Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Logfile


  • Please log in to reply
6 replies to this topic

#1 ucladtv

ucladtv

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 10 January 2008 - 05:18 AM

Can someone please explain this to me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:04 AM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Gigaware\Gigaware Driver\4.06\MOUSE32A.EXE
C:\WINDOWS\system32\psyBNC21.exe
C:\WINDOWS\system32\icombat.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\system32\SYSTEMS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Documents\AOL Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Gigaware\Gigaware Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [WLAN] SYSTEMS.EXE
O4 - HKLM\..\Run: [psyBNC-2.1.4 Client Server] C:\WINDOWS\system32\psyBNC21.exe
O4 - HKLM\..\Run: [Windows Services Agent] icombat.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [windows service] yahooupdate.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\RunServices: [psyBNC-2.1.4 Client Server] C:\WINDOWS\system32\psyBNC21.exe
O4 - HKLM\..\RunServices: [Windows Services Agent] icombat.exe
O4 - HKLM\..\RunServices: [windows service] yahooupdate.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Services Agent] icombat.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [WLAN] SYSTEMS.EXE
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.att.net
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10541 bytes

BC AdBot (Login to Remove)

 


m

#2 ucladtv

ucladtv
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 10 January 2008 - 10:05 PM

How do I get my log file read? am I doing something wrong? I have never posted here before.
I posted log from one computer with no answer. I also posted my daughters log and that one was moved?
I have seen people post there hijackthis log and get answered and thought I was doing the same thing.
But so far I am 0 for 2, haha. Can someone point me in the right direction?

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:48 PM

Posted 23 January 2008 - 03:02 PM

Hello ucladtv and welcome to the BC HijackThis forum. Let's look a little deeper and see what we find.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Session Manager Settings
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 ucladtv

ucladtv
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 24 January 2008 - 02:20 AM

Hi , Here are my results.

WinPFind35 logfile created on: 1/23/2008 10:09:15 PM
WinPFind35U Version Beta35 Folder = C:\Documents and Settings\Owner\My Documents\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

