 1:30:00 AM | Attr = ]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %System32%\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 3:20:00 AM | Attr = ]
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 3:07:28 PM | Attr = ]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %System32%\drivers\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 11:10:48 AM | Attr = S]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 10:12:10 AM | Attr = ]
(e1express) Intel® PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1e5132.sys -> Intel Corporation [Ver = 9.1.32.0 built by: WinDDK | Size = 176128 bytes | Modified Date = 8/25/2005 5:05:24 PM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 395312 bytes | Modified Date = 8/30/2007 1:00:00 AM | Attr = ]
(ELacpi) ELacpi [Kernel | On_Demand | Running] -> %System32%\drivers\ELacpi.sys -> Intel Corporation [Ver = 1.0.0.1093 | Size = 7808 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr = ]
(ELhid) ELhid [Kernel | System | Running] -> %System32%\drivers\ELhid.sys -> Intel Corporation [Ver = 1.0.0.1093 | Size = 10112 bytes | Modified Date = 12/12/2005 2:52:34 PM | Attr = ]
(ELkbd) ELkbd [Kernel | System | Running] -> %System32%\drivers\ELkbd.sys -> Intel Corporation [Ver = 1.0.0.1093 | Size = 6912 bytes | Modified Date = 12/12/2005 2:52:34 PM | Attr = ]
(ELmon) ELmon [Kernel | System | Running] -> %System32%\drivers\ELmon.sys -> Intel Corporation [Ver = 1.0.0.1093 | Size = 7040 bytes | Modified Date = 12/12/2005 2:52:34 PM | Attr = ]
(ELmou) ELmou [Kernel | System | Running] -> %System32%\drivers\ELmou.sys -> Intel Corporation [Ver = 1.0.0.1093 | Size = 6400 bytes | Modified Date = 12/12/2005 2:52:34 PM | Attr = ]
(emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %System32%\drivers\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1144-2.07.0400 | Size = 77824 bytes | Modified Date = 11/8/2005 10:14:44 AM | Attr = R ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 112688 bytes | Modified Date = 8/30/2007 1:00:00 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr = ]
(ha20x2k) Creative 20X HAL Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ha20x2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1145-2.07.0530 | Size = 1096192 bytes | Modified Date = 2/15/2006 4:40:24 AM | Attr = R ]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 212224 bytes | Modified Date = 11/17/2003 7:59:20 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 1042432 bytes | Modified Date = 11/17/2003 7:56:26 PM | Attr = ]
(iastor) Intel AHCI Controller [Kernel | Boot | Running] -> %System32%\drivers\iaStor.sys -> Intel Corporation [Ver = 5.1.0.1022 | Size = 872064 bytes | Modified Date = 6/17/2005 10:33:40 AM | Attr = ]
(kl1) kl1 [Kernel | Boot | Running] -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.18.0 | Size = 110360 bytes | Modified Date = 5/31/2007 12:03:48 AM | Attr = ]
(KLIF) KLIF [File_System | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.90 | Size = 119576 bytes | Modified Date = 5/31/2007 12:03:50 AM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 4:48:08 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 11:52:12 AM | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080108.002\NAVENG.SYS -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 81232 bytes | Modified Date = 11/14/2007 2:00:00 AM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080108.002\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 865904 bytes | Modified Date = 11/14/2007 2:00:00 AM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8440 | Size = 3650144 bytes | Modified Date = 4/1/2006 12:54:00 AM | Attr = ]
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.1144-2.07.0400 | Size = 114688 bytes | Modified Date = 11/8/2005 10:14:54 AM | Attr = R ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.41a | Size = 36560 bytes | Modified Date = 9/27/2006 2:53:22 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 11:52:18 AM | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 9:07:44 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.3.1.3 | Size = 418104 bytes | Modified Date = 4/14/2007 1:49:32 AM | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 189, 0 | Size = 51176 bytes | Modified Date = 1/7/2008 1:13:30 PM | Attr = ]
(SRTSP) SRTSP [File_System | System | Running] -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 12:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 12:07:36 PM | Attr = ]
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 12848 bytes | Modified Date = 10/30/2007 7:55:14 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 12/6/2007 9:34:14 AM | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 145968 bytes | Modified Date = 10/30/2007 7:55:20 PM | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 39856 bytes | Modified Date = 10/30/2007 7:55:28 PM | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20071220.001\SymIDSCo.sys -> Symantec Corporation [Ver = 8.1.1.2 | Size = 158064 bytes | Modified Date = 11/6/2007 9:07:07 AM | Attr = ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 7/26/2006 11:53:17 PM | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 35120 bytes | Modified Date = 10/30/2007 7:55:24 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 27696 bytes | Modified Date = 10/30/2007 7:55:34 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 191536 bytes | Modified Date = 10/30/2007 7:55:38 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 12:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 12:07:42 PM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 11:52:22 AM | Attr = ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 10/31/2007 2:09:14 PM | Attr = ]
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 394984 bytes | Modified Date = 6/21/2007 9:54:52 PM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %System32%\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 2:13:04 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.06.00 built by: WinDDK | Size = 680704 bytes | Modified Date = 11/17/2003 7:58:02 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.25.0 | Size = 49152 bytes | Modified Date = 11/4/2005 4:07:56 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ]
CTDVDDET -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/17/2003 11:00:00 PM | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 5:34:50 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 5:34:50 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 86960 bytes | Modified Date = 3/20/2006 5:34:52 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8440 | Size = 7561216 bytes | Modified Date = 4/1/2006 12:54:00 AM | Attr = ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 1/14/2007 12:11:10 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 7:51:10 PM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/10/2000 11:00:00 PM | Attr = ]
VolPanel -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.52.0 | Size = 122880 bytes | Modified Date = 10/14/2005 9:01:06 AM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460312 bytes | Modified Date = 6/18/2007 2:58:02 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/16/2005 2:43:08 AM | Attr = HS]
%AllUsersStartup%\Wireless USB 2.0 WLAN Card Utility.lnk -> %ProgramFiles%\Dell Wireless\PRISMCFG.exe -> Dell Inc. [Ver = 2.03.17 | Size = 921704 bytes | Modified Date = 12/22/2005 7:14:54 PM | Attr = ]
< Joe Radomski Startup Folder > -> C:\Documents and Settings\Joe Radomski\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/16/2005 2:43:08 AM | Attr = HS]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [Ver = | Size = 111616 bytes | Modified Date = 7/26/2006 11:55:17 PM | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
PRISMAPI.DLL -> %System32%\PRISMAPI.dll -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 450646 bytes | Modified Date = 12/22/2005 6:08:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 10:09:22 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 12:17:44 PM | Attr = ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 1/12/2007 12:04:50 AM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 5, 0, 6 | Size = 1098840 bytes | Modified Date = 6/18/2007 2:57:46 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 6156 | Size = 2133056 bytes | Modified Date = 11/17/2006 3:43:34 PM | Attr = R ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 6/14/2006 1:17:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 6156 | Size = 2133056 bytes | Modified Date = 11/17/2006 3:43:34 PM | Attr = R ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 5, 1, 6 | Size = 405504 bytes | Modified Date = 8/26/2004 10:27:32 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 10:09:22 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 6156 | Size = 2133056 bytes | Modified Date = 11/17/2006 3:43:34 PM | Attr = R ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 10:09:22 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0A5EFE83-88D8-4C4A-A441-10371A390A42} -> () ->
{1E38A768-8CD6-421B-8D08-A1A4B5917831} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{4ECE7F81-D95E-404D-AD2D-D66DE901F2D4} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{ABC15FA9-BE7B-49F4-9469-96A07B785D2C} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{DEA7C9AA-05C9-498A-995B-F87EB1D08CAD} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{F8B0DD48-F3E9-46CB-AAFA-06A06A022849} -> (Intel® PRO/1000 PL Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_03] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_03] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 9:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1016 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 1/6/2008 12:41:07 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11954 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe -> C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe [C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner] -> [Ver = | Size = 118784 bytes | Modified Date = 5/31/2007 12:03:18 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 1/6/2008 12:41:07 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 1/6/2008 12:41:07 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 9:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 4:55:59 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
ĺ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->


