Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijackthis Log Looks Weird?


  • Please log in to reply
7 replies to this topic

#1 dorm

dorm

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 08 January 2008 - 08:44 AM

First of Im new and i would like to say hi =)

Computer hardware info: Intel Core Duo T2050, 1 gb ddr2 ram, 80gb hard disk, 64mb integrated gfx (laptop)
Computer software info: Windows XP Media Center Edition SP2, running AVG Free 7.5.

~~~~
Problems:
Worried about my computer as my HJT log looks really weird, HJT mentioned something about large amount of hijack domains, delete the file itself than to fix each item, if you see the same IP address of each O1 item, delete C:\WINDOWS\system32\drivers\etc\hosts.

Another problem is, sometimes when i click start > shutdown, the shutdown menu does not appear, instead, explorer.exe closes and produced a "explorer.exe has encounted an error..." giving me a option to "close" it. 2 errors appear in total, complaining about explorer.exe.

Only when I click "close", explorer.exe automatically starts again, then i can shutdown normally.
~~~~

What I did:
Did a Lavasoft ad-aware scan (clean), AVG Free scan (detected "hosts" everytime i scanned and automatically fixed it by "changed"), Registry booster (clean), De-fragmented yesterday, Advanced Windows Care Personal (clean), scanned my HJT log using a online auto-analyzer, detected many "unsafe" items, but i do not know what to do exactly.

~~~~
Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:58 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\dllhost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <title>Welcome to Yahoo! GeoCities - Your Home on the Web &reg;</title>
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor=#ffffff>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table border=0 width=600 cellspacing=0 cellpadding=0><tr><td width="1%"><a href="http://geocities.yahoo.com/"><img
O1 - Hosts: src=http://us.i1.yimg.com/us.yimg.com/i/us/geo/ygeo.gif width=305 height=36 border=0 alt="Yahoo! GeoCities"></a></td><td><table border=0 cellspacing=0 cellpadding=0 width="100%"><tr><td align=right valign=bottom nowrap><font face=arial size=-1><a href="http://www.yahoo.com">Yahoo!</a>
O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>
O1 - Hosts: </font>
O1 - Hosts: </td></tr></table><hr size=1></td></tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table width=600 cellpadding=4 cellspacing=0 border=0>
O1 - Hosts: <tr bgcolor=003399><td><font face=arial size=+1 color=ffffff><b>Sorry, the site you requested is inactive.</b></font></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table width="600" border="0" cellspacing="0" cellpadding="0"><tr><td align=center valign=top>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr><td valign=top>
O1 - Hosts: <table width="100%" cellpadding=4 cellspacing=0 border=0 bgcolor=ffffee><tr><td valign=top>
O1 - Hosts: <font face=arial size=-1>
O1 - Hosts: This GeoCities site has been deactivated due to inactivity.
O1 - Hosts: <p>
O1 - Hosts: <strong>Are you the site owner?</strong> <br>
O1 - Hosts: <a href="http://geocities.yahoo.com/v/activate.html">Click here</a> to reactivate your site.
O1 - Hosts: <p>
O1 - Hosts: <strong>Are you a visitor?</strong> Try a search below.
O1 - Hosts: </font>
O1 - Hosts: <br><br>
O1 - Hosts: </td></tr></table></td></tr></table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table width="600" cellpadding=4 cellspacing=0 border=0 bgcolor=eeeeee><tr><td valign=top>
O1 - Hosts: <font face=arial size=-1><b>Search Yahoo! GeoCities</b></font></td></tr></table>
O1 - Hosts: <br><form action="http://geocities.yahoo.com/search" method=get>
O1 - Hosts: <input size=32 name=p value="">&nbsp;<input type=submit value="Search"><p>
O1 - Hosts: <p>
O1 - Hosts: <strong><font face=arial size=-1>Advanced GeoCities search options </font></strong>
O1 - Hosts: <p>
O1 - Hosts: <table border=0 cellpadding=2 cellspacing=0>
O1 - Hosts: <tr><td valign=top>
O1 - Hosts: <table border=0 cellpadding=1 cellspacing=0>
O1 - Hosts: <tr><td colspan=2><font face=arial size=-1><b>Option 1</b></font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=i checked></td><td><font face=arial size=-1>Intelligent default</font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=p></td><td><font face=arial size=-1>An exact phrase match</font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=a></td><td><font face=arial size=-1>Matches on all words (AND)</font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=o></td><td><font face=arial size=-1>Matches on any word (OR)</font></td></tr></table>
O1 - Hosts: </td><td>&nbsp;</td><td valign=top>
O1 - Hosts: <table border=0 cellpadding=1 cellspacing=0>
O1 - Hosts: <tr><td colspan=2><font face=arial size=-1><b>Option 2</b></font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=h value=c ></td><td><font face=arial size=-1>Yahoo! GeoCities Categories</font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=h value=s checked></td><td><font face=arial size=-1>Yahoo! GeoCities Web Sites</font></td></tr></table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </form>
O1 - Hosts: <p>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O1 - Hosts: <p><center><hr noshade size=1 width="675"><table border=0 cellpadding=0 cellspacing=0><tr><td align=center valign=bottom width="100%"><font size="-2" face=arial>Copyright &copy; 2004 <a href="http://www.yahoo.com" target="_top">Yahoo! Inc.</a> All rights reserved.<br><b>NOTICE: We collect personal information on this site. To learn more about how we use your information, see our <a href="http://privacy.yahoo.com/privacy/us/" target="_top">Yahoo Privacy Policy</a></b></font></td></tr></table></center>
O1 - Hosts: </body>
O1 - Hosts: </html>
O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - 8@38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: algs - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.110\CooLSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RemoteShutDown Service (RemShutDownSvc) - Unknown owner - C:\WINDOWS\System32\remsdnsv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 18678 bytes

Edited by dorm, 08 January 2008 - 08:44 AM.


BC AdBot (Login to Remove)

 


#2 dorm

dorm
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 12 January 2008 - 04:27 AM

upz
explorer.exe problem still unfixed

#3 dorm

dorm
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 15 January 2008 - 05:22 AM

Its been 5 days without a reply,
plus now i have this problem, when i shutdown, explorer.exe encounters an error, then explorer restarts then i can shut down, but my computer hangs at the blue screen which shows the windows logo and "windows is shutting down"
heres a fresh log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:51 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hamachi\hamachi.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <title>Welcome to Yahoo! GeoCities - Your Home on the Web &reg;</title>
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor=#ffffff>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table border=0 width=600 cellspacing=0 cellpadding=0><tr><td width="1%"><a href="http://geocities.yahoo.com/"><img
O1 - Hosts: src=http://us.i1.yimg.com/us.yimg.com/i/us/geo/ygeo.gif width=305 height=36 border=0 alt="Yahoo! GeoCities"></a></td><td><table border=0 cellspacing=0 cellpadding=0 width="100%"><tr><td align=right valign=bottom nowrap><font face=arial size=-1><a href="http://www.yahoo.com">Yahoo!</a>
O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>
O1 - Hosts: </font>
O1 - Hosts: </td></tr></table><hr size=1></td></tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table width=600 cellpadding=4 cellspacing=0 border=0>
O1 - Hosts: <tr bgcolor=003399><td><font face=arial size=+1 color=ffffff><b>Sorry, the site you requested is inactive.</b></font></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table width="600" border="0" cellspacing="0" cellpadding="0"><tr><td align=center valign=top>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr><td valign=top>
O1 - Hosts: <table width="100%" cellpadding=4 cellspacing=0 border=0 bgcolor=ffffee><tr><td valign=top>
O1 - Hosts: <font face=arial size=-1>
O1 - Hosts: This GeoCities site has been deactivated due to inactivity.
O1 - Hosts: <p>
O1 - Hosts: <strong>Are you the site owner?</strong> <br>
O1 - Hosts: <a href="http://geocities.yahoo.com/v/activate.html">Click here</a> to reactivate your site.
O1 - Hosts: <p>
O1 - Hosts: <strong>Are you a visitor?</strong> Try a search below.