446.98 Mb Total Physical Memory | 179.89 Mb Available Physical Memory | 40.24% Memory free
1.08 Gb Paging File | 0.57 Gb Available in Paging File | 53.29% Paging File free
Paging file location(s): c:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.92 Gb Total Space | 9.56 Gb Free Space | 34.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: NOTEBOOK-4BZAO8
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 6:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 5:00:16 AM | Attr = ]
acsd.exe -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,22,1 | Size = 1388648 bytes | Modified Date = 9/16/2003 4:55:36 PM | Attr = ]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 2:53:44 PM | Attr = ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr = ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr = ]
tivobeacon.exe -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.2 | Size = 853504 bytes | Modified Date = 12/30/2004 12:11:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:27:44 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 4:59:53 AM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 1:38:18 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.6.0 05Jul02 | Size = 557056 bytes | Modified Date = 7/5/2002 1:55:58 PM | Attr = R ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 5:00:23 AM | Attr = ]
mouse32a.exe -> %ProgramFiles%\Gigaware\Gigaware Driver\4.06\Mouse32A.exe -> [Ver = 3.0.1.0 | Size = 356352 bytes | Modified Date = 11/8/2001 10:47:50 PM | Attr = ]
tivoserver.exe -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe -> TiVo Inc. [Ver = 1.1 | Size = 1759232 bytes | Modified Date = 12/30/2004 12:13:58 PM | Attr = ]
tivotransfer.exe -> %CommonProgramFiles%\TiVo Shared\Transfer\TivoTransfer.exe -> TiVo Inc. [Ver = 1.0 | Size = 1156096 bytes | Modified Date = 12/30/2004 12:12:18 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/19/2007 4:19:57 AM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.6.0 05Jul02 | Size = 126976 bytes | Modified Date = 7/5/2002 1:57:06 PM | Attr = R ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 11/30/2006 9:49:06 PM | Attr = ]
winpfind35u.exe -> %UserDocuments%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/23/2008 9:52:22 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,22,1 | Size = 1388648 bytes | Modified Date = 9/16/2003 4:55:36 PM | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 6:36:33 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 5:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 4:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 4:59:01 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> File not found
(ccPwdSvc) Symantec Password Validation Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> File not found
(ccPxySvc) Symantec Proxy Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Norton Internet Security\ccPxySvc.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
(HPConfig) HP Configuration Interface Service [Win32_Own | Disabled | Stopped] -> %System32%\HPConfig.exe -> Hewlett-Packard [Ver = 3, 0, 1, 8 | Size = 151552 bytes | Modified Date = 8/15/2002 10:10:58 AM | Attr = ]
(HPWirelessMgr) HPWirelessMgr [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Utilities\Notebook Utilities\HPWirelessMgr.exe -> Hewlett-Packard Co. [Ver = 1, 0, 0, 7 | Size = 53248 bytes | Modified Date = 7/25/2002 3:18:00 PM | Attr = ]
(Intel PDS) Intel PDS [Win32_Own | Disabled | Stopped] -> -> File not found
(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Norton AntiVirus\navapsvc.exe -> File not found
(NISUM) Norton Internet Security Accounts Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Norton Internet Security\NISUM.EXE -> File not found
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe -> File not found
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 2:53:44 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 214672 bytes | Modified Date = 9/19/2005 10:24:20 AM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> File not found
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.2 | Size = 853504 bytes | Modified Date = 12/30/2004 12:11:20 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:27:44 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(a347bus) a347bus [Kernel | Boot | Running] -> %System32%\drivers\a347bus.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 160640 bytes | Modified Date = 4/30/2004 9:37:02 AM | Attr = ]
(a347scsi) a347scsi [Kernel | Boot | Running] -> %System32%\drivers\a347scsi.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 4/30/2004 9:33:00 AM | Attr = ]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 6:49:02 AM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/23/2001 4:00:00 AM | Attr = ]
(ALiIRDA) ALi Infrared Device Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\aliirda.sys -> Acer Laboratories Inc. [Ver = 5,01,2600,0126 built by: WinDDK | Size = 26112 bytes | Modified Date = 12/17/2001 10:54:32 PM | Attr = ]
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 6:55:46 AM | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 6:53:39 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 6:51:52 AM | Attr = ]
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi.sys -> [Ver = | Size = 95360 bytes | Modified Date = 8/3/2004 9:59:42 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6436 | Size = 701952 bytes | Modified Date = 5/15/2004 5:29:12 PM | Attr = ]
(caboagp) ATI Cabo AGP Filter [Kernel | Boot | Running] -> %System32%\drivers\atisgkaf.SYS -> ATI Technologies Inc. [Ver = 5.00.2195.1003 | Size = 23602 bytes | Modified Date = 7/18/2002 12:07:50 PM | Attr = ]
(CALIAUD) Conexant AMC 3D Environmental Audio [Kernel | On_Demand | Running] -> %System32%\drivers\caliaud.sys -> Conexant Systems Inc. [Ver = 6.13.10.8282 | Size = 292352 bytes | Modified Date = 2/17/2004 4:58:40 PM | Attr = ]
(CALIHALA) CALIHALA [Kernel | On_Demand | Running] -> %System32%\drivers\calihal.sys -> Conexant Systems Inc. [Ver = 6.13.10.8282 | Size = 273536 bytes | Modified Date = 2/17/2004 4:59:18 PM | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~2\Owner\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(cdrbsvsd) cdrbsvsd [Kernel | System | Running] -> %System32%\drivers\cdrbsvsd.sys -> B.H.A Corporation [Ver = 7. 0. 0. 5 | Size = 13566 bytes | Modified Date = 12/3/2003 4:44:58 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(DirectPort) DirectPort [Kernel | On_Demand | Stopped] -> %System32%\drivers\DirectPort.sys -> eBit Soft [Ver = 1, 0, 0, 0 | Size = 4946 bytes | Modified Date = 10/21/2004 12:52:25 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 10:07:17 PM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 10:07:16 PM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 4:00:00 AM | Attr = ]
(DP83815) National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\DP83815.sys -> National Semiconductor Corp. [Ver = 5.00.140.1 | Size = 19112 bytes | Modified Date = 5/4/2004 1:24:48 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> VERITAS Software, Inc. [Ver = 3.21.29a | Size = 81552 bytes | Modified Date = 6/5/2002 2:21:00 AM | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> VERITAS Software, Inc. [Ver = 2.56.25a | Size = 40368 bytes | Modified Date = 6/6/2002 1:56:00 AM | Attr = ]
(giveio) giveio [Kernel | On_Demand | Stopped] -> %System32%\giveio.sys -> [Ver = | Size = 5248 bytes | Modified Date = 5/11/2004 11:01:43 AM | Attr = ]
(HPCI) HP Configuration Interface [Kernel | On_Demand | Running] -> %System32%\drivers\hpci.sys -> Hewlett-Packard [Ver = 3, 0, 0, 3 | Size = 14504 bytes | Modified Date = 7/17/2002 10:09:12 AM | Attr = ]
(HPGate) HPGate [Kernel | Auto | Running] -> %System32%\drivers\Hpgate.sys -> Hewlett-Packard Co. [Ver = 4.5.20 | Size = 6848 bytes | Modified Date = 7/18/2002 4:02:12 PM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] -> -> File not found
(HSFHWALI) HSFHWALI [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWALI.sys -> Conexant Systems, Inc. [Ver = 6.02.05 | Size = 179712 bytes | Modified Date = 5/21/2003 2:33:54 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 6.02.05 | Size = 1063040 bytes | Modified Date = 5/21/2003 2:31:22 PM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(irda) IrDA Protocol [Kernel | Auto | Stopped] -> System32\DRIVERS\irda.sys -> File not found
(ISLP2) Intersil 802.11 Wireless LAN Driver [Kernel | On_Demand | Running] -> %System32%\drivers\islp2nds.sys -> Intersil Americas Inc. [Ver = 2.00.10 | Size = 611840 bytes | Modified Date = 10/3/2002 4:07:00 PM | Attr = ]
(KBFiltr) Dritek HotKey Keyboard Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\KBFILTR.SYS -> Dritek System Inc. [Ver = 2, 0, 5, 1 | Size = 14643 bytes | Modified Date = 4/1/2002 4:05:08 PM | Attr = ]
(Ke386IO) Ke386IO [Kernel | On_Demand | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LEX_NIC_SERVICE) IEEE 802.11 Wireless NIC Win2000 Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\Express.sys -> LAN-Express [Ver = 1.07.29.020118 built by: WinDDK | Size = 57344 bytes | Modified Date = 1/18/2002 11:00:00 AM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 12:48:08 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NAVAP) NAVAP [Kernel | On_Demand | Stopped] -> -> File not found
(NAVAPEL) NAVAPEL [Kernel | Auto | Stopped] -> -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> -> File not found
(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 4:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.11B | Size = 46080 bytes | Modified Date = 5/16/2006 12:23:54 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(SAVRT) SAVRT [Kernel | On_Demand | Stopped] -> %System32%\Drivers\SAVRT.SYS -> File not found
(SAVRTPEL) SAVRTPEL [Kernel | Auto | Stopped] -> %System32%\Drivers\SAVRTPEL.SYS -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> VERITAS Software, Inc. [Ver = 1.10.57a | Size = 5589 bytes | Modified Date = 6/19/2002 8:43:44 AM | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> VERITAS Software, Inc. [Ver = 1.10.57a | Size = 22995 bytes | Modified Date = 6/19/2002 8:42:58 AM | Attr = ]
(StreamDispatcher) StreamDispatcher [Kernel | Auto | Running] -> %System32%\drivers\strmdisp.sys -> Conexant Systems, Inc. [Ver = 6.02.05 built by: WinDDK | Size = 30592 bytes | Modified Date = 5/21/2003 2:35:56 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SYMDNS) SYMDNS [Kernel | On_Demand | Stopped] -> %System32%\Drivers\SYMDNS.SYS -> File not found
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> File not found
(SYMFW) SYMFW [Kernel | On_Demand | Stopped] -> %System32%\Drivers\SYMFW.SYS -> File not found
(SYMIDS) SYMIDS [Kernel | On_Demand | Stopped] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 6.0.0.99 | Size = 31888 bytes | Modified Date = 9/19/2005 10:23:40 AM | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050512.030\symidsco.sys -> File not found
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Stopped] -> %System32%\Drivers\SYMNDIS.SYS -> File not found
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> %System32%\Drivers\SYMREDRV.SYS -> File not found
(SYMTDI) SYMTDI [Kernel | System | Stopped] -> %System32%\Drivers\SYMTDI.SYS -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 6.6.0 05Jul02 | Size = 261904 bytes | Modified Date = 7/5/2002 1:44:18 PM | Attr = R ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 23701 bytes | Modified Date = 7/4/2002 12:03:00 AM | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 34805 bytes | Modified Date = 7/4/2002 12:03:00 AM | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 4117 bytes | Modified Date = 7/4/2002 12:03:00 AM | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 2201 bytes | Modified Date = 7/4/2002 12:03:00 AM | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 54516 bytes | Modified Date = 7/4/2002 12:03:00 AM | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 14421 bytes | Modified Date = 7/4/2002 12:03:00 AM | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 6325 bytes | Modified Date = 7/4/2002 12:03:00 AM | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 91156 bytes | Modified Date = 7/4/2002 12:03:00 AM | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> VERITAS Software, Inc. [Ver = 1.03.37a | Size = 95125 bytes | Modified Date = 7/4/2002 12:03:00 AM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %System32%\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 6.02.05 built by: WinDDK | Size = 631296 bytes | Modified Date = 5/21/2003 2:32:32 PM | Attr = ]