[Files/Folders - Created Within 30 days]
49.tmp -> %SystemDrive%\49.tmp -> [Ver = | Size = 0 bytes | Created Date = 1/6/2008 12:41:21 PM | Attr = ]
4A.tmp -> %SystemDrive%\4A.tmp -> [Ver = | Size = 0 bytes | Created Date = 1/6/2008 12:41:23 PM | Attr = ]
4B.tmp -> %SystemDrive%\4B.tmp -> [Ver = | Size = 0 bytes | Created Date = 1/6/2008 12:41:23 PM | Attr = ]
4C.tmp -> %SystemDrive%\4C.tmp -> [Ver = | Size = 0 bytes | Created Date = 1/6/2008 12:41:24 PM | Attr = ]
4D.tmp -> %SystemDrive%\4D.tmp -> [Ver = | Size = 0 bytes | Created Date = 1/6/2008 12:41:24 PM | Attr = ]
4E.tmp -> %SystemDrive%\4E.tmp -> [Ver = | Size = 0 bytes | Created Date = 1/6/2008 12:41:25 PM | Attr = ]
4F.tmp -> %SystemDrive%\4F.tmp -> [Ver = | Size = 0 bytes | Created Date = 1/6/2008 12:41:25 PM | Attr = ]
50.tmp -> %SystemDrive%\50.tmp -> [Ver = | Size = 0 bytes | Created Date = 1/6/2008 12:41:26 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/6/2008 10:16:44 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071812608 bytes | Created Date = 1/7/2008 1:54:58 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 1/6/2008 12:40:31 PM | Attr = ]
tempdel.bat -> %SystemDrive%\tempdel.bat -> [Ver = | Size = 120 bytes | Created Date = 1/6/2008 7:34:12 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 1531936 bytes | Created Date = 1/6/2008 8:10:53 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 18932 bytes | Created Date = 1/6/2008 8:10:53 PM | Attr = HS]
kl1.sys -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.18.0 | Size = 110360 bytes | Created Date = 1/6/2008 8:10:43 PM | Attr = ]
klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Created Date = 1/6/2008 8:11:04 PM | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.90 | Size = 119576 bytes | Created Date = 1/6/2008 8:10:43 PM | Attr = ]
klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Created Date = 1/6/2008 8:11:04 PM | Attr = ]
usbaapl.sys -> %System32%\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Created Date = 12/26/2007 8:56:29 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 1/7/2008 1:35:10 PM | Attr = ]
ardCo17 -> %System32%\ardCo17 -> [Folder | Created Date = 1/6/2008 12:40:32 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/7/2008 1:35:38 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 12/26/2007 8:56:29 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/7/2008 1:35:13 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 1/6/2008 8:10:35 PM | Attr = ]
mp32s.sys -> %System32%\mp32s.sys -> [Ver = | Size = 54768 bytes | Created Date = 1/6/2008 12:41:06 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 1/7/2008 1:35:13 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/7/2008 1:35:13 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 53417 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 83432 bytes | Created Date = 1/6/2008 8:09:31 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 394984 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 157160 bytes | Created Date = 1/6/2008 8:09:31 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 103912 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 275944 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 71144 bytes | Created Date = 1/6/2008 8:10:35 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 472552 bytes | Created Date = 1/6/2008 8:09:31 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 46568 bytes | Created Date = 1/6/2008 8:10:31 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 99816 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 83432 bytes | Created Date = 1/6/2008 8:10:34 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 71144 bytes | Created Date = 1/6/2008 8:10:34 PM | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 1/6/2008 5:31:14 PM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 1/7/2008 1:35:38 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/7/2008 3:29:25 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/7/2008 1:11:37 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/7/2008 1:11:37 PM | Attr = H ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75248 bytes | Created Date = 1/6/2008 8:11:09 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 12/26/2007 8:56:39 PM | Attr = ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 452 bytes | Created Date = 1/7/2008 2:38:54 AM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 386 bytes | Created Date = 1/7/2008 2:38:54 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersAppData%\Apple -> [Folder | Created Date = 12/26/2007 8:56:15 PM | Attr = ]
Apple Computer -> %AllUsersAppData%\Apple Computer -> [Folder | Created Date = 12/26/2007 8:56:56 PM | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 1/6/2008 11:56:11 PM | Attr = ]
MailFrontier -> %AllUsersAppData%\MailFrontier -> [Folder | Created Date = 1/6/2008 5:32:03 PM | Attr = ]
Apple Computer -> %UserAppData%\Apple Computer -> [Folder | Created Date = 12/26/2007 8:58:10 PM | Attr = ]
MailFrontier -> %UserAppData%\MailFrontier -> [Folder | Created Date = 1/6/2008 8:19:12 PM | Attr = ]
Apple -> %LocalAppData%\Apple -> [Folder | Created Date = 12/26/2007 8:56:39 PM | Attr = ]
Apple Computer -> %LocalAppData%\Apple Computer -> [Folder | Created Date = 12/26/2007 8:54:56 PM | Attr = ]
~$Doc1.doc -> %UserDocuments%\~$Doc1.doc -> [Ver = | Size = 162 bytes | Created Date = 12/22/2007 4:04:35 PM | Attr = H ]
~WRD0005.tmp -> %UserDocuments%\~WRD0005.tmp -> [Ver = | Size = 94415360 bytes | Created Date = 12/22/2007 4:47:20 PM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 12/26/2007 8:58:04 PM | Attr = ]
QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Created Date = 12/26/2007 8:57:16 PM | Attr = ]
RegCure.lnk -> %AllUsersDesktop%\RegCure.lnk -> [Ver = | Size = 441 bytes | Created Date = 1/7/2008 2:38:49 AM | Attr = ]
Ad-Aware 2007.lnk -> %UserDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1900 bytes | Created Date = 1/6/2008 11:56:22 PM | Attr = ]
Ad-Watch 2007.lnk -> %UserDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1900 bytes | Created Date = 1/6/2008 11:56:19 PM | Attr = ]
autoruns.exe -> %UserDesktop%\autoruns.exe -> Sysinternals - www.sysinternals.com [Ver = 9.01 | Size = 599080 bytes | Created Date = 1/6/2008 10:09:36 PM | Attr = ]
ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1485915 bytes | Created Date = 1/6/2008 5:57:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 1/7/2008 5:37:26 PM | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/7/2008 5:34:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
IZArc.lnk -> %UserDesktop%\IZArc.lnk -> [Ver = | Size = 1492 bytes | Created Date = 1/6/2008 10:07:08 PM | Attr = ]
procexp.exe -> %UserDesktop%\procexp.exe -> Sysinternals [Ver = 11.04 | Size = 3564584 bytes | Created Date = 1/8/2008 8:36:23 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/14/2008 6:12:01 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 1/14/2008 6:11:21 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Apple -> %CommonProgramFiles%\Apple -> [Folder | Created Date = 12/26/2007 8:56:16 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 1/6/2008 11:55:35 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
49.tmp -> %SystemDrive%\49.tmp -> [Ver = | Size = 0 bytes | Modified Date = 1/6/2008 12:41:21 PM | Attr = ]
4A.tmp -> %SystemDrive%\4A.tmp -> [Ver = | Size = 0 bytes | Modified Date = 1/6/2008 12:41:23 PM | Attr = ]
4B.tmp -> %SystemDrive%\4B.tmp -> [Ver = | Size = 0 bytes | Modified Date = 1/6/2008 12:41:23 PM | Attr = ]
4C.tmp -> %SystemDrive%\4C.tmp -> [Ver = | Size = 0 bytes | Modified Date = 1/6/2008 12:41:24 PM | Attr = ]
4D.tmp -> %SystemDrive%\4D.tmp -> [Ver = | Size = 0 bytes | Modified Date = 1/6/2008 12:41:24 PM | Attr = ]
4E.tmp -> %SystemDrive%\4E.tmp -> [Ver = | Size = 0 bytes | Modified Date = 1/6/2008 12:41:25 PM | Attr = ]
4F.tmp -> %SystemDrive%\4F.tmp -> [Ver = | Size = 0 bytes | Modified Date = 1/6/2008 12:41:25 PM | Attr = ]
50.tmp -> %SystemDrive%\50.tmp -> [Ver = | Size = 0 bytes | Modified Date = 1/6/2008 12:41:26 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 1/7/2008 1:35:28 AM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/6/2008 11:56:49 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071812608 bytes | Modified Date = 1/14/2008 6:03:40 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/7/2008 5:37:26 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 1/6/2008 6:32:55 PM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 1/6/2008 10:17:10 PM | Attr = ]