O1 - Hosts: </font>
O1 - Hosts: <br><br>
O1 - Hosts: </td></tr></table></td></tr></table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table width="600" cellpadding=4 cellspacing=0 border=0 bgcolor=eeeeee><tr><td valign=top>
O1 - Hosts: <font face=arial size=-1><b>Search Yahoo! GeoCities</b></font></td></tr></table>
O1 - Hosts: <br><form action="http://geocities.yahoo.com/search" method=get>
O1 - Hosts: <input size=32 name=p value="">&nbsp;<input type=submit value="Search"><p>
O1 - Hosts: <p>
O1 - Hosts: <strong><font face=arial size=-1>Advanced GeoCities search options </font></strong>
O1 - Hosts: <p>
O1 - Hosts: <table border=0 cellpadding=2 cellspacing=0>
O1 - Hosts: <tr><td valign=top>
O1 - Hosts: <table border=0 cellpadding=1 cellspacing=0>
O1 - Hosts: <tr><td colspan=2><font face=arial size=-1><b>Option 1</b></font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=i checked></td><td><font face=arial size=-1>Intelligent default</font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=p></td><td><font face=arial size=-1>An exact phrase match</font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=a></td><td><font face=arial size=-1>Matches on all words (AND)</font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=o value=o></td><td><font face=arial size=-1>Matches on any word (OR)</font></td></tr></table>
O1 - Hosts: </td><td>&nbsp;</td><td valign=top>
O1 - Hosts: <table border=0 cellpadding=1 cellspacing=0>
O1 - Hosts: <tr><td colspan=2><font face=arial size=-1><b>Option 2</b></font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=h value=c ></td><td><font face=arial size=-1>Yahoo! GeoCities Categories</font></td></tr>
O1 - Hosts: <tr><td witdth=1% valign=top>&nbsp;<input type=radio name=h value=s checked></td><td><font face=arial size=-1>Yahoo! GeoCities Web Sites</font></td></tr></table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </form>
O1 - Hosts: <p>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O1 - Hosts: <p><center><hr noshade size=1 width="675"><table border=0 cellpadding=0 cellspacing=0><tr><td align=center valign=bottom width="100%"><font size="-2" face=arial>Copyright &copy; 2004 <a href="http://www.yahoo.com" target="_top">Yahoo! Inc.</a> All rights reserved.<br><b>NOTICE: We collect personal information on this site. To learn more about how we use your information, see our <a href="http://privacy.yahoo.com/privacy/us/" target="_top">Yahoo Privacy Policy</a></b></font></td></tr></table></center>
O1 - Hosts: </body>
O1 - Hosts: </html>
O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - 8@38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0724762B-B718-4CDA-90CA-8078FD53509D}: NameServer = 10.88.0.2
O17 - HKLM\System\CS4\Services\Tcpip\..\{0724762B-B718-4CDA-90CA-8078FD53509D}: NameServer = 10.88.0.2
O17 - HKLM\System\CS5\Services\Tcpip\..\{0724762B-B718-4CDA-90CA-8078FD53509D}: NameServer = 10.88.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: algs - Unknown owner - C:\WINDOWS\system32\algs.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.110\CooLSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RemoteShutDown Service (RemShutDownSvc) - Unknown owner - C:\WINDOWS\System32\remsdnsv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 18947 bytes

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:58 PM

Posted 18 January 2008 - 08:59 PM

Hello dorm and welcome to the BC HijackThis forum. There are a few things that we need to do and look at.

First we need to show all files to delete the current hosts file (it isn't valid).
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following file and delete it:
c:\windows\system32\drivers\etc\hosts
Next, let's use a different scanner and see what else it shows us. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 dorm

dorm
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 18 January 2008 - 10:47 PM

thanks for your help

WinPFind35 logfile created on: 1/19/2008 11:45:31 AM
WinPFind35U Version Beta23 Folder = C:\Documents and Settings\Admin\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

1014.04 Mb Total Physical Memory | 492.42 Mb Available Physical Memory | 48.56% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.21% Paging File free
Paging file location(s): C:\pagefile.sys 1524 1524;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.21 Gb Total Space | 17.90 Gb Free Space | 33.63% Space Free | Partition Type: NTFS
Drive D: | 53.70 Gb Total Space | 50.61 Gb Free Space | 94.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: KANG
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 11:29:00 AM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 11:31:32 AM | Attr = ]
sdmcp.exe -> %CommonProgramFiles%\Stardock\SDMCP.exe -> Stardock [Ver = 0, 0, 5, 11 | Size = 241664 bytes | Modified Date = 5/10/2005 1:31:22 PM | Attr = ]
edsloader.exe -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSloader.exe -> HiTRUST [Ver = 1, 20, 0, 0 | Size = 69632 bytes | Modified Date = 10/19/2005 9:30:16 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/21/2007 9:47:30 PM | Attr = ]
adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.70.000 | Size = 72704 bytes | Modified Date = 10/18/2007 3:26:10 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/21/2007 9:47:30 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/21/2007 9:47:35 PM | Attr = ]
admserv.exe -> %SystemDrive%\Acer\Empowering Technology\admServ.exe -> Avocent Inc. [Ver = 1.5.28.78 | Size = 1314816 bytes | Modified Date = 10/24/2005 4:40:52 PM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.1500 | Size = 266295 bytes | Modified Date = 1/17/2006 10:37:24 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.97.1 | Size = 49152 bytes | Modified Date = 5/18/2006 4:52:06 PM | Attr = ]
raysat_3dsmax9_32server.exe -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> [Ver = | Size = 65536 bytes | Modified Date = 9/29/2006 12:48:06 PM | Attr = ]
nmsaccessu.exe -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe -> [Ver = | Size = 71096 bytes | Modified Date = 10/12/2007 8:34:56 AM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 11:28:14 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 3/28/2007 9:00:18 PM | Attr = ]
widgetmanager.exe -> %ProgramFiles%\Stardock\Object Desktop\DesktopX\WidgetManager.exe -> [Ver = | Size = 73728 bytes | Modified Date = 6/10/2005 8:34:38 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 12/1/2007 3:46:35 PM | Attr = ]
desktopx.exe -> %ProgramFiles%\Stardock\Object Desktop\DesktopX\DesktopX.exe -> [Ver = | Size = 449024 bytes | Modified Date = 8/1/2006 12:23:00 AM | Attr = ]
dxwidget.exe -> %ProgramFiles%\Stardock\Object Desktop\DesktopX\DXWidget.exe -> [Ver = | Size = 515072 bytes | Modified Date = 8/1/2006 12:24:02 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 300032 bytes | Modified Date = 1/17/2008 12:16:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 6 | Size = 557056 bytes | Modified Date = 7/20/2007 3:21:34 PM | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2/13/2007 6:53:16 PM | Attr = ]
(algs) algs [Win32_Own | Auto | Stopped] -> %System32%\algs.exe -> File not found
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.70.000 | Size = 72704 bytes | Modified Date = 10/18/2007 3:26:10 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/21/2007 9:47:30 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/21/2007 9:47:35 PM | Attr = ]
(AWService) AdminWorks Agent X6 [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\admServ.exe -> Avocent Inc. [Ver = 1.5.28.78 | Size = 1314816 bytes | Modified Date = 10/24/2005 4:40:52 PM | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.1500 | Size = 266295 bytes | Modified Date = 1/17/2006 10:37:24 AM | Attr = ]
(CPUCooLServer) CPUCooLServer Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.110\CooLSrv.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 11:29:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/3/2007 12:32:14 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.97.1 | Size = 49152 bytes | Modified Date = 5/18/2006 4:52:06 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> File not found
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 2/16/2007 4:11:24 PM | Attr = ]
(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> [Ver = | Size = 65536 bytes | Modified Date = 9/29/2006 12:48:06 PM | Attr = ]
(NMSAccessU) NMSAccessU [Win32_Own | Auto | Running] -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe -> [Ver = | Size = 71096 bytes | Modified Date = 10/12/2007 8:34:56 AM | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 11:28:14 AM | Attr = ]
(RemShutDownSvc) RemoteShutDown Service [Win32_Own | On_Demand | Stopped] -> %System32%\remsdnsv.exe -> [Ver = | Size = 12800 bytes | Modified Date = 10/10/2007 9:44:56 PM | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPCap\rpcapd.exe -> CACE Technologies [Ver = 4.0.0.755 | Size = 93048 bytes | Modified Date = 1/26/2007 1:31:34 AM | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 11:31:32 AM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 6/5/2006 1:59:18 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 3/28/2007 9:00:18 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.9.0 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.9.0 | Size = 21275 bytes | Modified Date = 12/4/2006 1:22:14 PM | Attr = ]
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr = ]
(asc) asc [Kernel | Boot | Running] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 12/21/2007 9:47:38 PM | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 12/21/2007 9:47:45 PM | Attr = ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 12/21/2007 9:47:49 PM | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/21/2007 9:47:49 PM | Attr = ]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.37.0.0 built by: WinDDK | Size = 45312 bytes | Modified Date = 10/31/2005 2:17:00 PM | Attr = ]