(WinPhlash) WinPhlash [Kernel | On_Demand | Stopped] -> %SystemDrive%\SWSetup\sp27645\PhlashNT.sys -> [Ver = | Size = 21984 bytes | Modified Date = 7/23/2003 10:28:44 PM | Attr = ]
(WPC11) Instant Wireless Network PC Card V3.0 Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\LSWLNDS.sys -> The Linksys Group, Inc. [Ver = 1.07.37 | Size = 54083 bytes | Modified Date = 5/15/2002 11:42:42 PM | Attr = R ]
(zlportio) zlportio [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 5:00:23 AM | Attr = ]
Display Settings -> %ProgramFiles%\HPQ\Notebook Utilities\hptasks.exe -> Hewlett-Packard [Ver = 1, 14, 0, 3 | Size = 45056 bytes | Modified Date = 8/15/2002 6:26:08 AM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 11/29/2001 11:44:05 AM | Attr = ]
LWBMOUSE -> %ProgramFiles%\Gigaware\Gigaware Driver\4.06\Mouse32A.exe -> [Ver = 3.0.1.0 | Size = 356352 bytes | Modified Date = 11/8/2001 10:47:50 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.6.0 05Jul02 | Size = 557056 bytes | Modified Date = 7/5/2002 1:55:58 PM | Attr = R ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.6.0 05Jul02 | Size = 126976 bytes | Modified Date = 7/5/2002 1:57:06 PM | Attr = R ]
WLAN -> SYSTEMS.EXE -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/19/2007 4:19:57 AM | Attr = ]
TivoServer -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe -> TiVo Inc. [Ver = 1.1 | Size = 1759232 bytes | Modified Date = 12/30/2004 12:13:58 PM | Attr = ]
TivoTransfer -> %CommonProgramFiles%\TiVo Shared\Transfer\TivoTransfer.exe -> TiVo Inc. [Ver = 1.0 | Size = 1156096 bytes | Modified Date = 12/30/2004 12:12:18 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://home.microsoft.com/search/search.asp ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1450 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
att.net .[http] -> Trusted sites ->
att.net .[https] -> Trusted sites ->
sbcglobal.net .[https] -> Trusted sites ->
clientapps_yahoo.com [http] -> Trusted sites ->
clientapps_yahoo.com [https] -> Trusted sites ->
82 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 59 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/19/2007 4:19:57 AM | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{8F4902B6-6C04-4ade-8052-AA58578A21BD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 5, 1, 6 | Size = 405504 bytes | Modified Date = 8/26/2004 10:27:32 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1}:Exec -> %ProgramFiles%\Travelaxe\Travelaxe.exe [Travelaxe] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
CmdMapping\\{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Travelaxe\Travelaxe.exe [Travelaxe] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
Q312461 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{286D87D1-ADB0-4C1D-9F23-99C990148BD4} -> (Linksys Instant Wireless Network PC Card V3.0) ->
{9EA174E3-D894-48FD-9B64-DFC6258E9FC0} -> (National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[Reg Error: Key does not exist or could not be opened.] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupd...b?1200279687398[WUWebControl Class] ->
{77E32299-629F-43C6-AB77-6A1E6D7663F6}[HKEY_LOCAL_MACHINE] -> http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab[Reg Error: Key does not exist or could not be opened.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe[Virtools WebPlayer Class] ->
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}[HKEY_LOCAL_MACHINE] -> http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll[PCPitstop Exam] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:43 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 9:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:43 PM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 6:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 8:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 752 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:57 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 35965 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{9EA174E3-D894-48FD-9B64-DFC6258E9FC0} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{286D87D1-ADB0-4C1D-9F23-99C990148BD4} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:57 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *; ->
ExcludeFromKnownDlls -> ->
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 -> %System32% -> [Folder | Modified Date = 1/22/2008 10:09:46 PM | Attr = ]
%SystemRoot% -> %SystemRoot% -> [Folder | Modified Date = 1/22/2008 10:27:13 PM | Attr = ]
%SystemRoot%\system32\WBEM -> %System32%\wbem -> [Folder | Modified Date = 10/28/2006 1:31:23 PM | Attr = ]
C:\Program Files\ATI Technologies\ATI Control Panel -> -> File not found
*MultiFile Done* -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> .COM -> File not found
.EXE -> .EXE -> File not found
.BAT -> .BAT -> File not found
.CMD -> .CMD -> File not found
.VBS -> .VBS -> File not found
.VBE -> .VBE -> File not found
.JS -> .JS -> File not found
.JSE -> .JSE -> File not found
.WSF -> .WSF -> File not found
.WSH -> .WSH -> File not found
*MultiFile Done* -> ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\GeneralTab -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\HomePage -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Cache -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\History -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Colors -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\links -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Fonts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Languages -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Accessibility -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\SecurityTab -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\ContentTab -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Ratings -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Certificates -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\FormSuggest -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\FormSuggest Passwords -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Profiles -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\ConnectionsTab -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Connection Settings -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Connwiz Admin Lock -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Proxy -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\ProgramsTab -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Messaging -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\ResetWebSettings -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Check_If_Default -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\AdvancedTab -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Control Panel\\Advanced -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoSplash -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoJITSetup -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserSaveAs -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoFileNew -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserClose -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoFileOpen -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoTheaterMode -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoViewSource -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoFavorites -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoAddingChannels -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserOptions -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserContextMenu -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Internet Explorer\Restrictions\\NoOpeninNewWnd -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\CurrentVersion\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\CurrentVersion\Internet Settings\\DialupAutodetect -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\CurrentVersion\Internet Settings\\EnableAutoProxyResultCache -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 8:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/3/2004 11:56:55 PM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 3:55:59 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
-> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\Scripts\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\Scripts\Shutdown\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsMediaPlayer\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\GeneralTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\HomePage -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Cache -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\History -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Colors -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\links -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Fonts -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Languages -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Accessibility -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\SecurityTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ContentTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Ratings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Certificates -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\FormSuggest -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\FormSuggest Passwords -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Profiles -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ConnectionsTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Connection Settings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Connwiz Admin Lock -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Proxy -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ProgramsTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Messaging -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ResetWebSettings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Check_If_Default -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\AdvancedTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Advanced -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoSplash -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoJITSetup -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserSaveAs -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoFileNew -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserClose -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoFileOpen -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoTheaterMode -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoViewSource -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoFavorites -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoAddingChannels -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserOptions -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserContextMenu -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoOpeninNewWnd -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventRun -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNeverUpload -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoExternalURL -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoFileCollection -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\10.0\Common\\DWNoSecondLevelCollection -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW\\DWNeverUpload -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\DialupAutodetect -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\EnableAutoProxyResultCache -> 0 ->