tempdel.bat -> %SystemDrive%\tempdel.bat -> [Ver = | Size = 120 bytes | Modified Date = 1/6/2008 8:22:52 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/8/2008 6:19:57 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/6/2008 6:27:06 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 1/6/2008 6:27:06 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 1531936 bytes | Modified Date = 1/14/2008 6:10:32 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 18932 bytes | Modified Date = 1/14/2008 2:38:22 PM | Attr = HS]
klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Modified Date = 1/6/2008 8:11:04 PM | Attr = ]
klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Modified Date = 1/6/2008 8:11:04 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/7/2008 1:43:27 PM | Attr = ]
ardCo17 -> %System32%\ardCo17 -> [Folder | Modified Date = 1/6/2008 12:40:32 PM | Attr = ]
BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 55172 bytes | Modified Date = 1/14/2008 2:38:22 PM | Attr = ]
BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 55172 bytes | Modified Date = 1/14/2008 2:38:22 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/6/2008 9:12:11 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/11/2008 11:39:30 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/6/2008 8:59:30 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 1/6/2008 9:16:24 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/8/2008 2:51:21 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/9/2008 8:01:24 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 12/26/2007 8:56:29 PM | Attr = ]
DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 64980 bytes | Modified Date = 1/14/2008 2:38:22 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/7/2008 1:35:13 PM | Attr = ]
mp32s.sys -> %System32%\mp32s.sys -> [Ver = | Size = 54768 bytes | Modified Date = 1/6/2008 12:41:06 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 50257 bytes | Modified Date = 1/14/2008 6:05:49 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/7/2008 1:35:13 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 1/14/2008 2:38:22 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 1/14/2008 2:38:22 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/7/2008 1:35:13 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 53417 bytes | Modified Date = 1/14/2008 6:04:42 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/14/2008 2:15:34 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 1/13/2008 2:03:01 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 1/14/2008 6:03:36 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 11:45:42 AM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/7/2008 5:02:15 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/14/2008 6:03:46 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/7/2008 3:29:27 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 1/6/2008 6:22:02 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/8/2008 2:51:14 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/8/2008 2:51:23 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/6/2008 11:56:49 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 1/14/2008 6:14:58 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/7/2008 5:45:59 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/14/2008 6:12:28 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/6/2008 10:04:11 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/7/2008 1:11:37 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/14/2008 6:06:16 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/6/2008 9:18:37 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 1/7/2008 1:46:59 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/7/2008 1:35:28 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/8/2008 6:17:42 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/7/2008 2:38:54 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/14/2008 6:10:21 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1029 bytes | Modified Date = 1/7/2008 1:43:33 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 12/26/2007 8:56:40 PM | Attr = ]
Norton Internet Security - Run Full System Scan - Joe Radomski.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Joe Radomski.job -> [Ver = | Size = 636 bytes | Modified Date = 1/7/2008 9:07:18 PM | Attr = ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 452 bytes | Modified Date = 1/14/2008 6:05:37 PM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 386 bytes | Modified Date = 1/7/2008 2:38:54 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/14/2008 6:04:23 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersAppData%\Apple -> [Folder | Modified Date = 12/26/2007 8:56:15 PM | Attr = ]
Apple Computer -> %AllUsersAppData%\Apple Computer -> [Folder | Modified Date = 12/26/2007 8:57:45 PM | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 1/6/2008 11:56:11 PM | Attr = ]
MailFrontier -> %AllUsersAppData%\MailFrontier -> [Folder | Modified Date = 1/6/2008 6:29:55 PM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Modified Date = 1/14/2008 6:11:02 PM | Attr = ]
Apple Computer -> %UserAppData%\Apple Computer -> [Folder | Modified Date = 12/26/2007 8:58:10 PM | Attr = ]
MailFrontier -> %UserAppData%\MailFrontier -> [Folder | Modified Date = 1/6/2008 8:19:13 PM | Attr = ]
Apple -> %LocalAppData%\Apple -> [Folder | Modified Date = 12/26/2007 8:56:39 PM | Attr = ]
Apple Computer -> %LocalAppData%\Apple Computer -> [Folder | Modified Date = 12/26/2007 8:58:10 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 169984 bytes | Modified Date = 1/6/2008 4:12:59 PM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/6/2008 10:15:00 PM | Attr = ]
Doc1.doc -> %UserDocuments%\Doc1.doc -> [Ver = | Size = 221006848 bytes | Modified Date = 1/6/2008 1:05:34 AM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 12/26/2007 8:58:27 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 12/26/2007 9:39:12 PM | Attr = R ]
~$Doc1.doc -> %UserDocuments%\~$Doc1.doc -> [Ver = | Size = 162 bytes | Modified Date = 12/22/2007 4:04:35 PM | Attr = H ]
~WRD0005.tmp -> %UserDocuments%\~WRD0005.tmp -> [Ver = | Size = 94415360 bytes | Modified Date = 12/22/2007 4:47:47 PM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 1/14/2008 2:22:49 PM | Attr = ]
QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 12/26/2007 8:57:16 PM | Attr = ]
RegCure.lnk -> %AllUsersDesktop%\RegCure.lnk -> [Ver = | Size = 441 bytes | Modified Date = 1/7/2008 2:38:49 AM | Attr = ]
Ad-Aware 2007.lnk -> %UserDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1900 bytes | Modified Date = 1/6/2008 11:56:22 PM | Attr = ]
Ad-Watch 2007.lnk -> %UserDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1900 bytes | Modified Date = 1/6/2008 11:56:19 PM | Attr = ]
autoruns.exe -> %UserDesktop%\autoruns.exe -> Sysinternals - www.sysinternals.com [Ver = 9.01 | Size = 599080 bytes | Modified Date = 1/3/2008 10:40:24 AM | Attr = ]
ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1485915 bytes | Modified Date = 1/6/2008 5:57:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 1/7/2008 5:37:26 PM | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/7/2008 5:34:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
IZArc.lnk -> %UserDesktop%\IZArc.lnk -> [Ver = | Size = 1492 bytes | Modified Date = 1/6/2008 10:07:08 PM | Attr = ]
LJR -> %UserDesktop%\LJR -> [Folder | Modified Date = 1/7/2008 3:01:32 AM | Attr = R ]
Trillian.lnk -> %UserDesktop%\Trillian.lnk -> [Ver = | Size = 1622 bytes | Modified Date = 1/11/2008 7:38:39 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/14/2008 6:12:01 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 1/14/2008 6:11:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
zapSetup_70_462_000_en.exe -> %UserDesktop%\zapSetup_70_462_000_en.exe -> [Ver = | Size = 15666064 bytes | Modified Date = 1/6/2008 4:36:09 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\zapSetup_70_462_000_en.exe:Zone.Identifier
Apple -> %CommonProgramFiles%\Apple -> [Folder | Modified Date = 12/26/2007 8:56:16 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 1/8/2008 2:11:50 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/6/2008 11:55:35 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 1/8/2008 11:45:47 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 1/8/2008 11:45:47 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11070 bytes | Modified Date = 8/7/2006 11:58:43 AM | Attr = ]
VCExpress000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0\VCExpress000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 9/2/2007 11:38:44 AM | Attr = H ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:54 AM