(btaudio) Bluetooth Audio Device [Kernel | On_Demand | Running] -> %System32%\drivers\btaudio.sys -> Broadcom Corporation. [Ver = 5.0.1.1500 | Size = 328061 bytes | Modified Date = 1/17/2006 10:21:52 AM | Attr = ]
(BTDriver) Bluetooth Virtual Communications Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\btport.sys -> Broadcom Corporation. [Ver = 5.0.1.1500 | Size = 30459 bytes | Modified Date = 1/17/2006 10:15:36 AM | Attr = ]
(BTKRNL) Bluetooth Bus Enumerator [Kernel | On_Demand | Running] -> %System32%\drivers\btkrnl.sys -> Broadcom Corporation. [Ver = 5.0.1.1500 | Size = 850474 bytes | Modified Date = 1/17/2006 10:18:22 AM | Attr = ]
(BTSERIAL) Bluetooth Serial Driver [Kernel | Auto | Running] -> %System32%\drivers\btserial.sys -> Broadcom Corporation. [Ver = 5.0.1.1500 | Size = 23271 bytes | Modified Date = 1/17/2006 10:19:46 AM | Attr = ]
(BTWDNDIS) Bluetooth LAN Access Server [Kernel | On_Demand | Stopped] -> %System32%\drivers\btwdndis.sys -> Broadcom Corporation. [Ver = 5.0.1.1500 | Size = 148900 bytes | Modified Date = 1/17/2006 10:11:56 AM | Attr = ]
(btwmodem) Bluetooth Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\btwmodem.sys -> Broadcom Corporation. [Ver = 5.0.1.1500 | Size = 30285 bytes | Modified Date = 1/17/2006 10:15:26 AM | Attr = ]
(BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\btwusb.sys -> Broadcom Corporation. [Ver = 5.0.1.1500 | Size = 65688 bytes | Modified Date = 1/17/2006 10:14:52 AM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(cpuz126) cpuz126 [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Admin\LOCALS~1\Temp\cpuz.sys -> File not found
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(DKbFltr) Dritek Keyboard Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\DKbFltr.SYS -> Dritek System Inc. [Ver = 1, 3, 0, 0 | Size = 16896 bytes | Modified Date = 12/8/2004 2:10:00 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(EagleNT) EagleNT [Kernel | On_Demand | Stopped] -> %System32%\drivers\EagleNt.sys -> AhnLab, Inc. [Ver = 0,0,1,0 | Size = 357120 bytes | Modified Date = 11/16/2007 3:14:37 PM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.1.0.69 | Size = 383800 bytes | Modified Date = 2/6/2007 5:00:00 PM | Attr = ]
(EMSCR) EMSCR [Kernel | On_Demand | Running] -> %System32%\drivers\EMS7SK.sys -> ENE Technology Inc. [Ver = 1.07.04 built by: WinDDK | Size = 61056 bytes | Modified Date = 6/16/2006 7:17:36 PM | Attr = ]
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %System32%\drivers\Entech.sys -> EnTech Taiwan [Ver = 1.0 | Size = 21664 bytes | Modified Date = 10/25/2004 8:02:58 PM | Attr = ]
(EpmPsd) Acer EPM Power Scheme Driver [Kernel | Auto | Running] -> %System32%\drivers\epm-psd.sys -> Acer Value Labs, USA [Ver = 1.02 | Size = 4096 bytes | Modified Date = 1/23/2006 12:41:04 PM | Attr = ]
(EpmShd) Acer EPM System Hardware Driver [Kernel | Auto | Running] -> %System32%\drivers\epm-shd.sys -> Acer Value Labs, USA [Ver = 1.23 | Size = 78208 bytes | Modified Date = 1/23/2006 12:41:04 PM | Attr = ]
(ESDCR) ESDCR [Kernel | On_Demand | Running] -> %System32%\drivers\ESD7SK.sys -> ENE Technology Inc. [Ver = 1.07.04 built by: WinDDK | Size = 40064 bytes | Modified Date = 6/16/2006 7:17:38 PM | Attr = ]
(ESMCR) ESMCR [Kernel | On_Demand | Running] -> %System32%\drivers\ESM7SK.sys -> ENE Technology Inc. [Ver = 1.07.04 built by: WinDDK | Size = 74752 bytes | Modified Date = 6/16/2006 7:17:38 PM | Attr = ]
(ethertap) EtherTap Adapter [Kernel | On_Demand | Running] -> %System32%\drivers\ethertap.sys -> HotSwap Network Solutions [Ver = 1.6_beta6 4/25 (DEBUG) | Size = 21930 bytes | Modified Date = 7/6/2005 9:32:24 PM | Attr = ]
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %System32%\drivers\hamachi.sys -> Applied Networking Inc. [Ver = 5.9.9.8 | Size = 15440 bytes | Modified Date = 6/11/2007 11:33:54 PM | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows ® Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr = ]
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.34.00 | Size = 218496 bytes | Modified Date = 10/24/2005 10:20:52 AM | Attr = ]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.34.00 built by: WinDDK | Size = 998656 bytes | Modified Date = 10/18/2005 4:53:24 PM | Attr = ]
(hwinterface) hwinterface [Kernel | System | Running] -> %System32%\drivers\hwinterface.sys -> Logix4u [Ver = 5.00.2195.1620 | Size = 3026 bytes | Modified Date = 6/14/2007 2:05:40 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\igxpmp32.sys -> Intel Corporation [Ver = 6.14.10.4704 | Size = 1181824 bytes | Modified Date = 10/6/2006 2:24:00 PM | Attr = ]
(int15.sys) int15.sys [Kernel | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eRecovery\int15.sys -> [Ver = | Size = 69632 bytes | Modified Date = 1/13/2005 2:46:16 PM | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.0.5391 built by: WinDDK | Size = 4395008 bytes | Modified Date = 3/26/2007 7:21:06 PM | Attr = R ]
(krdpdre) krdpdre [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Admin\LOCALS~1\Temp\krdpdre.sys -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/5/2005 3:57:08 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(NdisFilt) OSA NdisFilter Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\NdisFilt.sys -> OSA Technologies [Ver = 1.00 | Size = 4392 bytes | Modified Date = 9/13/2005 3:34:40 PM | Attr = ]
(NETMNT) Acer NetMonitor Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\NETMNT.sys -> [Ver = | Size = 9600 bytes | Modified Date = 5/2/2005 12:13:42 PM | Attr = ]
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.80.5.0 | Size = 8704 bytes | Modified Date = 5/29/2006 8:26:36 AM | Attr = ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.80.5.0 | Size = 13312 bytes | Modified Date = 5/29/2006 8:26:36 AM | Attr = ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.80.5.0 | Size = 127488 bytes | Modified Date = 5/29/2006 8:26:38 AM | Attr = ]
(Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcj.sys -> Nokia [Ver = 6.80.5.0 | Size = 13312 bytes | Modified Date = 5/29/2006 8:26:36 AM | Attr = ]
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\npf.sys -> CACE Technologies [Ver = 4.0.0.755 | Size = 42000 bytes | Modified Date = 1/26/2007 1:31:34 AM | Attr = ]
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 6 | Size = 6144 bytes | Modified Date = 8/18/2006 10:40:50 PM | Attr = ]
(OsaFsLoc) OsaFsLoc [Kernel | System | Running] -> %System32%\drivers\OsaFsLoc.sys -> OSA Technologies [Ver = 2, 0, 2, 5 | Size = 12106 bytes | Modified Date = 10/15/2005 6:20:44 PM | Attr = ]
(osaio) osaio [Kernel | Auto | Running] -> %System32%\drivers\osaio.sys -> OSA Technologies, An Avocent Company [Ver = 5.00.2195.5438 | Size = 7296 bytes | Modified Date = 6/30/2005 4:58:24 PM | Attr = ]
(osanbm) osanbm [Kernel | Auto | Running] -> %System32%\drivers\osanbm.sys -> Windows ® 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 4010 bytes | Modified Date = 1/14/2005 3:57:16 PM | Attr = ]
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> system32\drivers\PalmUSBD.sys -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 5/31/2007 4:30:21 AM | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 10, 1, 0, 2 | Size = 13568 bytes | Modified Date = 11/28/2005 12:09:26 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 PM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr = ]
(SMCIRDA) SMSC IrCC Miniport Device Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\smcirda.sys -> SMSC [Ver = 5.1.3600.5 | Size = 46080 bytes | Modified Date = 10/31/2005 2:16:00 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(sptd) sptd [Kernel | Boot | Running] -> %System32%\drivers\sptd.sys -> [Ver = | Size = 646392 bytes | Modified Date = 3/8/2007 2:55:40 PM | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 8/19/2006 8:02:32 AM | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.19 03Mar06 | Size = 192672 bytes | Modified Date = 3/3/2006 12:52:30 PM | Attr = ]
(SysTool) SysTool Overclocking Utility [Kernel | System | Stopped] -> %System32%\drivers\SysTool.sys -> [Ver = 1.30 | Size = 24064 bytes | Modified Date = 11/10/2006 9:08:50 PM | Attr = ]
(TSP) TSP [Kernel | On_Demand | Stopped] -> %System32%\drivers\klif.sys -> File not found
(U3SHLPDR200) U3SHLPDR200 [Kernel | Auto | Running] -> %System32%\drivers\U3SHLPDR200.SYS -> [Ver = | Size = 4518 bytes | Modified Date = 2/7/2007 10:41:02 PM | Attr = ]
(UBHelper) UBHelper [Kernel | Boot | Running] -> %System32%\drivers\UBHelper.sys -> [Ver = | Size = 13952 bytes | Modified Date = 12/17/2004 5:14:44 PM | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
(VMnetAdapter) VMware Virtual Ethernet Adapter Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\vmnetadapter.sys -> File not found
(w39n51) Intel® PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\w39n51.sys -> Intel® Corporation [Ver = 10, 1, 1, 3 | Size = 1429632 bytes | Modified Date = 4/3/2006 12:17:24 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.34.00 built by: WinDDK | Size = 721280 bytes | Modified Date = 10/18/2005 4:52:30 PM | Attr = ]
(wip0203) Wippien Network Adapter 2.3 [Kernel | On_Demand | Running] -> %System32%\drivers\wip0203.sys -> Wippien Software [Ver = 1.2.2 2/2 built by: WinDDK | Size = 23224 bytes | Modified Date = 12/4/2007 5:06:22 PM | Attr = ]
(XDva004) XDva004 [Kernel | On_Demand | Stopped] -> %System32%\XDva004.sys -> File not found
(XDva011) XDva011 [Kernel | On_Demand | Stopped] -> %System32%\XDva011.sys -> File not found
(XDva033) XDva033 [Kernel | On_Demand | Stopped] -> %System32%\XDva033.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Acer ePower Management -> %SystemDrive%\Acer\Empowering Technology\ePower\Acer ePower Management.exe -> Acer Value Labs, Taiwan [Ver = 1.8.10.0 | Size = 3080704 bytes | Modified Date = 5/22/2006 12:54:00 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/21/2007 9:47:30 PM | Attr = ]
eDataSecurity Loader -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSloader.exe -> HiTRUST [Ver = 1, 20, 0, 0 | Size = 69632 bytes | Modified Date = 10/19/2005 9:30:16 AM | Attr = ]