[Files/Folders - Created Within 30 days]
evil.exe -> %SystemDrive%\evil.exe -> [Ver = | Size = 708608 bytes | Created Date = 12/25/2007 3:36:42 PM | Attr = ]
nzm.exe -> %SystemDrive%\nzm.exe -> [Ver = | Size = 642048 bytes | Created Date = 12/25/2007 9:15:38 PM | Attr = ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Created Date = 1/7/2008 8:17:04 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 1/7/2008 8:17:04 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 1/7/2008 8:17:04 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 1/7/2008 8:17:04 PM | Attr = ]
CanonIJ Uninstaller Information -> %System32%\CanonIJ Uninstaller Information -> [Folder | Created Date = 1/16/2008 7:58:00 PM | Attr = H ]
CNMLM8O.DLL -> %System32%\CNMLM8O.DLL -> CANON INC. [Ver = 2.05.2.10 | Size = 198656 bytes | Created Date = 1/16/2008 7:58:27 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 1/11/2008 3:04:54 AM | Attr = ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/16/2008 10:48:24 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/16/2008 10:48:24 AM | Attr = H ]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job -> [Ver = | Size = 270 bytes | Created Date = 1/11/2008 2:19:57 AM | Attr = ]
Uniblue SpeedUpMyPC.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC.job -> [Ver = | Size = 392 bytes | Created Date = 1/11/2008 2:19:55 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
AOL OCP -> %AllUsersAppData%\AOL OCP -> [Folder | Created Date = 1/20/2008 5:34:22 PM | Attr = ]
PCPitstop -> %AllUsersAppData%\PCPitstop -> [Folder | Created Date = 1/10/2008 12:38:44 AM | Attr = ]
acccore -> %UserAppData%\acccore -> [Folder | Created Date = 1/20/2008 5:41:33 PM | Attr = ]
AntiSpywareBot -> %UserAppData%\AntiSpywareBot -> [Folder | Created Date = 1/7/2008 12:15:15 PM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Created Date = 1/9/2008 3:28:26 PM | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 1/11/2008 2:20:09 AM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Created Date = 1/20/2008 5:40:58 PM | Attr = ]
AOL OCP -> %LocalAppData%\AOL OCP -> [Folder | Created Date = 1/20/2008 5:41:02 PM | Attr = ]
F2atv_Forums -> %LocalAppData%\F2atv_Forums -> [Folder | Created Date = 1/7/2008 4:12:54 PM | Attr = ]
ArVdoCnvtr -> %UserDocuments%\ArVdoCnvtr -> [Folder | Created Date = 1/8/2008 9:01:41 PM | Attr = ]
ArVdoCnvtr.rar -> %UserDocuments%\ArVdoCnvtr.rar -> [Ver = | Size = 4285239 bytes | Created Date = 1/8/2008 9:00:02 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\ArVdoCnvtr.rar:Zone.Identifier
autoruns.chm -> %UserDocuments%\autoruns.chm -> [Ver = | Size = 48130 bytes | Created Date = 1/10/2008 12:57:39 AM | Attr = ]
autoruns.exe -> %UserDocuments%\autoruns.exe -> Sysinternals - www.sysinternals.com [Ver = 9.01 | Size = 599080 bytes | Created Date = 1/10/2008 12:57:39 AM | Attr = ]
autorunsc.exe -> %UserDocuments%\autorunsc.exe -> Sysinternals - www.sysinternals.com [Ver = 9.01 | Size = 504872 bytes | Created Date = 1/10/2008 12:57:39 AM | Attr = ]
cc_20080122_2222.reg -> %UserDocuments%\cc_20080122_2222.reg -> [Ver = | Size = 619974 bytes | Created Date = 1/22/2008 10:22:14 PM | Attr = ]
ConvertXtoDVD -> %UserDocuments%\ConvertXtoDVD -> [Folder | Created Date = 12/28/2007 2:13:42 PM | Attr = ]
CW f2atv_com v1.05 -> %UserDocuments%\CW f2atv_com v1.05 -> [Folder | Created Date = 1/6/2008 2:27:21 PM | Attr = ]
CW f2atv_com v1.05.rar -> %UserDocuments%\CW f2atv_com v1.05.rar -> [Ver = | Size = 289199 bytes | Created Date = 1/6/2008 2:26:59 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\CW f2atv_com v1.05.rar:Zone.Identifier
CW600SV1.60.bin -> %UserDocuments%\CW600SV1.60.bin -> [Ver = | Size = 1179672 bytes | Created Date = 1/5/2008 6:42:12 PM | Attr = ]
@Alternate Data Stream - 88 bytes -> %UserDocuments%\CW600SV1.60.bin:SummaryInformation
@Alternate Data Stream - 0 bytes -> %UserDocuments%\CW600SV1.60.bin:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/10/2008 1:54:54 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier
Isabel_Faceshot -> %UserDocuments%\Isabel_Faceshot -> [Folder | Created Date = 1/22/2008 10:33:28 PM | Attr = ]
Isabel_Faceshot.zip -> %UserDocuments%\Isabel_Faceshot.zip -> [Ver = | Size = 107358 bytes | Created Date = 1/22/2008 10:33:25 PM | Attr = ]
KATHY DOCS -> %UserDocuments%\KATHY DOCS -> [Folder | Created Date = 1/10/2008 9:04:28 PM | Attr = ]
P1000819.mov -> %UserDocuments%\P1000819.mov -> [Ver = | Size = 10715110 bytes | Created Date = 12/25/2007 12:02:09 AM | Attr = ]
PcSetup -> %UserDocuments%\PcSetup -> [Folder | Created Date = 1/7/2008 4:11:58 PM | Attr = ]
SDFix -> %UserDocuments%\SDFix -> [Folder | Created Date = 1/11/2008 2:57:34 AM | Attr = ]
Twochoices.pps -> %UserDocuments%\Twochoices.pps -> [Ver = | Size = 775680 bytes | Created Date = 1/23/2008 9:42:12 AM | Attr = ]
WinPFind35u -> %UserDocuments%\WinPFind35u -> [Folder | Created Date = 1/23/2008 10:07:43 PM | Attr = ]
WinPFind35u.exe -> %UserDocuments%\WinPFind35u.exe -> [Ver = | Size = 478500 bytes | Created Date = 1/23/2008 10:07:00 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\WinPFind35u.exe:Zone.Identifier
AIM 6.lnk -> %AllUsersDesktop%\AIM 6.lnk -> [Ver = | Size = 1680 bytes | Created Date = 1/20/2008 5:39:13 PM | Attr = ]
Easy-PhotoPrint.lnk -> %AllUsersDesktop%\Easy-PhotoPrint.lnk -> [Ver = | Size = 1706 bytes | Created Date = 1/16/2008 8:02:20 PM | Attr = ]
My Printer.lnk -> %AllUsersDesktop%\My Printer.lnk -> [Ver = | Size = 1652 bytes | Created Date = 1/16/2008 8:02:31 PM | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 1645 bytes | Created Date = 1/7/2008 8:17:06 PM | Attr = ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1556 bytes | Created Date = 1/22/2008 10:06:11 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1701 bytes | Created Date = 1/10/2008 1:56:41 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 1/10/2008 1:46:09 AM | Attr = HS]