Posted 14 January 2008 - 10:09 PM

Hi mojojo.

This is one hell of a list.

Lol. Yeah. I like to see the details :thumbsup:

Ok, let's get started. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
YN -> (FFI) FFI [Win32_Own | Auto | Stopped] -> %System32%\svchost.exe:exm.exe
[Registry - Non-Microsoft Only]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles]
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme]
[Files/Folders - Created Within 30 days]
NY -> 49.tmp -> %SystemDrive%\49.tmp
NY -> 4A.tmp -> %SystemDrive%\4A.tmp
NY -> 4B.tmp -> %SystemDrive%\4B.tmp
NY -> 4C.tmp -> %SystemDrive%\4C.tmp
NY -> 4D.tmp -> %SystemDrive%\4D.tmp
NY -> 4E.tmp -> %SystemDrive%\4E.tmp
NY -> 4F.tmp -> %SystemDrive%\4F.tmp
NY -> 50.tmp -> %SystemDrive%\50.tmp
NY -> mp32s.sys -> %System32%\mp32s.sys
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ~$Doc1.doc -> %UserDocuments%\~$Doc1.doc
NY -> ~WRD0005.tmp -> %UserDocuments%\~WRD0005.tmp
[Files/Folders - Modified Within 30 days]
NY -> 49.tmp -> %SystemDrive%\49.tmp
NY -> 4A.tmp -> %SystemDrive%\4A.tmp
NY -> 4B.tmp -> %SystemDrive%\4B.tmp
NY -> 4C.tmp -> %SystemDrive%\4C.tmp
NY -> 4D.tmp -> %SystemDrive%\4D.tmp
NY -> 4E.tmp -> %SystemDrive%\4E.tmp
NY -> 4F.tmp -> %SystemDrive%\4F.tmp
NY -> 50.tmp -> %SystemDrive%\50.tmp
NY -> mp32s.sys -> %System32%\mp32s.sys
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> ~$Doc1.doc -> %UserDocuments%\~$Doc1.doc
NY -> ~WRD0005.tmp -> %UserDocuments%\~WRD0005.tmp
[Empty Temp Folders]


The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware agin and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report (just use the default settings)
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 mojojo

mojojo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 15 January 2008 - 05:57 PM

When I ran the fix I got an error "Access violation at address 7C9EAD50 in module 'shell32.dll'. Read of address 00185000" at the end. Otherwise everything executed fine. However, I didn't see any .log files in the WinPFind3u/MovedFiles folder.