KernelFaultCheck -> -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DesktopX -> %ProgramFiles%\Stardock\Object Desktop\DesktopX\DesktopX.exe -> [Ver = | Size = 449024 bytes | Modified Date = 8/1/2006 12:23:00 AM | Attr = ]
*MultiFile Done* -> ->
< Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/18/2006 9:54:26 PM | Attr = HS]
%UserStartup%\Stickies.lnk -> %ProgramFiles%\Stardock\Object Desktop\DesktopX\Widgets\Sticky Notes.exe -> [Ver = 1, 0, 0, 1 | Size = 88064 bytes | Modified Date = 7/17/2006 5:45:32 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/18/2006 9:54:26 PM | Attr = HS]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Stardock\MCPCore.dll [0aMCPClient] -> Stardock [Ver = 0, 0, 5, 4 | Size = 86016 bytes | Modified Date = 5/10/2005 1:31:20 PM | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [AVG Anti-Spyware 7.5] -> File not found
{C47A9554-195A-4769-9B13-04F15B450A39} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 155648 bytes | Modified Date = 10/6/2006 12:09:04 PM | Attr = ]
MCPClient -> %CommonProgramFiles%\Stardock\MCPStub.dll -> Stardock [Ver = 0, 0, 5, 2 | Size = 49152 bytes | Modified Date = 1/31/2005 3:13:38 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> ->
Hosts file not found -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://en.sg.acer.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1572 domain(s) found. ->
8 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
@49E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Download Manager\IDMIECC.dll [IDMIEHlprObj Class] -> Tonec Inc. [Ver = 5, 11, 0, 7 | Size = 95664 bytes | Modified Date = 9/28/2007 11:14:23 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 98 | Size = 1062184 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/3/2007 12:32:12 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/14/2007 6:27:17 PM | Attr = ]
{E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found
8@38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/3/2007 12:32:12 PM | Attr = R ]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/3/2007 12:32:12 PM | Attr = R ]
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/3/2007 12:32:12 PM | Attr = R ]
WebBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 98 | Size = 1062184 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 98 | Size = 1062184 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = ]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Download all links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 10/20/2003 6:13:13 PM | Attr = ]
Download all with Free Download Manager -> %ProgramFiles%\Free Download Manager\dlall.htm -> [Ver = | Size = 879 bytes | Modified Date = 7/5/2006 6:23:58 PM | Attr = ]
Download FLV video content with IDM -> %ProgramFiles%\Internet Download Manager\IEGetVL.htm -> [Ver = | Size = 278 bytes | Modified Date = 7/2/2007 2:19:10 PM | Attr = ]
Download selected with Free Download Manager -> %ProgramFiles%\Free Download Manager\dlselected.htm -> [Ver = | Size = 449 bytes | Modified Date = 5/18/2006 7:45:38 PM | Attr = ]
Download with Free Download Manager -> %ProgramFiles%\Free Download Manager\dllink.htm -> [Ver = | Size = 1058 bytes | Modified Date = 7/5/2006 6:20:08 PM | Attr = ]
Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 12/3/2004 12:31:09 AM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 5/29/2003 12:53:12 PM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0724762B-B718-4CDA-90CA-8078FD53509D} -> 10.88.0.2 () ->
{31666D9E-EB1D-4936-9BFE-1C2F3A964705} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{3FF3D7BB-2E96-4DB2-9298-4536AD26B95F} -> () ->
{68CEEA33-E41E-4365-AE13-9C59BF96AAC4} -> () ->
{76DF1F46-E5C3-40D9-89CA-3E5A2383AC5C} -> (Broadcom 440x 10/100 Integrated Controller) ->
{B78A52A1-AFAF-4299-82C6-1ACB8375385B} -> () ->
{B878CF30-DBE4-4000-A6E7-A8A37035D325} -> () ->
{C7FABDC9-F149-4E57-BE06-81F285F70CC5} -> (Windows Mobile-based Device) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab[MSN Photo Upload Tool] ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}[HKEY_LOCAL_MACHINE] -> http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx[Hotmail Attachments Control] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/16/2005 1:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 PM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1376 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> 2)_A_RUNNING Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 48605 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0\255.255 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0\255.255 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/14/2004 12:24:38 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe -> C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FlashGet\flashget.exe -> C:\Program Files\FlashGet\flashget.exe [C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetMeeting\conf.exe -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®] -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 1032192 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DAP\DAP.exe -> C:\Program Files\DAP\DAP.exe [C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sierra\FEAR\FEARServer.exe -> C:\Program Files\Sierra\FEAR\FEARServer.exe [C:\Program Files\Sierra\FEAR\FEARServer.exe:*:Enabled:F.E.A.R. Stand-Alone Server] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sierra\FEAR\fpupdate.exe -> C:\Program Files\Sierra\FEAR\fpupdate.exe [C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\mIRC\mirc.exe -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> mIRC Co. Ltd. [Ver = 6.21 | Size = 2076672 bytes | Modified Date = 11/23/2006 11:45:34 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_84431\Online Engine Server.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_84431\Online Engine Server.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_84431\Online Engine Server.exe:*:Enabled:Online Engine Server] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_3101\Online Engine.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_3101\Online Engine.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_3101\Online Engine.exe:*:Enabled:Online Engine] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_20738\Server.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_20738\Server.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_20738\Server.exe:*:Enabled:Server] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_39619\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_39619\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_39619\EasySock Example.exe:*:Enabled:EasySock Example] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68422\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68422\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68422\EasySock Example.exe:*:Enabled:EasySock Example] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_73874\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_73874\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_73874\EasySock Example.exe:*:Enabled:EasySock Example] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_86908\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_86908\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_86908\EasySock Example.exe:*:Enabled:EasySock Example] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_304\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_304\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_304\EasySock Example.exe:*:Enabled:EasySock Example] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_66991\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_66991\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_66991\EasySock Example.exe:*:Enabled:EasySock Example] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_83242\chat_direct.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_83242\chat_direct.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_83242\chat_direct.exe:*:Enabled:chat_direct] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13545\npc_direct.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13545\npc_direct.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13545\npc_direct.exe:*:Enabled:npc_direct] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_23532\hello_world_tcp.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_23532\hello_world_tcp.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_23532\hello_world_tcp.exe:*:Enabled:hello_world_tcp] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_70297\walk_tcp.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_70297\walk_tcp.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_70297\walk_tcp.exe:*:Enabled:walk_tcp] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_56513\Server.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_56513\Server.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_56513\Server.exe:*:Enabled:Server] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\dplaysvr.exe -> C:\WINDOWS\system32\dplaysvr.exe [C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30208 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_98256\Client.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_98256\Client.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_98256\Client.exe:*:Enabled:Client] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_96783\Client.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_96783\Client.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_96783\Client.exe:*:Enabled:Client] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_63219\game.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_63219\game.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_63219\game.exe:*:Enabled:game] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13492\lol.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13492\lol.