evil.exe -> %SystemDrive%\evil.exe -> [Ver = | Size = 708608 bytes | Modified Date = 12/27/2007 12:14:16 PM | Attr = ]
nzm.exe -> %SystemDrive%\nzm.exe -> [Ver = | Size = 642048 bytes | Modified Date = 12/27/2007 12:13:33 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/22/2008 10:09:51 PM | Attr = ]
r00t.exe -> %SystemDrive%\r00t.exe -> [Ver = | Size = 642048 bytes | Modified Date = 12/24/2007 10:37:56 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/22/2008 10:27:13 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/11/2008 12:05:33 PM | Attr = ]
HOSTS -> %System32%\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 1/11/2008 12:05:33 PM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 375 bytes | Modified Date = 1/7/2008 11:44:05 AM | Attr = ]
CanonIJ Uninstaller Information -> %System32%\CanonIJ Uninstaller Information -> [Folder | Modified Date = 1/16/2008 7:58:00 PM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/13/2008 7:22:18 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/20/2008 3:51:03 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 1/7/2008 4:11:46 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/13/2008 7:29:07 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/22/2008 10:27:54 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 1/12/2008 11:05:01 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 60250 bytes | Modified Date = 1/7/2008 8:18:20 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 403578 bytes | Modified Date = 1/7/2008 8:18:21 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 469840 bytes | Modified Date = 1/7/2008 8:18:20 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 12620 bytes | Modified Date = 1/22/2008 10:28:51 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/13/2008 7:07:49 PM | Attr = H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/22/2008 10:27:08 PM | Attr = S]
custvoic.ini -> %SystemRoot%\custvoic.ini -> [Ver = | Size = 73 bytes | Modified Date = 1/13/2008 1:26:34 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 1/22/2008 10:18:15 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/20/2008 5:38:16 PM | Attr = S]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 1/11/2008 3:05:05 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 1/7/2008 12:10:19 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/7/2008 12:10:20 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/16/2008 8:03:08 PM | Attr = H ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 1/13/2008 7:07:04 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/22/2008 10:18:14 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 1/7/2008 2:40:13 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/23/2008 10:10:29 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/16/2008 10:48:24 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/22/2008 10:32:01 PM | Attr = H ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/13/2008 7:02:34 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/10/2008 1:46:09 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/22/2008 10:09:46 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/11/2008 2:19:57 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/23/2008 7:45:32 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1449 bytes | Modified Date = 1/23/2008 6:54:38 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/22/2008 10:27:18 PM | Attr = H ]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job -> [Ver = | Size = 270 bytes | Modified Date = 1/21/2008 5:08:00 PM | Attr = ]
Uniblue SpeedUpMyPC.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC.job -> [Ver = | Size = 392 bytes | Modified Date = 1/11/2008 2:19:55 AM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Modified Date = 1/20/2008 5:34:22 PM | Attr = ]
AOL OCP -> %AllUsersAppData%\AOL OCP -> [Folder | Modified Date = 1/20/2008 5:42:02 PM | Attr = ]
PCPitstop -> %AllUsersAppData%\PCPitstop -> [Folder | Modified Date = 1/10/2008 12:38:44 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 1/9/2008 3:27:35 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 1/23/2008 10:10:30 PM | Attr = ]
@Alternate Data Stream - 154 bytes -> %AllUsersAppData%\TEMP:0888F409
@Alternate Data Stream - 143 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Modified Date = 1/20/2008 5:39:50 PM | Attr = ]
acccore -> %UserAppData%\acccore -> [Folder | Modified Date = 1/20/2008 5:41:45 PM | Attr = ]
AntiSpywareBot -> %UserAppData%\AntiSpywareBot -> [Folder | Modified Date = 1/7/2008 12:20:24 PM | Attr = ]
inst.exe -> %UserAppData%\inst.exe -> [Ver = | Size = 87608 bytes | Modified Date = 1/7/2008 4:11:59 PM | Attr = ]
Move Networks -> %UserAppData%\Move Networks -> [Folder | Modified Date = 1/11/2008 6:29:06 PM | Attr = H ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Modified Date = 1/9/2008 3:28:26 PM | Attr = ]
pcouffin.cat -> %UserAppData%\pcouffin.cat -> [Ver = | Size = 7887 bytes | Modified Date = 1/7/2008 4:11:59 PM | Attr = ]
pcouffin.inf -> %UserAppData%\pcouffin.inf -> [Ver = | Size = 1144 bytes | Modified Date = 1/7/2008 4:11:58 PM | Attr = ]
pcouffin.sys -> %UserAppData%\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 1/7/2008 4:11:59 PM | Attr = ]
Skype -> %UserAppData%\Skype -> [Folder | Modified Date = 1/9/2008 2:29:46 AM | Attr = ]
U3 -> %UserAppData%\U3 -> [Folder | Modified Date = 1/17/2008 10:25:22 PM | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Modified Date = 1/11/2008 6:31:38 PM | Attr = ]