WinPFind35U report

WinPFind35 logfile created on: 1/15/2008 3:34:35 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\Joe Radomski\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1022.09 Mb Total Physical Memory | 466.36 Mb Available Physical Memory | 45.63% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.39 Gb Total Space | 146.14 Gb Free Space | 49.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 85.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded

Computer Name: DJ897HB1
Current User Name: Joe Radomski
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 1:19:28 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/1/2007 4:46:02 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
prismsvr.exe -> %System32%\PRISMSVR.exe -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 381014 bytes | Modified Date = 12/22/2005 6:15:46 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8440 | Size = 143436 bytes | Modified Date = 4/1/2006 12:54:00 AM | Attr = ]
ctdvddet.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/17/2003 11:00:00 PM | Attr = ]
prismsvc.exe -> %System32%\PRISMSVC.exe -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 61526 bytes | Modified Date = 12/22/2005 6:21:44 PM | Attr = ]
volpanel.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.52.0 | Size = 122880 bytes | Modified Date = 10/14/2005 9:01:06 AM | Attr = ]
dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.25.0 | Size = 49152 bytes | Modified Date = 11/4/2005 4:07:56 PM | Attr = ]
ctxfispi.exe -> %System32%\CTXFISPI.EXE -> Creative Technology Ltd [Ver = 1.0.21.1141 | Size = 717312 bytes | Modified Date = 3/2/2006 1:53:36 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 5:34:50 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460312 bytes | Modified Date = 6/18/2007 2:58:02 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
prismcfg.exe -> %ProgramFiles%\Dell Wireless\PRISMCFG.exe -> Dell Inc. [Ver = 2.03.17 | Size = 921704 bytes | Modified Date = 12/22/2005 7:14:54 PM | Attr = ]
mantispm.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe -> [Ver = 5, 0, 6, 8903 | Size = 804376 bytes | Modified Date = 5/11/2007 7:50:24 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr = ]
itunes.exe -> %ProgramFiles%\iTunes\iTunes.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 12/11/2007 12:10:18 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 10:07:32 AM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
(AutoSyncService) Memeo AutoSync [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Memeo\AutoSync\MemeoService.exe -> Memeo [Ver = 2.0.0.0 | Size = 31768 bytes | Modified Date = 7/6/2007 5:28:44 PM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(comHost) COM Host [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 1/12/2007 8:40:58 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Disabled | Stopped] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 11:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(ELService) Intel® Quick Resume Technology Drivers [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr = ]
(FFI) FFI [Win32_Own | Auto | Stopped] -> %System32%\svchost.exe:exm.exe -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 6:40:21 PM | Attr = ]
(IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 5:55:58 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 1/14/2007 12:11:06 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 7:51:10 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 9:26:40 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8440 | Size = 143436 bytes | Modified Date = 4/1/2006 12:54:00 AM | Attr = ]
(PRISMSVC) PRISMSVC [Win32_Shared | Auto | Running] -> %System32%\PRISMSVC.exe -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 61526 bytes | Modified Date = 12/22/2005 6:21:44 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/1/2007 4:46:02 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 1:19:28 AM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.25.0 | Size = 49152 bytes | Modified Date = 11/4/2005 4:07:56 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ]
CTDVDDET -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/17/2003 11:00:00 PM | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 5:34:50 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 5:34:50 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 86960 bytes | Modified Date = 3/20/2006 5:34:52 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8440 | Size = 7561216 bytes | Modified Date = 4/1/2006 12:54:00 AM | Attr = ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 1/14/2007 12:11:10 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 7:51:10 PM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/10/2000 11:00:00 PM | Attr = ]
VolPanel -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.52.0 | Size = 122880 bytes | Modified Date = 10/14/2005 9:01:06 AM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460312 bytes | Modified Date = 6/18/2007 2:58:02 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/16/2005 2:43:08 AM | Attr = HS]
%AllUsersStartup%\Wireless USB 2.0 WLAN Card Utility.lnk -> %ProgramFiles%\Dell Wireless\PRISMCFG.exe -> Dell Inc. [Ver = 2.03.17 | Size = 921704 bytes | Modified Date = 12/22/2005 7:14:54 PM | Attr = ]
< Joe Radomski Startup Folder > -> C:\Documents and Settings\Joe Radomski\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/16/2005 2:43:08 AM | Attr = HS]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [Ver = | Size = 111616 bytes | Modified Date = 7/26/2006 11:55:17 PM | Attr = ]
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
PRISMAPI.DLL -> %System32%\PRISMAPI.dll -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 450646 bytes | Modified Date = 12/22/2005 6:08:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 10:09:22 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 12:17:44 PM | Attr = ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 1/12/2007 12:04:50 AM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 5, 0, 6 | Size = 1098840 bytes | Modified Date = 6/18/2007 2:57:46 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 6156 | Size = 2133056 bytes | Modified Date = 11/17/2006 3:43:34 PM | Attr = R ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 6/14/2006 1:17:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 6156 | Size = 2133056 bytes | Modified Date = 11/17/2006 3:43:34 PM | Attr = R ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 5, 1, 6 | Size = 405504 bytes | Modified Date = 8/26/2004 10:27:32 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 10:09:22 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 6156 | Size = 2133056 bytes | Modified Date = 11/17/2006 3:43:34 PM | Attr = R ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 10:09:22 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0A5EFE83-88D8-4C4A-A441-10371A390A42} -> () ->
{1E38A768-8CD6-421B-8D08-A1A4B5917831} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{4ECE7F81-D95E-404D-AD2D-D66DE901F2D4} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{ABC15FA9-BE7B-49F4-9469-96A07B785D2C} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{DEA7C9AA-05C9-498A-995B-F87EB1D08CAD} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{F8B0DD48-F3E9-46CB-AAFA-06A06A022849} -> (Intel® PRO/1000 PL Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_03] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_03] ->



