Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected W/vundo & Virtumonde


  • Please log in to reply
22 replies to this topic

#1 wolfz_1964

wolfz_1964

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:06 PM

Posted 12 January 2008 - 08:52 AM

Starting The 1st of this year exe files for programs have been diasppearing and computer is running very slow. Have run spybot, ad-aware, bit defender, CA anti-virus & stinger. I cannot get Houskeeper (or was it housecleaner?) or panda to run. All have detected the vundo or virtumonde virus but seem unable to get rid of it. One file that will not go away is one called pmnlm
I have seen this file labeled pmnlm.exe, pmnlm.dll & pmnlm.dll_old. I have tried deleting it manually without success. I have also run vundofix. Here is my log. Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:52 AM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?rev=10238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53AFF78C-310F-4D25-9EBF-198E64D5FE9B} - C:\WINDOWS\system32\pmnlm.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll (file missing)
O2 - BHO: {e443f4ba-1bd4-2339-5cf4-551b22b8224a} - {a4228b22-b155-4fc5-9332-4db1ab4f344e} - C:\WINDOWS\system32\xokrctgh.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183959451312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183959443078
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8849 bytes
Clueless On The East Coast

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:06 AM

Posted 18 January 2008 - 10:18 PM

Hi wolfz_1964 and welcome to the BC HijackThis forum. We need to use a different scanner to see hat else might be in there.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 wolfz_1964

wolfz_1964
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:06 PM

Posted 19 January 2008 - 08:17 AM

Hey OldTimer, :)
Thanks for your help. I will be running scan in a couple hours.

:blink: :wacko: :) :thumbsup:
Clueless On The East Coast

#4 wolfz_1964

wolfz_1964
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:06 PM

Posted 19 January 2008 - 11:14 AM

Attached the file...just in case :thumbsup:

WinPFind35 logfile created on: 1/19/2008 9:45:34 AM
WinPFind35U Version Beta25 Folder = C:\Documents and Settings\Mom\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1.50 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 58.44% Memory free
2.86 Gb Paging File | 2.35 Gb Available in Paging File | 82.21% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 42.72 Gb Free Space | 76.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 195.26 Gb Free Space | 83.85% Space Free | Partition Type: NTFS

Computer Name: MELANIE
Current User Name: Mom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users


[Processes - Non-Microsoft Only]
smss.exe -> %System32%\smss -> File not found
csrss.exe -> %System32%\csrss -> File not found
winlogon.exe -> %System32%\winlogon -> File not found
services.exe -> %System32%\services -> File not found
lsass.exe -> %System32%\lsass -> File not found
svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> File not found
-> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> [Wmi] -> File not found
svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> File not found
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
-> [Wmi] -> File not found
msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng -> File not found
svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> File not found
-> %System32%\6to4svc.dll [6to4] -> Microsoft Corporation [Ver = 5.1.2600.2975 (xpsp_sp2_gdr.060816-0059) | Size = 100352 bytes | Modified Date = 8/16/2006 6:58:05 AM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> File not found
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 7:59:41 AM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 11:39:45 PM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 11:39:45 PM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 2:32:34 PM | Attr = ]
-> %System32%\wkssvc.dll [LanmanWorkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 7:28:27 AM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 1:29:46 PM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 5:47:18 AM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 9/3/2002 11:42:48 AM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 2:56:45 AM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 11:27:56 AM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\wbem\wmisvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\mspmsnsv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 8:47:16 PM | Attr = ]
-> [Wmi] -> File not found
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> File not found
-> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> [Wmi] -> File not found
svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> File not found
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 2:56:45 AM | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 2/5/2007 3:17:02 PM | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 10:35:05 PM | Attr = ]
-> [Wmi] -> File not found
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice -> File not found
spoolsv.exe -> %System32%\spoolsv -> File not found
umxcfg.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxCfg -> File not found
umxfwhlp.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxFwHlp -> File not found
umxpol.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxPol -> File not found
umxagent.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxAgent -> File not found
explorer.exe -> %SystemRoot%\explorer -> File not found
ati2evxx.exe -> %System32%\ati2evxx -> File not found
isafe.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\isafe -> File not found
ctsvccda.exe -> %System32%\CTsvcCDA -> File not found
itmrtsvc.exe -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC -> File not found
hpzipm12.exe -> %System32%\HPZipm12 -> File not found
svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> File not found
-> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/19/2006 1:16:47 PM | Attr = ]
-> [Wmi] -> File not found
vetmsg.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg -> File not found
mspmspsv.exe -> %System32%\MsPMSPSv -> File not found
capfsem.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfsem -> File not found
alg.exe -> %System32%\alg -> File not found
msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui -> File not found
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched -> File not found
cctray.exe -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray -> File not found
cavrid.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\cavrid -> File not found
capfasem.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfasem -> File not found
svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER] -> File not found
-> %System32%\w3ssl.dll [HTTPFilter] -> Microsoft Corporation [Ver = 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> [Wmi] -> File not found
ctfmon.exe -> %System32%\ctfmon -> File not found
ccprovsp.exe -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp -> File not found
cappactiveprotection.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection -> File not found
ppctlpriv.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv -> File not found
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U -> File not found