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13492\lol.exe:*:Enabled:lol] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_10642\lol.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_10642\lol.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_10642\lol.exe:*:Enabled:lol] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68424\game.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68424\game.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68424\game.exe:*:Enabled:game] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_37991\PlatformOnlineExample.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_37991\PlatformOnlineExample.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_37991\PlatformOnlineExample.exe:*:Enabled:PlatformOnlineExample] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_90507\PlatformOnlineExample.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_90507\PlatformOnlineExample.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_90507\PlatformOnlineExample.exe:*:Enabled:PlatformOnlineExample] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Desktop\Ownage\Ownage\Ownage.exe -> C:\Documents and Settings\Admin\Desktop\Ownage\Ownage\Ownage.exe [C:\Documents and Settings\Admin\Desktop\Ownage\Ownage\Ownage.exe:*:Disabled:Ownage] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\utorrent\utorrent.exe -> C:\Program Files\utorrent\utorrent.exe [C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 177152 bytes | Modified Date = 2/17/2007 4:23:10 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Desktop\utorrent.exe -> C:\Documents and Settings\Admin\Desktop\utorrent.exe [C:\Documents and Settings\Admin\Desktop\utorrent.exe:*:Enabled:µTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6023.5000 | Size = 12831608 bytes | Modified Date = 5/25/2007 8:09:50 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\groove.exe -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/27/2006 3:37:44 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/27/2006 3:03:04 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 81920 bytes | Modified Date = 2/17/2006 6:03:17 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitDownload\BitDownload.exe -> C:\Program Files\BitDownload\BitDownload.exe [C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Gizmo Project\mDNSResponder.exe -> C:\Program Files\Gizmo Project\mDNSResponder.exe [C:\Program Files\Gizmo Project\mDNSResponder.exe:*:Enabled:Bonjour] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Gizmo Project\Gizmo.exe -> C:\Program Files\Gizmo Project\Gizmo.exe [C:\Program Files\Gizmo Project\Gizmo.exe:*:Enabled:Gizmo Project] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.2.0.175 | Size = 23237416 bytes | Modified Date = 7/2/2007 5:10:58 PM | Attr = R ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe -> C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe [C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit] -> Autodesk, Inc. [Ver = 9.0.0.100 | Size = 5946368 bytes | Modified Date = 9/29/2006 2:30:46 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 12/21/2007 9:47:30 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 12/21/2007 9:47:30 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/21/2007 9:47:30 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe -> C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe [C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 768512 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Wippien\Wippien.exe -> C:\Program Files\Wippien\Wippien.exe [C:\Program Files\Wippien\Wippien.exe:*:Enabled:Wippien] -> [Ver = 1, 8, 3, 223 | Size = 2260632 bytes | Modified Date = 1/12/2008 9:58:41 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0\255.255 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\55641:TCP -> 55641:TCP:*:Enabled:torrent ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\55641:UDP -> 55641:UDP:*:Enabled:torrent2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9842:TCP -> 9842:TCP:*:Disabled:SolidNetworkManager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9842:UDP -> 9842:UDP:*:Disabled:SolidNetworkManager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> 2)_A_RUNNING Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> 4)_D_STOPPED Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:50 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> 4)_D_STOPPED ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\0 -> Root\LEGACY_TLNTSVR\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = ->
0 -> Source = file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg ->
0 -> SubscribedURL = file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg ->
1 -> [Key] ->
1 -> FriendlyName = My Current Home Page ->
1 -> Source = About:Home ->
1 -> SubscribedURL = About:Home ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoUpdateCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\CurrentVersion\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\CurrentVersion\Identities\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\CurrentVersion\Identities\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\CurrentVersion\Identities\\Locked Down -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\NetCache\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Psched\\NonBestEffortLimit -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/19/2007 12:14:43 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/10/2004 8:00:00 PM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 8/10/2004 1:00:00 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
ĺ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\Scripts\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\\DisableAutoUpdate -> 1 ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Conferencing\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\ -> ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 12/21/2007 9:51:55 PM | Attr = RH ]
nph-proxy.cgi -> %SystemDrive%\nph-proxy.cgi -> [Ver = | Size = 476759 bytes | Created Date = 12/28/2007 4:47:37 PM | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Created Date = 12/30/2007 11:08:07 AM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/30/2007 11:08:07 AM | Attr = H ]
3cwmcru.sys -> %System32%\dllcache\3cwmcru.sys -> 3Com, Inc. [Ver = 1.44.008.0020 | Size = 762780 bytes | Created Date = 1/6/2008 8:37:25 PM | Attr = ]
3dfxvs.dll -> %System32%\dllcache\3dfxvs.dll -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 689216 bytes | Created Date = 1/6/2008 8:37:26 PM | Attr = ]
3dfxvsm.sys -> %System32%\dllcache\3dfxvsm.sys -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 148352 bytes | Created Date = 1/6/2008 8:37:26 PM | Attr = ]
a3d.dll -> %System32%\dllcache\a3d.dll -> Aureal Semiconductor [Ver = 2.09 | Size = 98304 bytes | Created Date = 1/6/2008 8:37:34 PM | Attr = ]
a3dapi.dll -> %System32%\dllcache\a3dapi.dll -> Aureal Inc. [Ver = 3.02 | Size = 462848 bytes | Created Date = 1/6/2008 8:37:35 PM | Attr = ]
ac97ali.sys -> %System32%\dllcache\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Created Date = 1/6/2008 8:37:36 PM | Attr = ]
ac97intc.sys -> %System32%\dllcache\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Created Date = 1/6/2008 8:37:37 PM | Attr = ]
ac97sis.sys -> %System32%\dllcache\ac97sis.sys -> Silicon Integrated Systems Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 297728 bytes | Created Date = 1/6/2008 8:37:38 PM | Attr = ]
ac97via.sys -> %System32%\dllcache\ac97via.sys -> VIA Technologies, Inc. [Ver = 5.10.00.3622 built by: WinDDK | Size = 84480 bytes | Created Date = 1/6/2008 8:37:39 PM | Attr = ]
acerscad.dll -> %System32%\dllcache\acerscad.dll -> Color Flatbed Scanner [Ver = 1, 0, 0, 0 | Size = 61440 bytes | Created Date = 1/6/2008 8:37:40 PM | Attr = ]
adm8511.sys -> %System32%\dllcache\adm8511.sys -> ADMtek Incorporated [Ver = 2.04.2001.0719 built by: WinDDK | Size = 20160 bytes | Created Date = 1/6/2008 8:37:42 PM | Attr = ]
adm8810.sys -> %System32%\dllcache\adm8810.sys -> Aureal, Inc. [Ver = 5.12.01.3500 | Size = 584448 bytes | Created Date = 1/6/2008 8:37:43 PM | Attr = ]
adm8820.sys -> %System32%\dllcache\adm8820.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 553984 bytes | Created Date = 1/6/2008 8:37:44 PM | Attr = ]
adm8830.sys -> %System32%\dllcache\adm8830.sys -> Aureal, Inc. [Ver = 5.12.01.2500 | Size = 747392 bytes | Created Date = 1/6/2008 8:37:45 PM | Attr = ]
admjoy.sys -> %System32%\dllcache\admjoy.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 10880 bytes | Created Date = 1/6/2008 8:37:46 PM | Attr = ]
adptsf50.sys -> %System32%\dllcache\adptsf50.sys -> Adaptec, Inc [Ver = V5.10.22 | Size = 46112 bytes | Created Date = 1/6/2008 8:37:48 PM | Attr = ]
adv01nt5.dll -> %System32%\dllcache\adv01nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 1/6/2008 8:37:50 PM | Attr = ]
adv02nt5.dll -> %System32%\dllcache\adv02nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 1/6/2008 8:37:50 PM | Attr = ]
adv05nt5.dll -> %System32%\dllcache\adv05nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 1/6/2008 8:37:51 PM | Attr = ]
adv07nt5.dll -> %System32%\dllcache\adv07nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 1/6/2008 8:37:51 PM | Attr = ]
adv08nt5.dll -> %System32%\dllcache\adv08nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 1/6/2008 8:37:51 PM | Attr = ]
adv09nt5.dll -> %System32%\dllcache\adv09nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 1/6/2008 8:37:52 PM | Attr = ]
adv11nt5.dll -> %System32%\dllcache\adv11nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 1/6/2008 8:37:52 PM | Attr = ]
ali5261.sys -> %System32%\dllcache\ali5261.sys -> Acer Laboratories Inc. [Ver = 5.01.2462.0102 | Size = 27678 bytes | Created Date = 1/6/2008 8:37:59 PM | Attr = ]
alifir.sys -> %System32%\dllcache\alifir.sys -> Acer Laboratories Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 26624 bytes | Created Date = 1/6/2008 8:38:00 PM | Attr = ]