[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071812608 bytes | Created Date = 1/7/2008 1:54:58 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 1/6/2008 12:40:31 PM | Attr = ]
tempdel.bat -> %SystemDrive%\tempdel.bat -> [Ver = | Size = 120 bytes | Created Date = 1/6/2008 7:34:12 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 1929248 bytes | Created Date = 1/6/2008 8:10:53 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 23372 bytes | Created Date = 1/6/2008 8:10:53 PM | Attr = HS]
kl1.sys -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.18.0 | Size = 110360 bytes | Created Date = 1/6/2008 8:10:43 PM | Attr = ]
klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Created Date = 1/6/2008 8:11:04 PM | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.90 | Size = 119576 bytes | Created Date = 1/6/2008 8:10:43 PM | Attr = ]
klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Created Date = 1/6/2008 8:11:04 PM | Attr = ]
usbaapl.sys -> %System32%\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Created Date = 12/26/2007 8:56:29 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 1/7/2008 1:35:10 PM | Attr = ]
ardCo17 -> %System32%\ardCo17 -> [Folder | Created Date = 1/6/2008 12:40:32 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/7/2008 1:35:38 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 12/26/2007 8:56:29 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/7/2008 1:35:13 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 1/6/2008 8:10:35 PM | Attr = ]
mp32s.sys -> %System32%\mp32s.sys -> [Ver = | Size = 54768 bytes | Created Date = 1/6/2008 12:41:06 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 1/7/2008 1:35:13 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/7/2008 1:35:13 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 53417 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 83432 bytes | Created Date = 1/6/2008 8:09:31 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 394984 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 157160 bytes | Created Date = 1/6/2008 8:09:31 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 103912 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 275944 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 71144 bytes | Created Date = 1/6/2008 8:10:35 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 472552 bytes | Created Date = 1/6/2008 8:09:31 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 46568 bytes | Created Date = 1/6/2008 8:10:31 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 99816 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 83432 bytes | Created Date = 1/6/2008 8:10:34 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 71144 bytes | Created Date = 1/6/2008 8:10:34 PM | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 1/6/2008 5:31:14 PM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 1/7/2008 1:35:38 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/7/2008 3:29:25 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/7/2008 1:11:37 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/7/2008 1:11:37 PM | Attr = H ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75248 bytes | Created Date = 1/6/2008 8:11:09 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 12/26/2007 8:56:39 PM | Attr = ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 452 bytes | Created Date = 1/7/2008 2:38:54 AM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 386 bytes | Created Date = 1/7/2008 2:38:54 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 1/7/2008 1:35:28 AM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071812608 bytes | Modified Date = 1/15/2008 2:59:57 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/14/2008 11:04:30 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 1/6/2008 6:32:55 PM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 1/6/2008 10:17:10 PM | Attr = ]
tempdel.bat -> %SystemDrive%\tempdel.bat -> [Ver = | Size = 120 bytes | Modified Date = 1/6/2008 8:22:52 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/8/2008 6:19:57 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/6/2008 6:27:06 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 1/6/2008 6:27:06 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 1931296 bytes | Modified Date = 1/15/2008 3:34:47 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 23372 bytes | Modified Date = 1/15/2008 2:59:19 PM | Attr = HS]
klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Modified Date = 1/6/2008 8:11:04 PM | Attr = ]
klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Modified Date = 1/6/2008 8:11:04 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/7/2008 1:43:27 PM | Attr = ]
ardCo17 -> %System32%\ardCo17 -> [Folder | Modified Date = 1/6/2008 12:40:32 PM | Attr = ]
BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 55172 bytes | Modified Date = 1/15/2008 2:59:20 PM | Attr = ]
BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 55172 bytes | Modified Date = 1/15/2008 2:59:20 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/6/2008 9:12:11 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/15/2008 2:59:00 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/6/2008 8:59:30 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 1/6/2008 9:16:24 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/8/2008 2:51:21 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/9/2008 8:01:24 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 12/26/2007 8:56:29 PM | Attr = ]
DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 64980 bytes | Modified Date = 1/15/2008 2:59:20 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/7/2008 1:35:13 PM | Attr = ]
mp32s.sys -> %System32%\mp32s.sys -> [Ver = | Size = 54768 bytes | Modified Date = 1/6/2008 12:41:06 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 50257 bytes | Modified Date = 1/15/2008 3:00:53 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/7/2008 1:35:13 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 1/15/2008 2:59:20 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 1/15/2008 2:59:20 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/7/2008 1:35:13 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 53417 bytes | Modified Date = 1/15/2008 3:01:59 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/14/2008 2:15:34 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 1/15/2008 10:49:49 AM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 1/14/2008 6:03:36 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 11:45:42 AM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/7/2008 5:02:15 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/15/2008 3:00:03 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/7/2008 3:29:27 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 1/6/2008 6:22:02 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/8/2008 2:51:14 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/8/2008 2:51:23 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/14/2008 11:04:33 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 1/15/2008 3:31:18 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/7/2008 5:45:59 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/15/2008 3:01:34 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/6/2008 10:04:11 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/7/2008 1:11:37 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/15/2008 3:01:22 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/6/2008 9:18:37 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 1/7/2008 1:46:59 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/7/2008 1:35:28 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/8/2008 6:17:42 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/7/2008 2:38:54 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/15/2008 3:29:31 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1029 bytes | Modified Date = 1/7/2008 1:43:33 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 12/26/2007 8:56:40 PM | Attr = ]
Norton Internet Security - Run Full System Scan - Joe Radomski.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Joe Radomski.job -> [Ver = | Size = 636 bytes | Modified Date = 1/7/2008 9:07:18 PM | Attr = ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 452 bytes | Modified Date = 1/15/2008 3:00:42 PM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 386 bytes | Modified Date = 1/7/2008 2:38:54 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/15/2008 3:00:39 PM | Attr = H ]

< End of report >

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/15/2008 at 02:53 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 02:28:13

Memory items scanned : 519
Memory threats detected : 0
Registry items scanned : 7201
Registry threats detected : 0
File items scanned : 135764
File threats detected : 79

Adware.Tracking Cookie
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@livenation.122.2o7[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ehg-rodale.hitbox[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@trafficmp[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@revsci[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@metacafe.122.2o7[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@superstats[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@iacas.adbureau[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@tribalfusion[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@eas.apm.emediate[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ad1.clickhype[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@advertising[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads.associatedcontent[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@bellglobemediapublishing.122.2o7[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@realmedia[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ad.yieldmanager[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads.cnn[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@www.inthecrack[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@bs.serving-sys[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@cz8.clickzs[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@atdmt[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads.revsci[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@anat.tacoda[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@cz5.clickzs[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@be.sitestat[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@statcounter[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@doubleclick[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@specificclick[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads.pointroll[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@www4.addfreestats[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@adtech[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads.ak.facebook[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@be.sitestat[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@tacoda[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@www.belstat[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@precisionclick[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads.adbrite[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@rotator.adjuggler[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@affiliatetracking[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads.adgoto[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@adbrite[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@4.adbrite[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@3.adbrite[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@serving-sys[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@valueclick[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@atwola[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@adserver.easyad[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@videoegg.adbureau[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@statse.webtrendslive[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@mediaplex[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@interclick[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@cz7.clickzs[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@gostats[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@stat.onestat[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@cz3.clickzs[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@247realmedia[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads.madisonavenue[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads3.blastro[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@clicksor[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@collective-media[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@cz4.clickzs[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@tradedoubler[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@www.googleadservices[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@anad.tacoda[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@www.googleadservices[4].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@m1.webstats.motigo[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads.techguy[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@yadro[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@www.googleadservices[1].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@www.googleadservices[3].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ehg-groupernetworks.hitbox[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@ads4.blastro[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@partners.webmasterplan[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@crackle[2].txt
C:\Documents and Settings\Joe Radomski\Cookies\joe_radomski@zedo[1].txt

Unclassified.Unknown Origin/System
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINST2.HTM.VIR

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIST1.HTM.VIR

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:54 AM

Posted 15 January 2008 - 06:22 PM

Hi mojojo. Yeah, I think one of those files did not want to go quietly into the night lol. Let's try something else.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

drivers to unload:
FFI

Files to delete:
c:\windows\system32\mp32s.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your next reply and I will review it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 mojojo

mojojo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 15 January 2008 - 07:05 PM

I think it went well.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gjepkglf

*******************

Script file located at: \??\C:\WINDOWS\system32\kbvmpcjf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver FFI unloaded successfully.
File c:\windows\system32\mp32s.sys deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:54 AM

Posted 15 January 2008 - 07:15 PM

Hi mojojo. I think you are correct. That looks really good. Now run a new WinPFind35U scan using the default settings and we'll check to make sure everything is gone.