Vso -> %UserAppData%\Vso -> [Folder | Modified Date = 1/7/2008 4:12:00 PM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Modified Date = 1/20/2008 5:40:58 PM | Attr = ]
AOL OCP -> %LocalAppData%\AOL OCP -> [Folder | Modified Date = 1/20/2008 5:41:02 PM | Attr = ]
F2atv_Forums -> %LocalAppData%\F2atv_Forums -> [Folder | Modified Date = 1/9/2008 3:28:26 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 6955946 bytes | Modified Date = 1/20/2008 5:47:48 PM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/16/2008 5:58:27 PM | Attr = ]
The Weather Channel -> %LocalAppData%\The Weather Channel -> [Folder | Modified Date = 1/7/2008 12:12:43 PM | Attr = ]
TiVo Desktop -> %LocalAppData%\TiVo Desktop -> [Folder | Modified Date = 1/22/2008 10:29:50 PM | Attr = ]
AOL Downloads -> %AllUsersDocuments%\AOL Downloads -> [Folder | Modified Date = 1/10/2008 6:58:55 PM | Attr = ]
My Pictures -> %AllUsersDocuments%\My Pictures -> [Folder | Modified Date = 1/9/2008 2:08:10 AM | Attr = R ]
ArVdoCnvtr -> %UserDocuments%\ArVdoCnvtr -> [Folder | Modified Date = 1/8/2008 9:01:42 PM | Attr = ]
ArVdoCnvtr.rar -> %UserDocuments%\ArVdoCnvtr.rar -> [Ver = | Size = 4285239 bytes | Modified Date = 1/8/2008 9:00:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\ArVdoCnvtr.rar:Zone.Identifier
autoruns.exe -> %UserDocuments%\autoruns.exe -> Sysinternals - www.sysinternals.com [Ver = 9.01 | Size = 599080 bytes | Modified Date = 1/3/2008 10:40:24 AM | Attr = ]
autorunsc.exe -> %UserDocuments%\autorunsc.exe -> Sysinternals - www.sysinternals.com [Ver = 9.01 | Size = 504872 bytes | Modified Date = 1/3/2008 10:40:24 AM | Attr = ]
cc_20080122_2222.reg -> %UserDocuments%\cc_20080122_2222.reg -> [Ver = | Size = 619974 bytes | Modified Date = 1/22/2008 10:22:50 PM | Attr = ]
ConvertXtoDVD -> %UserDocuments%\ConvertXtoDVD -> [Folder | Modified Date = 12/28/2007 2:13:42 PM | Attr = ]
CW f2atv_com v1.05 -> %UserDocuments%\CW f2atv_com v1.05 -> [Folder | Modified Date = 1/6/2008 2:27:21 PM | Attr = ]
CW f2atv_com v1.05.rar -> %UserDocuments%\CW f2atv_com v1.05.rar -> [Ver = | Size = 289199 bytes | Modified Date = 1/6/2008 2:26:59 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\CW f2atv_com v1.05.rar:Zone.Identifier
CW600SV1.60.bin -> %UserDocuments%\CW600SV1.60.bin -> [Ver = | Size = 1179672 bytes | Modified Date = 1/6/2008 2:21:37 PM | Attr = ]
@Alternate Data Stream - 88 bytes -> %UserDocuments%\CW600SV1.60.bin:SummaryInformation
@Alternate Data Stream - 0 bytes -> %UserDocuments%\CW600SV1.60.bin:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/10/2008 1:55:04 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier
Isabel_Faceshot -> %UserDocuments%\Isabel_Faceshot -> [Folder | Modified Date = 1/22/2008 10:33:35 PM | Attr = ]
Isabel_Faceshot.zip -> %UserDocuments%\Isabel_Faceshot.zip -> [Ver = | Size = 107358 bytes | Modified Date = 1/22/2008 10:33:27 PM | Attr = ]
KATHY DOCS -> %UserDocuments%\KATHY DOCS -> [Folder | Modified Date = 1/10/2008 9:11:24 PM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 1/20/2008 4:00:00 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 12/27/2007 3:13:01 AM | Attr = R ]
P1000819.mov -> %UserDocuments%\P1000819.mov -> [Ver = | Size = 10715110 bytes | Modified Date = 12/25/2007 12:05:45 AM | Attr = ]
PcSetup -> %UserDocuments%\PcSetup -> [Folder | Modified Date = 1/7/2008 4:12:00 PM | Attr = ]
SDFix -> %UserDocuments%\SDFix -> [Folder | Modified Date = 1/11/2008 12:52:14 PM | Attr = ]
Thumbs.db -> %UserDocuments%\Thumbs.db -> [Ver = | Size = 372736 bytes | Modified Date = 1/7/2008 10:16:03 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable
Twochoices.pps -> %UserDocuments%\Twochoices.pps -> [Ver = | Size = 775680 bytes | Modified Date = 1/23/2008 9:42:22 AM | Attr = ]
WinPFind35u -> %UserDocuments%\WinPFind35u -> [Folder | Modified Date = 1/23/2008 10:07:43 PM | Attr = ]
WinPFind35u.exe -> %UserDocuments%\WinPFind35u.exe -> [Ver = | Size = 478500 bytes | Modified Date = 1/23/2008 10:07:00 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\WinPFind35u.exe:Zone.Identifier
AIM 6.lnk -> %AllUsersDesktop%\AIM 6.lnk -> [Ver = | Size = 1680 bytes | Modified Date = 1/20/2008 5:39:13 PM | Attr = ]
avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1717 bytes | Modified Date = 1/7/2008 4:11:47 PM | Attr = ]
Easy-PhotoPrint.lnk -> %AllUsersDesktop%\Easy-PhotoPrint.lnk -> [Ver = | Size = 1706 bytes | Modified Date = 1/16/2008 8:02:20 PM | Attr = ]
My Printer.lnk -> %AllUsersDesktop%\My Printer.lnk -> [Ver = | Size = 1652 bytes | Modified Date = 1/16/2008 8:02:31 PM | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 1645 bytes | Modified Date = 1/7/2008 8:17:06 PM | Attr = ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1556 bytes | Modified Date = 1/22/2008 10:06:11 PM | Attr = ]
dishnetwork -> %UserDesktop%\dishnetwork -> [Folder | Modified Date = 1/13/2008 11:02:52 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1701 bytes | Modified Date = 1/10/2008 1:56:41 AM | Attr = ]
perrys-files -> %UserDesktop%\perrys-files -> [Folder | Modified Date = 12/29/2007 1:42:47 PM | Attr = ]
AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 1/20/2008 5:34:54 PM | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1304 bytes | Modified Date = 11/9/2003 1:20:02 AM | Attr = ]
hhappreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\hhappreg.dat -> [Ver = | Size = 24448 bytes | Modified Date = 1/6/2000 4:00:00 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 1/13/2008 7:11:05 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 1/13/2008 7:11:05 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 10/26/2006 6:47:56 PM | Attr = ]