amb8002.sys -> %System32%\dllcache\amb8002.sys -> AmbiCom, Inc. [Ver = v3.03 | Size = 16969 bytes | Created Date = 1/6/2008 8:38:01 PM | Attr = ]
an983.sys -> %System32%\dllcache\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Created Date = 1/6/2008 8:38:04 PM | Attr = ]
aspndis3.sys -> %System32%\dllcache\aspndis3.sys -> Bay Networks, Inc. [Ver = 3.23.11 | Size = 97354 bytes | Created Date = 1/6/2008 8:38:08 PM | Attr = ]
ati.sys -> %System32%\dllcache\ati.sys -> ATI Technologies, Inc. [Ver = 3.0.62 (XPClient.010817-1148) | Size = 77568 bytes | Created Date = 1/6/2008 8:38:11 PM | Attr = ]
ati1btxx.sys -> %System32%\dllcache\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 1/6/2008 8:38:12 PM | Attr = ]
ati1mdxx.sys -> %System32%\dllcache\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 1/6/2008 8:38:13 PM | Attr = ]
ati1pdxx.sys -> %System32%\dllcache\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 1/6/2008 8:38:15 PM | Attr = ]
ati1raxx.sys -> %System32%\dllcache\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 1/6/2008 8:38:16 PM | Attr = ]
ati1rvxx.sys -> %System32%\dllcache\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 1/6/2008 8:38:18 PM | Attr = ]
ati1snxx.sys -> %System32%\dllcache\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 1/6/2008 8:38:19 PM | Attr = ]
ati1ttxx.sys -> %System32%\dllcache\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 1/6/2008 8:38:21 PM | Attr = ]
ati1tuxx.sys -> %System32%\dllcache\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 1/6/2008 8:38:22 PM | Attr = ]
ati1xbxx.sys -> %System32%\dllcache\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 1/6/2008 8:38:23 PM | Attr = ]
ati1xsxx.sys -> %System32%\dllcache\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 1/6/2008 8:38:25 PM | Attr = ]
ati2cqag.dll -> %System32%\dllcache\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 1/6/2008 8:38:27 PM | Attr = ]
ati2dvaa.dll -> %System32%\dllcache\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 1/6/2008 8:38:28 PM | Attr = ]
ati2dvag.dll -> %System32%\dllcache\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 1/6/2008 8:38:28 PM | Attr = ]
ati2mtaa.sys -> %System32%\dllcache\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 1/6/2008 8:38:28 PM | Attr = ]
ati2mtag.sys -> %System32%\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 1/6/2008 8:38:30 PM | Attr = ]
ati3d1ag.dll -> %System32%\dllcache\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 1/6/2008 8:38:32 PM | Attr = ]
ati3duag.dll -> %System32%\dllcache\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 1/6/2008 8:38:32 PM | Attr = ]
atibt829.sys -> %System32%\dllcache\atibt829.sys -> [Ver = | Size = 46464 bytes | Created Date = 1/6/2008 8:38:33 PM | Attr = ]
atidrab.dll -> %System32%\dllcache\atidrab.dll -> ATI Technologies Inc. [Ver = 5.01.2195.5012 (ReleasedBinaries.010718-0005) | Size = 382592 bytes | Created Date = 1/6/2008 8:38:34 PM | Attr = ]
atidrae.dll -> %System32%\dllcache\atidrae.dll -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 137216 bytes | Created Date = 1/6/2008 8:38:34 PM | Attr = ]
atidvai.dll -> %System32%\dllcache\atidvai.dll -> ATI Technologies Inc. [Ver = 5.10.2280.1028 (ReleasedBinaries.010715-1631) | Size = 268160 bytes | Created Date = 1/6/2008 8:38:35 PM | Attr = ]
atimpab.sys -> %System32%\dllcache\atimpab.sys -> ATI Technologies Inc. [Ver = 5.00.2195.5007 (ReleasedBinaries.010718-0005) | Size = 289664 bytes | Created Date = 1/6/2008 8:38:38 PM | Attr = ]
atimpae.sys -> %System32%\dllcache\atimpae.sys -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 75136 bytes | Created Date = 1/6/2008 8:38:38 PM | Attr = ]
atimtai.sys -> %System32%\dllcache\atimtai.sys -> ATI Technologies Inc. [Ver = 5.13.01.1140 (ReleasedBinaries.010715-1631) | Size = 281600 bytes | Created Date = 1/6/2008 8:38:39 PM | Attr = ]
atinbtxx.sys -> %System32%\dllcache\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 1/6/2008 8:38:40 PM | Attr = ]
atinmdxx.sys -> %System32%\dllcache\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 1/6/2008 8:38:42 PM | Attr = ]
atinpdxx.sys -> %System32%\dllcache\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 1/6/2008 8:38:43 PM | Attr = ]
atinraxx.sys -> %System32%\dllcache\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 1/6/2008 8:38:45 PM | Attr = ]
atinrvxx.sys -> %System32%\dllcache\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 1/6/2008 8:38:47 PM | Attr = ]
atinsnxx.sys -> %System32%\dllcache\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 1/6/2008 8:38:48 PM | Attr = ]
atinttxx.sys -> %System32%\dllcache\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 1/6/2008 8:38:50 PM | Attr = ]
atintuxx.sys -> %System32%\dllcache\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 1/6/2008 8:38:52 PM | Attr = ]
atinxbxx.sys -> %System32%\dllcache\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 1/6/2008 8:38:53 PM | Attr = ]
atinxsxx.sys -> %System32%\dllcache\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 1/6/2008 8:38:55 PM | Attr = ]
atipcxxx.sys -> %System32%\dllcache\atipcxxx.sys -> [Ver = | Size = 10240 bytes | Created Date = 1/6/2008 8:38:56 PM | Attr = ]
atiraged.dll -> %System32%\dllcache\atiraged.dll -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 104832 bytes | Created Date = 1/6/2008 8:38:57 PM | Attr = ]
atiragem.sys -> %System32%\dllcache\atiragem.sys -> ATI Technologies Inc. [Ver = 5.1.2493.0 (Lab01_N(ericks).010612-1818) | Size = 70528 bytes | Created Date = 1/6/2008 8:38:58 PM | Attr = ]
atirtcap.sys -> %System32%\dllcache\atirtcap.sys -> [Ver = | Size = 49920 bytes | Created Date = 1/6/2008 8:38:58 PM | Attr = ]
atirtsnd.sys -> %System32%\dllcache\atirtsnd.sys -> [Ver = | Size = 26880 bytes | Created Date = 1/6/2008 8:38:59 PM | Attr = ]
atitunep.sys -> %System32%\dllcache\atitunep.sys -> [Ver = | Size = 17152 bytes | Created Date = 1/6/2008 8:39:01 PM | Attr = ]
atitvsnd.sys -> %System32%\dllcache\atitvsnd.sys -> [Ver = | Size = 17152 bytes | Created Date = 1/6/2008 8:39:02 PM | Attr = ]
ativdaxx.ax -> %System32%\dllcache\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 1/6/2008 8:39:03 PM | Attr = ]
ativmdcd.sys -> %System32%\dllcache\ativmdcd.sys -> [Ver = | Size = 9472 bytes | Created Date = 1/6/2008 8:39:04 PM | Attr = ]
ativmvxx.ax -> %System32%\dllcache\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 1/6/2008 8:39:05 PM | Attr = ]
ativtmxx.dll -> %System32%\dllcache\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 1/6/2008 8:39:05 PM | Attr = ]
ativttxx.sys -> %System32%\dllcache\ativttxx.sys -> [Ver = | Size = 19456 bytes | Created Date = 1/6/2008 8:39:06 PM | Attr = ]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 1/6/2008 8:37:10 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 12/21/2007 9:47:38 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 12/21/2007 9:47:45 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 12/21/2007 9:47:49 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 12/21/2007 9:47:49 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 12/21/2007 9:47:49 PM | Attr = ]
ethertap.sys -> %System32%\drivers\ethertap.sys -> HotSwap Network Solutions [Ver = 1.6_beta6 4/25 (DEBUG) | Size = 21930 bytes | Created Date = 1/10/2008 9:19:24 PM | Attr = ]
wip0203.sys -> %System32%\drivers\wip0203.sys -> Wippien Software [Ver = 1.2.2 2/2 built by: WinDDK | Size = 23224 bytes | Created Date = 1/10/2008 9:45:01 PM | Attr = ]
default_user_class.dat -> %System32%\default_user_class.dat -> [Ver = | Size = 262144 bytes | Created Date = 1/5/2008 11:23:05 AM | Attr = ]
idmmbc.dll -> %System32%\idmmbc.dll -> Tonec Inc. [Ver = 5, 11, 0, 4 | Size = 202160 bytes | Created Date = 12/20/2007 11:40:20 PM | Attr = ]
ImageOle.dll -> %System32%\ImageOle.dll -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Created Date = 12/20/2007 10:20:53 PM | Attr = ]
pgdfgsvc.exe -> %System32%\pgdfgsvc.exe -> Sysinternals - www.sysinternals.com [Ver = 2.31 | Size = 25992 bytes | Created Date = 1/3/2008 5:42:54 PM | Attr = ]
SkinMagic.dll -> %System32%\SkinMagic.dll -> Appspeed Inc. [Ver = 2, 4, 1, 1 | Size = 487479 bytes | Created Date = 1/12/2008 9:57:47 PM | Attr = ]
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Created Date = 1/3/2008 5:07:03 PM | Attr = ]
AW_XenoMorph1280.bmp -> %SystemRoot%\AW_XenoMorph1280.bmp -> [Ver = | Size = 3932214 bytes | Created Date = 1/3/2008 5:21:05 PM | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.0.3 | Size = 720896 bytes | Created Date = 1/3/2008 5:57:26 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/9/2008 5:47:51 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/9/2008 5:47:51 PM | Attr = H ]
Temp -> %SystemRoot%\Temp -> [Folder | Created Date = 12/27/2007 10:31:54 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 12/21/2007 9:47:26 PM | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Created Date = 12/21/2007 9:47:58 PM | Attr = ]
FileZilla -> %UserAppData%\FileZilla -> [Folder | Created Date = 12/28/2007 4:29:44 PM | Attr = ]
InstallShield -> %UserAppData%\InstallShield -> [Folder | Created Date = 12/20/2007 10:20:27 PM | Attr = ]
Wippien -> %UserAppData%\Wippien -> [Folder | Created Date = 1/12/2008 10:08:00 PM | Attr = ]
CDBurnerXP_Soft -> %LocalAppData%\CDBurnerXP_Soft -> [Folder | Created Date = 1/5/2008 3:47:35 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 2100820 bytes | Created Date = 1/19/2008 10:49:26 AM | Attr = H ]
cc_20080115_1846.reg -> %UserDocuments%\cc_20080115_1846.reg -> [Ver = | Size = 469814 bytes | Created Date = 1/15/2008 6:46:19 PM | Attr = ]
CDBurnerXP Projects -> %UserDocuments%\CDBurnerXP Projects -> [Folder | Created Date = 1/5/2008 3:47:35 PM | Attr = ]
My Google Gadgets -> %UserDocuments%\My Google Gadgets -> [Folder | Created Date = 1/3/2008 9:19:44 PM | Attr = ]
ss.rtf -> %UserDocuments%\ss.rtf -> [Ver = | Size = 97375 bytes | Created Date = 12/25/2007 10:32:23 PM | Attr = ]