Also, let me know how things are running and if you are having any continuing issues.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:54 AM

Posted 15 January 2008 - 07:18 PM

Oh, one other thing you can add to the scan. Copy/paste the text in the codebox below into the textbox where it says Manual File or Registry Key Scans:

c:\windows\svchost.exe /s

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 mojojo

mojojo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 15 January 2008 - 10:30 PM

Thanks for the help OT.

WinPFind35 logfile created on: 1/15/2008 8:26:09 PM
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\Joe Radomski\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1022.09 Mb Total Physical Memory | 636.38 Mb Available Physical Memory | 62.26% Memory free
2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.39 Gb Total Space | 146.32 Gb Free Space | 49.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 85.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded

Computer Name: DJ897HB1
Current User Name: Joe Radomski
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 1:19:28 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/1/2007 4:46:02 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
prismsvr.exe -> %System32%\PRISMSVR.exe -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 381014 bytes | Modified Date = 12/22/2005 6:15:46 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8440 | Size = 143436 bytes | Modified Date = 4/1/2006 12:54:00 AM | Attr = ]
ctdvddet.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/17/2003 11:00:00 PM | Attr = ]
volpanel.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.52.0 | Size = 122880 bytes | Modified Date = 10/14/2005 9:01:06 AM | Attr = ]
prismsvc.exe -> %System32%\PRISMSVC.exe -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 61526 bytes | Modified Date = 12/22/2005 6:21:44 PM | Attr = ]
dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.25.0 | Size = 49152 bytes | Modified Date = 11/4/2005 4:07:56 PM | Attr = ]
ctxfispi.exe -> %System32%\CTXFISPI.EXE -> Creative Technology Ltd [Ver = 1.0.21.1141 | Size = 717312 bytes | Modified Date = 3/2/2006 1:53:36 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 5:34:50 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460312 bytes | Modified Date = 6/18/2007 2:58:02 PM | Attr = ]
prismcfg.exe -> %ProgramFiles%\Dell Wireless\PRISMCFG.exe -> Dell Inc. [Ver = 2.03.17 | Size = 921704 bytes | Modified Date = 12/22/2005 7:14:54 PM | Attr = ]
mantispm.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe -> [Ver = 5, 0, 6, 8903 | Size = 804376 bytes | Modified Date = 5/11/2007 7:50:24 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 1/6/2008 1:17:10 PM | Attr = ]
lucoms~1.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
aupdate.exe -> %ProgramFiles%\Symantec\LiveUpdate\AUPDATE.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 623984 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 484720 bytes | Modified Date = 9/12/2007 6:27:23 PM | Attr = ]
lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 484720 bytes | Modified Date = 9/12/2007 6:27:23 PM | Attr = ]
lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 484720 bytes | Modified Date = 9/12/2007 6:27:23 PM | Attr = ]
lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 484720 bytes | Modified Date = 9/12/2007 6:27:23 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 10:07:32 AM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
(AutoSyncService) Memeo AutoSync [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Memeo\AutoSync\MemeoService.exe -> Memeo [Ver = 2.0.0.0 | Size = 31768 bytes | Modified Date = 7/6/2007 5:28:44 PM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(comHost) COM Host [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 1/12/2007 8:40:58 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Disabled | Stopped] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 11:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(ELService) Intel® Quick Resume Technology Drivers [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 6:40:21 PM | Attr = ]
(IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 5:55:58 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 1/14/2007 12:11:06 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 7:51:10 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 9:26:40 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8440 | Size = 143436 bytes | Modified Date = 4/1/2006 12:54:00 AM | Attr = ]
(PRISMSVC) PRISMSVC [Win32_Shared | Auto | Running] -> %System32%\PRISMSVC.exe -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 61526 bytes | Modified Date = 12/22/2005 6:21:44 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/1/2007 4:46:02 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 1:19:28 AM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.25.0 | Size = 49152 bytes | Modified Date = 11/4/2005 4:07:56 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ]
CTDVDDET -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/17/2003 11:00:00 PM | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 5:34:50 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 5:34:50 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 86960 bytes | Modified Date = 3/20/2006 5:34:52 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8440 | Size = 7561216 bytes | Modified Date = 4/1/2006 12:54:00 AM | Attr = ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 1/14/2007 12:11:10 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 7:51:10 PM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/10/2000 11:00:00 PM | Attr = ]
VolPanel -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.52.0 | Size = 122880 bytes | Modified Date = 10/14/2005 9:01:06 AM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 6/21/2007 9:54:46 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460312 bytes | Modified Date = 6/18/2007 2:58:02 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/16/2005 2:43:08 AM | Attr = HS]
%AllUsersStartup%\Wireless USB 2.0 WLAN Card Utility.lnk -> %ProgramFiles%\Dell Wireless\PRISMCFG.exe -> Dell Inc. [Ver = 2.03.17 | Size = 921704 bytes | Modified Date = 12/22/2005 7:14:54 PM | Attr = ]
< Joe Radomski Startup Folder > -> C:\Documents and Settings\Joe Radomski\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/16/2005 2:43:08 AM | Attr = HS]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [Ver = | Size = 111616 bytes | Modified Date = 7/26/2006 11:55:17 PM | Attr = ]
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
PRISMAPI.DLL -> %System32%\PRISMAPI.dll -> Conexant Systems, Inc. [Ver = 2.03.17 | Size = 450646 bytes | Modified Date = 12/22/2005 6:08:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 10:09:22 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 12:17:44 PM | Attr = ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 1/12/2007 12:04:50 AM | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 5, 0, 6 | Size = 1098840 bytes | Modified Date = 6/18/2007 2:57:46 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 6156 | Size = 2133056 bytes | Modified Date = 11/17/2006 3:43:34 PM | Attr = R ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 6/14/2006 1:17:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 6156 | Size = 2133056 bytes | Modified Date = 11/17/2006 3:43:34 PM | Attr = R ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 5, 1, 6 | Size = 405504 bytes | Modified Date = 8/26/2004 10:27:32 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 10:09:22 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 6156 | Size = 2133056 bytes | Modified Date = 11/17/2006 3:43:34 PM | Attr = R ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 10:09:22 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0A5EFE83-88D8-4C4A-A441-10371A390A42} -> () ->
{1E38A768-8CD6-421B-8D08-A1A4B5917831} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{4ECE7F81-D95E-404D-AD2D-D66DE901F2D4} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{ABC15FA9-BE7B-49F4-9469-96A07B785D2C} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{DEA7C9AA-05C9-498A-995B-F87EB1D08CAD} -> (Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter) ->
{F8B0DD48-F3E9-46CB-AAFA-06A06A022849} -> (Intel® PRO/1000 PL Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_03] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_03] ->