< End of report >

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:48 PM

Posted 24 January 2008 - 02:47 AM

Hi ucladtv. Let's do a little cleanup. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Files/Folders - Created Within 30 days]
NY -> evil.exe -> %SystemDrive%\evil.exe
NY -> nzm.exe -> %SystemDrive%\nzm.exe
[Files/Folders - Modified Within 30 days]
NY -> evil.exe -> %SystemDrive%\evil.exe
NY -> nzm.exe -> %SystemDrive%\nzm.exe
NY -> r00t.exe -> %SystemDrive%\r00t.exe
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 154 bytes -> %AllUsersAppData%\TEMP:0888F409
NY -> @Alternate Data Stream - 143 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 ucladtv

ucladtv
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 24 January 2008 - 12:27 PM

Hi,
here are the logs you requested. As of right now everything seems to be ok.
The only problems I have is sometimes it seems like my pc takes forever to open a program.
Thanks much.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/24/2008 at 03:27 AM

Application Version : 3.9.1008

Core Rules Database Version : 3386
Trace Rules Database Version: 1380

Scan type : Complete Scan
Total Scan Time : 02:30:56

Memory items scanned : 386
Memory threats detected : 0
Registry items scanned : 6408
Registry threats detected : 1
File items scanned : 76854
File threats detected : 1

Trojan.WINSYSTEMS
[WLAN] SYSTEMS.EXE
SYSTEMS.EXE



WinPFind35 logfile created on: 1/24/2008 9:21:43 AM
WinPFind35U Version Beta35 Folder = C:\Documents and Settings\Owner\My Documents\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

446.98 Mb Total Physical Memory | 158.93 Mb Available Physical Memory | 35.56% Memory free
1.08 Gb Paging File | 0.81 Gb Available in Paging File | 75.50% Paging File free
Paging file location(s): c:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.92 Gb Total Space | 9.57 Gb Free Space | 34.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: NOTEBOOK-4BZAO8
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 6:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 5:00:16 AM | Attr = ]
acsd.exe -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,22,1 | Size = 1388648 bytes | Modified Date = 9/16/2003 4:55:36 PM | Attr = ]
tivobeacon.exe -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.2 | Size = 853504 bytes | Modified Date = 12/30/2004 12:11:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:27:44 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 4:59:53 AM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.6.0 05Jul02 | Size = 126976 bytes | Modified Date = 7/5/2002 1:57:06 PM | Attr = R ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.6.0 05Jul02 | Size = 557056 bytes | Modified Date = 7/5/2002 1:55:58 PM | Attr = R ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 5:00:23 AM | Attr = ]
mouse32a.exe -> %ProgramFiles%\Gigaware\Gigaware Driver\4.06\Mouse32A.exe -> [Ver = 3.0.1.0 | Size = 356352 bytes | Modified Date = 11/8/2001 10:47:50 PM | Attr = ]
tivoserver.exe -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe -> TiVo Inc. [Ver = 1.1 | Size = 1759232 bytes | Modified Date = 12/30/2004 12:13:58 PM | Attr = ]
tivotransfer.exe -> %CommonProgramFiles%\TiVo Shared\Transfer\TivoTransfer.exe -> TiVo Inc. [Ver = 1.0 | Size = 1156096 bytes | Modified Date = 12/30/2004 12:12:18 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/19/2007 4:19:57 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 1:38:18 PM | Attr = ]
winpfind35u.exe -> %UserDocuments%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/23/2008 9:52:22 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,22,1 | Size = 1388648 bytes | Modified Date = 9/16/2003 4:55:36 PM | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 6:36:33 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 5:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 4:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 4:59:01 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> File not found
(ccPwdSvc) Symantec Password Validation Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> File not found
(ccPxySvc) Symantec Proxy Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Norton Internet Security\ccPxySvc.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
(HPConfig) HP Configuration Interface Service [Win32_Own | Disabled | Stopped] -> %System32%\HPConfig.exe -> Hewlett-Packard [Ver = 3, 0, 1, 8 | Size = 151552 bytes | Modified Date = 8/15/2002 10:10:58 AM | Attr = ]
(HPWirelessMgr) HPWirelessMgr [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Utilities\Notebook Utilities\HPWirelessMgr.exe -> Hewlett-Packard Co. [Ver = 1, 0, 0, 7 | Size = 53248 bytes | Modified Date = 7/25/2002 3:18:00 PM | Attr = ]
(Intel PDS) Intel PDS [Win32_Own | Disabled | Stopped] -> -> File not found
(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Norton AntiVirus\navapsvc.exe -> File not found
(NISUM) Norton Internet Security Accounts Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Norton Internet Security\NISUM.EXE -> File not found
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe -> File not found
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 2:53:44 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 214672 bytes | Modified Date = 9/19/2005 10:24:20 AM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> File not found
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.2 | Size = 853504 bytes | Modified Date = 12/30/2004 12:11:20 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:27:44 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 5:00:23 AM | Attr = ]
Display Settings -> %ProgramFiles%\HPQ\Notebook Utilities\hptasks.exe -> Hewlett-Packard [Ver = 1, 14, 0, 3 | Size = 45056 bytes | Modified Date = 8/15/2002 6:26:08 AM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 11/29/2001 11:44:05 AM | Attr = ]
LWBMOUSE -> %ProgramFiles%\Gigaware\Gigaware Driver\4.06\Mouse32A.exe -> [Ver = 3.0.1.0 | Size = 356352 bytes | Modified Date = 11/8/2001 10:47:50 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 6.6.0 05Jul02 | Size = 557056 bytes | Modified Date = 7/5/2002 1:55:58 PM | Attr = R ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 6.6.0 05Jul02 | Size = 126976 bytes | Modified Date = 7/5/2002 1:57:06 PM | Attr = R ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/19/2007 4:19:57 AM | Attr = ]
TivoServer -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe -> TiVo Inc. [Ver = 1.1 | Size = 1759232 bytes | Modified Date = 12/30/2004 12:13:58 PM | Attr = ]
TivoTransfer -> %CommonProgramFiles%\TiVo Shared\Transfer\TivoTransfer.exe -> TiVo Inc. [Ver = 1.0 | Size = 1156096 bytes | Modified Date = 12/30/2004 12:12:18 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://home.microsoft.com/search/search.asp ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1450 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
att.net .[http] -> Trusted sites ->
att.net .[https] -> Trusted sites ->
sbcglobal.net .[https] -> Trusted sites ->
clientapps_yahoo.com [http] -> Trusted sites ->
clientapps_yahoo.com [https] -> Trusted sites ->
82 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 59 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/19/2007 4:19:57 AM | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{8F4902B6-6C04-4ade-8052-AA58578A21BD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 5, 1, 6 | Size = 405504 bytes | Modified Date = 8/26/2004 10:27:32 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1}:Exec -> %ProgramFiles%\Travelaxe\Travelaxe.exe [Travelaxe] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
CmdMapping\\{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Travelaxe\Travelaxe.exe [Travelaxe] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
Q312461 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{286D87D1-ADB0-4C1D-9F23-99C990148BD4} -> (Linksys Instant Wireless Network PC Card V3.0) ->
{9EA174E3-D894-48FD-9B64-DFC6258E9FC0} -> (National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[Reg Error: Key does not exist or could not be opened.] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupd...b?1200279687398[WUWebControl Class] ->
{77E32299-629F-43C6-AB77-6A1E6D7663F6}[HKEY_LOCAL_MACHINE] -> http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab[Reg Error: Key does not exist or could not be opened.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe[Virtools WebPlayer Class] ->
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}[HKEY_LOCAL_MACHINE] -> http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll[PCPitstop Exam] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->