Thumbs.db -> %UserDocuments%\Thumbs.db -> [Ver = | Size = 5120 bytes | Created Date = 1/5/2008 2:58:35 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 1/8/2008 9:43:38 PM | Attr = ]
KTEK4Danimatedwallpaper.zip -> %UserDesktop%\KTEK4Danimatedwallpaper.zip -> [Ver = | Size = 1584007 bytes | Created Date = 1/18/2008 6:57:24 PM | Attr = ]
psp -> %UserDesktop%\psp -> [Folder | Created Date = 12/28/2007 11:19:58 AM | Attr = H ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/19/2008 11:44:37 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 471422 bytes | Created Date = 1/19/2008 11:44:22 AM | Attr = ]
Wippien.lnk -> %UserDesktop%\Wippien.lnk -> [Ver = | Size = 628 bytes | Created Date = 1/12/2008 10:13:29 PM | Attr = ]
Stickies.lnk -> %UserStartup%\Stickies.lnk -> [Ver = | Size = 958 bytes | Created Date = 1/19/2008 11:10:56 AM | Attr = ]
Stardock -> %CommonProgramFiles%\Stardock -> [Folder | Created Date = 1/3/2008 5:07:00 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 1/7/2008 8:03:33 PM | Attr = RH ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 208 bytes | Modified Date = 1/3/2008 10:03:02 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/6/2008 10:25:39 AM | Attr = HS]
DOCS -> %SystemDrive%\DOCS -> [Folder | Modified Date = 1/15/2008 6:30:36 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 1/15/2008 6:45:08 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063374848 bytes | Modified Date = 1/19/2008 10:51:48 AM | Attr = HS]
nph-proxy.cgi -> %SystemDrive%\nph-proxy.cgi -> [Ver = | Size = 476759 bytes | Modified Date = 12/28/2007 4:47:48 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/15/2008 6:41:19 PM | Attr = R ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Modified Date = 12/30/2007 11:08:07 AM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/30/2007 11:08:07 AM | Attr = H ]
VALUEADD -> %SystemDrive%\VALUEADD -> [Folder | Modified Date = 1/15/2008 6:31:17 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/19/2008 10:53:28 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 12/21/2007 9:47:38 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 12/21/2007 9:47:45 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 12/21/2007 9:47:49 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/21/2007 9:47:49 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 12/21/2007 9:47:49 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/19/2008 11:44:15 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/18/2008 7:21:04 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/18/2008 7:07:38 PM | Attr = ]
default_user_class.dat -> %System32%\default_user_class.dat -> [Ver = | Size = 262144 bytes | Modified Date = 1/5/2008 11:23:06 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/18/2008 7:04:24 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/19/2008 10:53:40 AM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 1/15/2008 6:42:59 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 64262 bytes | Modified Date = 1/15/2008 6:51:40 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405878 bytes | Modified Date = 1/15/2008 6:51:40 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 477404 bytes | Modified Date = 1/15/2008 6:51:40 PM | Attr = ]
pgdfgsvc.exe -> %System32%\pgdfgsvc.exe -> Sysinternals - www.sysinternals.com [Ver = 2.31 | Size = 25992 bytes | Modified Date = 1/3/2008 5:42:54 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 1/18/2008 7:05:32 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 1/19/2008 10:54:16 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 3:35:49 PM | Attr = H ]
AW_XenoMorph1280.bmp -> %SystemRoot%\AW_XenoMorph1280.bmp -> [Ver = | Size = 3932214 bytes | Modified Date = 1/3/2008 5:22:59 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/19/2008 10:51:58 AM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 1/15/2008 6:42:58 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/10/2008 5:12:05 PM | Attr = S]
EPISME00.SWB -> %SystemRoot%\EPISME00.SWB -> [Ver = | Size = 9662 bytes | Modified Date = 12/31/2007 3:31:16 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/10/2008 9:45:06 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/6/2008 10:25:39 AM | Attr = HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.0.3 | Size = 720896 bytes | Modified Date = 1/3/2008 5:57:00 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/3/2008 10:12:17 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 4209 bytes | Modified Date = 1/6/2008 3:51:50 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/19/2008 11:44:38 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/3/2008 5:34:15 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/9/2008 5:47:51 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/17/2008 3:58:15 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/19/2008 10:54:03 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 12/21/2007 9:46:48 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 240 bytes | Modified Date = 1/3/2008 10:03:02 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/19/2008 10:43:04 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/19/2008 10:52:04 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 898 bytes | Modified Date = 1/18/2008 7:50:37 PM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 396 bytes | Modified Date = 1/17/2008 5:08:00 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/19/2008 10:52:03 AM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Modified Date = 1/19/2008 10:44:46 AM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 12/21/2007 9:47:26 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 1/18/2008 7:52:45 PM | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 1/19/2008 10:44:46 AM | Attr = ]
DMCache -> %UserAppData%\DMCache -> [Folder | Modified Date = 1/15/2008 9:51:38 PM | Attr = ]
FileZilla -> %UserAppData%\FileZilla -> [Folder | Modified Date = 1/12/2008 10:12:33 PM | Attr = ]
Free Download Manager -> %UserAppData%\Free Download Manager -> [Folder | Modified Date = 12/24/2007 8:23:50 AM | Attr = ]
Hamachi -> %UserAppData%\Hamachi -> [Folder | Modified Date = 1/18/2008 7:03:22 PM | Attr = ]
IDM -> %UserAppData%\IDM -> [Folder | Modified Date = 12/24/2007 8:23:05 AM | Attr = ]
InstallShield -> %UserAppData%\InstallShield -> [Folder | Modified Date = 12/20/2007 10:20:27 PM | Attr = ]
Macromedia -> %UserAppData%\Macromedia -> [Folder | Modified Date = 12/28/2007 1:09:57 PM | Attr = ]
uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 1/4/2008 10:00:09 PM | Attr = ]
Wippien -> %UserAppData%\Wippien -> [Folder | Modified Date = 1/12/2008 10:09:03 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 1/6/2008 10:13:53 AM | Attr = ]
Autodesk -> %LocalAppData%\Autodesk -> [Folder | Modified Date = 1/3/2008 5:51:31 PM | Attr = ]
CDBurnerXP_Soft -> %LocalAppData%\CDBurnerXP_Soft -> [Folder | Modified Date = 1/5/2008 3:47:35 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 238080 bytes | Modified Date = 1/15/2008 5:56:01 PM | Attr = ]
Google -> %LocalAppData%\Google -> [Folder | Modified Date = 1/3/2008 9:18:21 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 2100820 bytes | Modified Date = 1/19/2008 10:49:26 AM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/18/2008 7:00:05 PM | Attr = ]
Stardock -> %LocalAppData%\Stardock -> [Folder | Modified Date = 1/19/2008 10:45:04 AM | Attr = ]
MCE Logs -> %AllUsersDocuments%\MCE Logs -> [Folder | Modified Date = 12/22/2007 12:05:54 AM | Attr = HS]
AdobeStockPhotos -> %UserDocuments%\AdobeStockPhotos -> [Folder | Modified Date = 1/11/2008 4:38:27 PM | Attr = ]
Bluetooth Exchange Folder -> %UserDocuments%\Bluetooth Exchange Folder -> [Folder | Modified Date = 1/5/2008 2:58:35 PM | Attr = ]
cc_20080115_1846.reg -> %UserDocuments%\cc_20080115_1846.reg -> [Ver = | Size = 469814 bytes | Modified Date = 1/15/2008 6:46:28 PM | Attr = ]
CDBurnerXP Projects -> %UserDocuments%\CDBurnerXP Projects -> [Folder | Modified Date = 1/5/2008 3:47:35 PM | Attr = ]
KAK -> %UserDocuments%\KAK -> [Folder | Modified Date = 1/5/2008 2:58:36 PM | Attr = ]
My Google Gadgets -> %UserDocuments%\My Google Gadgets -> [Folder | Modified Date = 1/3/2008 9:30:43 PM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 1/19/2008 10:59:21 AM | Attr = S]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/5/2008 3:16:26 PM | Attr = S]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 559 bytes | Modified Date = 1/19/2008 10:55:08 AM | Attr = ]
My Stationery -> %UserDocuments%\My Stationery -> [Folder | Modified Date = 1/5/2008 2:58:35 PM | Attr = R S]
ss.rtf -> %UserDocuments%\ss.rtf -> [Ver = | Size = 97375 bytes | Modified Date = 12/25/2007 10:32:24 PM | Attr = ]
Thumbs.db -> %UserDocuments%\Thumbs.db -> [Ver = | Size = 5120 bytes | Modified Date = 1/5/2008 2:58:35 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable
Files -> %UserDesktop%\Files -> [Folder | Modified Date = 1/19/2008 11:10:18 AM | Attr = R ]
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 1/8/2008 9:43:39 PM | Attr = ]
KTEK4Danimatedwallpaper.zip -> %UserDesktop%\KTEK4Danimatedwallpaper.zip -> [Ver = | Size = 1584007 bytes | Modified Date = 1/18/2008 6:57:22 PM | Attr = ]
psp -> %UserDesktop%\psp -> [Folder | Modified Date = 12/28/2007 11:19:58 AM | Attr = H ]
WinCheat 1.5.lnk -> %UserDesktop%\WinCheat 1.5.lnk -> [Ver = | Size = 2341 bytes | Modified Date = 1/15/2008 3:48:44 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/19/2008 11:44:37 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 471422 bytes | Modified Date = 1/19/2008 11:44:26 AM | Attr = ]
Wippien.lnk -> %UserDesktop%\Wippien.lnk -> [Ver = | Size = 628 bytes | Modified Date = 1/12/2008 10:13:29 PM | Attr = ]
Stickies.lnk -> %UserStartup%\Stickies.lnk -> [Ver = | Size = 958 bytes | Modified Date = 1/19/2008 11:28:23 AM | Attr = ]
Autodesk Shared -> %CommonProgramFiles%\Autodesk Shared -> [Folder | Modified Date = 1/3/2008 5:51:31 PM | Attr = ]