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 1/15/2008 4:55:05 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071812608 bytes | Created Date = 1/7/2008 1:54:58 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 1/6/2008 12:40:31 PM | Attr = ]
tempdel.bat -> %SystemDrive%\tempdel.bat -> [Ver = | Size = 120 bytes | Created Date = 1/6/2008 7:34:12 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 2146336 bytes | Created Date = 1/6/2008 8:10:53 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 25484 bytes | Created Date = 1/6/2008 8:10:53 PM | Attr = HS]
kl1.sys -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.18.0 | Size = 110360 bytes | Created Date = 1/6/2008 8:10:43 PM | Attr = ]
klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Created Date = 1/6/2008 8:11:04 PM | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.90 | Size = 119576 bytes | Created Date = 1/6/2008 8:10:43 PM | Attr = ]
klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Created Date = 1/6/2008 8:11:04 PM | Attr = ]
usbaapl.sys -> %System32%\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Created Date = 12/26/2007 8:56:29 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 1/7/2008 1:35:10 PM | Attr = ]
ardCo17 -> %System32%\ardCo17 -> [Folder | Created Date = 1/6/2008 12:40:32 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/7/2008 1:35:38 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 12/26/2007 8:56:29 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/7/2008 1:35:13 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 1/6/2008 8:10:35 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 1/7/2008 1:35:13 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/7/2008 1:35:13 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 53417 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 83432 bytes | Created Date = 1/6/2008 8:09:31 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 394984 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 157160 bytes | Created Date = 1/6/2008 8:09:31 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 103912 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 275944 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 71144 bytes | Created Date = 1/6/2008 8:10:35 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 472552 bytes | Created Date = 1/6/2008 8:09:31 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 46568 bytes | Created Date = 1/6/2008 8:10:31 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 99816 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 83432 bytes | Created Date = 1/6/2008 8:10:34 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 71144 bytes | Created Date = 1/6/2008 8:10:34 PM | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 1/6/2008 5:31:14 PM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 1/6/2008 8:10:30 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 1/7/2008 1:35:38 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/7/2008 3:29:25 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/7/2008 1:11:37 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/7/2008 1:11:37 PM | Attr = H ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75248 bytes | Created Date = 1/6/2008 8:11:09 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 12/26/2007 8:56:39 PM | Attr = ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 452 bytes | Created Date = 1/7/2008 2:38:54 AM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 386 bytes | Created Date = 1/7/2008 2:38:54 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 1/15/2008 4:55:05 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 1/7/2008 1:35:28 AM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071812608 bytes | Modified Date = 1/15/2008 6:22:19 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/14/2008 11:04:30 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 1/6/2008 6:32:55 PM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 1/6/2008 10:17:10 PM | Attr = ]
tempdel.bat -> %SystemDrive%\tempdel.bat -> [Ver = | Size = 120 bytes | Modified Date = 1/6/2008 8:22:52 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/8/2008 6:19:57 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/6/2008 6:27:06 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 1/6/2008 6:27:06 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 2146336 bytes | Modified Date = 1/15/2008 8:25:57 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 25484 bytes | Modified Date = 1/15/2008 5:06:57 PM | Attr = HS]
klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Modified Date = 1/6/2008 8:11:04 PM | Attr = ]
klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Modified Date = 1/6/2008 8:11:04 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/7/2008 1:43:27 PM | Attr = ]
ardCo17 -> %System32%\ardCo17 -> [Folder | Modified Date = 1/6/2008 12:40:32 PM | Attr = ]
BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 55172 bytes | Modified Date = 1/15/2008 5:06:57 PM | Attr = ]
BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 55172 bytes | Modified Date = 1/15/2008 5:06:57 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/6/2008 9:12:11 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/15/2008 4:49:02 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/6/2008 8:59:30 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 1/6/2008 9:16:24 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/8/2008 2:51:21 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/15/2008 4:55:06 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 12/26/2007 8:56:29 PM | Attr = ]
DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 64980 bytes | Modified Date = 1/15/2008 5:06:57 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/7/2008 1:35:13 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 50257 bytes | Modified Date = 1/15/2008 6:23:11 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/7/2008 1:35:13 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 1/15/2008 5:06:57 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 1/15/2008 5:06:57 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/7/2008 1:35:13 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 53417 bytes | Modified Date = 1/15/2008 6:24:13 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/14/2008 2:15:34 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 1/15/2008 10:49:49 AM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 1/14/2008 6:03:36 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 11:45:42 AM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/7/2008 5:02:15 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/15/2008 6:22:24 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/7/2008 3:29:27 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 1/6/2008 6:22:02 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/8/2008 2:51:14 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/8/2008 2:51:23 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/14/2008 11:04:33 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 1/15/2008 8:21:44 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/7/2008 5:45:59 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/15/2008 4:55:30 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/6/2008 10:04:11 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/7/2008 1:11:37 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/15/2008 6:23:34 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/6/2008 9:18:37 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 1/7/2008 1:46:59 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/7/2008 1:35:28 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/15/2008 4:53:33 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/7/2008 2:38:54 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/15/2008 8:26:18 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1029 bytes | Modified Date = 1/7/2008 1:43:33 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/15/2008 3:37:02 PM | Attr = ]
Norton Internet Security - Run Full System Scan - Joe Radomski.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Joe Radomski.job -> [Ver = | Size = 636 bytes | Modified Date = 1/7/2008 9:07:18 PM | Attr = ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 452 bytes | Modified Date = 1/15/2008 6:22:59 PM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 386 bytes | Modified Date = 1/7/2008 2:38:54 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/15/2008 6:22:56 PM | Attr = H ]

[Manual Scans]
< c:\windows\svchost.exe /s >
svchost.exe -> c:\WINDOWS\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 1/6/2008 12:41:07 PM | Attr = ]
svchost.exe -> c:\WINDOWS\system32\dllcache\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 1/6/2008 12:41:07 PM | Attr = ]
< End of report >

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:54 AM

Posted 15 January 2008 - 11:02 PM

Hi mojojo. Everything looks fine in the log. Run the system for a couple of days and then let me know if there are any issues. From what I can see I'd say you are good to go :thumbsup:

Cheers.

TO
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 mojojo

mojojo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 19 January 2008 - 08:21 PM

Hi OT,

Everything seems fine. Thanks for your help.

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:54 AM

Posted 19 January 2008 - 08:59 PM

You are very welcome mojojo, I'm glad we could help. Youcan go ahead and delete any files that I had you download and any files/folders that they created. You are good to go :thumbsup:

I will now close this topic. If you have any new issues in the future please start a new topic.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users