[Files/Folders - Created Within 30 days]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Created Date = 1/7/2008 8:17:04 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 1/7/2008 8:17:04 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 1/7/2008 8:17:04 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 1/7/2008 8:17:04 PM | Attr = ]
CanonIJ Uninstaller Information -> %System32%\CanonIJ Uninstaller Information -> [Folder | Created Date = 1/16/2008 7:58:00 PM | Attr = H ]
CNMLM8O.DLL -> %System32%\CNMLM8O.DLL -> CANON INC. [Ver = 2.05.2.10 | Size = 198656 bytes | Created Date = 1/16/2008 7:58:27 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 1/11/2008 3:04:54 AM | Attr = ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/16/2008 10:48:24 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/16/2008 10:48:24 AM | Attr = H ]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job -> [Ver = | Size = 270 bytes | Created Date = 1/11/2008 2:19:57 AM | Attr = ]
Uniblue SpeedUpMyPC.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC.job -> [Ver = | Size = 392 bytes | Created Date = 1/11/2008 2:19:55 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 1/10/2008 1:46:09 AM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/24/2008 12:17:34 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/24/2008 12:17:25 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/22/2008 10:27:13 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/11/2008 12:05:33 PM | Attr = ]
HOSTS -> %System32%\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 1/11/2008 12:05:33 PM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 375 bytes | Modified Date = 1/7/2008 11:44:05 AM | Attr = ]
CanonIJ Uninstaller Information -> %System32%\CanonIJ Uninstaller Information -> [Folder | Modified Date = 1/16/2008 7:58:00 PM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/13/2008 7:22:18 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/20/2008 3:51:03 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 1/7/2008 4:11:46 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/13/2008 7:29:07 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/22/2008 10:27:54 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 1/12/2008 11:05:01 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 60250 bytes | Modified Date = 1/7/2008 8:18:20 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 403578 bytes | Modified Date = 1/7/2008 8:18:21 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 469840 bytes | Modified Date = 1/7/2008 8:18:20 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 12620 bytes | Modified Date = 1/24/2008 9:18:30 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/13/2008 7:07:49 PM | Attr = H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/24/2008 9:18:12 AM | Attr = S]
custvoic.ini -> %SystemRoot%\custvoic.ini -> [Ver = | Size = 73 bytes | Modified Date = 1/13/2008 1:26:34 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 1/22/2008 10:18:15 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/20/2008 5:38:16 PM | Attr = S]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 1/11/2008 3:05:05 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 1/7/2008 12:10:19 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/7/2008 12:10:20 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/16/2008 8:03:08 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/24/2008 12:17:36 AM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 1/13/2008 7:07:04 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/22/2008 10:18:14 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 1/7/2008 2:40:13 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/24/2008 12:55:48 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/16/2008 10:48:24 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/22/2008 10:32:01 PM | Attr = H ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/13/2008 7:02:34 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/10/2008 1:46:09 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/22/2008 10:09:46 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/11/2008 2:19:57 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/24/2008 9:19:44 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1449 bytes | Modified Date = 1/23/2008 11:39:59 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/24/2008 9:18:23 AM | Attr = H ]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job -> [Ver = | Size = 270 bytes | Modified Date = 1/21/2008 5:08:00 PM | Attr = ]
Uniblue SpeedUpMyPC.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC.job -> [Ver = | Size = 392 bytes | Modified Date = 1/11/2008 2:19:55 AM | Attr = ]

< End of report >


Explorer killed successfully
[Files/Folders - Created Within 30 days]
C:\evil.exe moved successfully.
C:\nzm.exe moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\evil.exe not found!
File C:\nzm.exe not found!
C:\r00t.exe moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0888F409 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_f94.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DFBE1C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DFBE3E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6ec.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta35 fix logfile created on 01242008_003433

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:48 PM

Posted 24 January 2008 - 03:20 PM

Hi ucladtv. Everything in the log looks fine. I think your issue with programs starting is related to Norton. It appears that it was once on this machine and is no longer. There are a number of services and who knows how many registry settings that were not removed properly when Norton was removed.

Go to this link: http://www.bleepingcomputer.com/forums/t/34671/how-to-remove-your-norton-products/ for directions on how to remove all of the left-over registry entries. If you run into any problems you can post in that topic. It is dedicated to removing Norton.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users