Stardock -> %CommonProgramFiles%\Stardock -> [Folder | Modified Date = 1/19/2008 10:54:06 AM | Attr = ]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat -> [Ver = | Size = 268 bytes | Modified Date = 8/18/2006 10:00:52 PM | Attr = H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat -> [Ver = | Size = 268 bytes | Modified Date = 8/18/2006 10:06:28 PM | Attr = H ]
eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat -> [Ver = | Size = 268 bytes | Modified Date = 8/18/2006 10:06:54 PM | Attr = H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 12592 bytes | Modified Date = 1/19/2008 10:54:25 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 12592 bytes | Modified Date = 1/19/2008 10:54:25 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 12/18/2006 4:16:12 PM | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8400 bytes | Modified Date = 3/13/2007 11:11:16 AM | Attr = ]
VCSExpress000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VCSExpress\8.0\VCSExpress000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 11/10/2007 4:33:53 PM | Attr = H ]

< End of report >

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:58 PM

Posted 19 January 2008 - 06:04 AM

Hi dorm. It wasn't very bad at all. Let's clean it up. Please follow the steps below in order.

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YN -> (algs) algs [Win32_Own | Auto | Stopped] -> %System32%\algs.exe
YN -> (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe
YN -> (CPUCooLServer) CPUCooLServer Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.110\CooLSrv.exe
YN -> (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
[Driver Services - Non-Microsoft Only]
YN -> (cpuz126) cpuz126 [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Admin\LOCALS~1\Temp\cpuz.sys
YN -> (krdpdre) krdpdre [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Admin\LOCALS~1\Temp\krdpdre.sys
[Registry - Non-Microsoft Only]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles]
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.]
YN -> 8@38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.]
YN -> CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe -> C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FlashGet\flashget.exe -> C:\Program Files\FlashGet\flashget.exe [C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetMeeting\conf.exe -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DAP\DAP.exe -> C:\Program Files\DAP\DAP.exe [C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sierra\FEAR\FEARServer.exe -> C:\Program Files\Sierra\FEAR\FEARServer.exe [C:\Program Files\Sierra\FEAR\FEARServer.exe:*:Enabled:F.E.A.R. Stand-Alone Server]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sierra\FEAR\fpupdate.exe -> C:\Program Files\Sierra\FEAR\fpupdate.exe [C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_84431\Online Engine Server.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_84431\Online Engine Server.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_84431\Online Engine Server.exe:*:Enabled:Online Engine Server]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_3101\Online Engine.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_3101\Online Engine.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_3101\Online Engine.exe:*:Enabled:Online Engine]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_20738\Server.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_20738\Server.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_20738\Server.exe:*:Enabled:Server]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_39619\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_39619\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_39619\EasySock Example.exe:*:Enabled:EasySock Example]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68422\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68422\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68422\EasySock Example.exe:*:Enabled:EasySock Example]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_73874\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_73874\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_73874\EasySock Example.exe:*:Enabled:EasySock Example]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_86908\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_86908\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_86908\EasySock Example.exe:*:Enabled:EasySock Example]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_304\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_304\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_304\EasySock Example.exe:*:Enabled:EasySock Example]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_66991\EasySock Example.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_66991\EasySock Example.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_66991\EasySock Example.exe:*:Enabled:EasySock Example]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_83242\chat_direct.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_83242\chat_direct.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_83242\chat_direct.exe:*:Enabled:chat_direct]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13545\npc_direct.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13545\npc_direct.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13545\npc_direct.exe:*:Enabled:npc_direct]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_23532\hello_world_tcp.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_23532\hello_world_tcp.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_23532\hello_world_tcp.exe:*:Enabled:hello_world_tcp]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_70297\walk_tcp.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_70297\walk_tcp.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_70297\walk_tcp.exe:*:Enabled:walk_tcp]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_56513\Server.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_56513\Server.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_56513\Server.exe:*:Enabled:Server]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_98256\Client.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_98256\Client.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_98256\Client.exe:*:Enabled:Client]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_96783\Client.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_96783\Client.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_96783\Client.exe:*:Enabled:Client]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_63219\game.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_63219\game.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_63219\game.exe:*:Enabled:game]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13492\lol.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13492\lol.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_13492\lol.exe:*:Enabled:lol]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_10642\lol.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_10642\lol.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_10642\lol.exe:*:Enabled:lol]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68424\game.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68424\game.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_68424\game.exe:*:Enabled:game]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_37991\PlatformOnlineExample.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_37991\PlatformOnlineExample.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_37991\PlatformOnlineExample.exe:*:Enabled:PlatformOnlineExample]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_90507\PlatformOnlineExample.exe -> C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_90507\PlatformOnlineExample.exe [C:\Documents and Settings\Admin\Local Settings\Temp\gm_ttt_90507\PlatformOnlineExample.exe:*:Enabled:PlatformOnlineExample]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Desktop\Ownage\Ownage\Ownage.exe -> C:\Documents and Settings\Admin\Desktop\Ownage\Ownage\Ownage.exe [C:\Documents and Settings\Admin\Desktop\Ownage\Ownage\Ownage.exe:*:Disabled:Ownage]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Admin\Desktop\utorrent.exe -> C:\Documents and Settings\Admin\Desktop\utorrent.exe [C:\Documents and Settings\Admin\Desktop\utorrent.exe:*:Enabled:µTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitDownload\BitDownload.exe -> C:\Program Files\BitDownload\BitDownload.exe [C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Gizmo Project\mDNSResponder.exe -> C:\Program Files\Gizmo Project\mDNSResponder.exe [C:\Program Files\Gizmo Project\mDNSResponder.exe:*:Enabled:Bonjour]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Gizmo Project\Gizmo.exe -> C:\Program Files\Gizmo Project\Gizmo.exe [C:\Program Files\Gizmo Project\Gizmo.exe:*:Enabled:Gizmo Project]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
YN -> 0 -> [Key]
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report (use the options from my first post)
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 dorm

dorm
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 19 January 2008 - 11:33 PM

its been 5 hours and superantispyware is still scanning.
honestly this is the worst program ever, i cant do anything while its running, i cant even play a game, reason is it takes up freaking 800,000k ram and 50 CPU usage my computer slows into a pentium 1 computer..task manager takes ages to come out, firefox suddenly hangs when im typing. everytime i alt tab, my computer slows real bad.
should i stop the scan?

Edited by dorm, 19 January 2008 - 11:34 PM.


#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:58 PM

Posted 20 January 2008 - 02:14 PM

Hi dorm. You should not be running any other programs while an anti-virus/anti-spyware program is running, especially games. It just messes them up.

Reboot he machine into Safe Mode ( without Networking) and run the scan from there.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users