[Win32 Services - Non-Microsoft Only]
(6to4) IPv6 Helper Service [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice -> File not found
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %System32%\alg -> File not found
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state -> File not found
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx -> File not found
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(BITS) Background Intelligent Transfer Service [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(Browser) Computer Browser [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(CaCCProvSP) CaCCProvSP [Win32_Own | On_Demand | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp -> File not found
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\isafe -> File not found
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc -> File not found
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv -> File not found
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw -> File not found
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost -> File not found
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTsvcCDA -> File not found
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin -> File not found
(dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services -> File not found
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache -> File not found
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi -> File not found
(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC -> File not found
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(LanmanWorkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc -> [Folder | Modified Date = 7/8/2007 10:30:59 PM | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec -> File not found
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde -> File not found
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde -> File not found
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass -> File not found
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost -> File not found
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass -> File not found
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services -> File not found
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12 -> File not found
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass -> File not found
(PPCtlPriv) PPCtlPriv [Win32_Own | On_Demand | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv -> File not found
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass -> File not found
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr -> File not found
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp -> File not found
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass -> File not found
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr -> File not found
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv -> File not found
(srservice) System Restore Service [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(SupportSoft RemoteAssist) SupportSoft RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\supportsoft\bin\ssrc -> File not found
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost -> File not found
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc -> File not found
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(UmxAgent) HIPS Event Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxAgent -> File not found
(UmxCfg) HIPS Configuration Interpreter [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxCfg -> File not found
(UmxFwHlp) HIPS Firewall Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxFwHlp -> File not found
(UmxPol) HIPS Policy Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxPol -> File not found
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups -> File not found
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg -> File not found
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc -> File not found
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng -> File not found
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %System32%\MsPMSPSv -> File not found
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv -> File not found
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk -> File not found
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi -> File not found
(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %System32%\drivers\acpiec -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec -> File not found
(AFD) AFD Networking Support Environment [Kernel | System | Running] -> %System32%\drivers\afd -> File not found
(agp440) Intel AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\agp440 -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac -> File not found
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag -> File not found
(atinrvxx) ATI WDM Rage Theater Video [Kernel | On_Demand | Running] -> %System32%\drivers\atinrvxx -> File not found
(ATITUNEP) ATI WDM TV Tuner [Kernel | Auto | Running] -> %System32%\drivers\atintuxx -> File not found
(ativraxx) ATI WDM Rage Theater Audio [Kernel | On_Demand | Running] -> %System32%\drivers\atinraxx -> File not found
(ATIXSAudio) ATI WDM TV Audio Crossbar [Kernel | Auto | Running] -> %System32%\drivers\atinxsxx -> File not found
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc -> File not found
(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\audstub -> File not found
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep -> File not found
(Bridge) MAC Bridge [Kernel | On_Demand | Stopped] -> %System32%\drivers\bridge -> File not found
(BridgeMP) MAC Bridge Miniport [Kernel | On_Demand | Stopped] -> %System32%\drivers\bridge -> File not found
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k -> File not found
(CCDECODE) Closed Caption Decoder [Kernel | On_Demand | Stopped] -> %System32%\drivers\ccdecode -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio -> File not found
(Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs -> File not found
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctsfm2k -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot -> File not found
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio -> File not found
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload -> File not found
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\dmusic -> File not found
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud -> File not found
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e100b325 -> File not found
(Fastfat) Fastfat [File_System | Disabled | Stopped] -> %System32%\drivers\fastfat -> File not found
(Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\fdc -> File not found
(Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips -> File not found
(Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %System32%\drivers\flpydisk -> File not found
(FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\drivers\fltmgr -> File not found
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk -> File not found
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %System32%\drivers\gameenum -> File not found
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %System32%\drivers\msgpc -> File not found
(hidusb) Microsoft HID Class Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\hidusb -> File not found
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %System32%\drivers\HPZid412 -> File not found
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %System32%\drivers\HPZipr12 -> File not found
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %System32%\drivers\HPZius12 -> File not found
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWBS2 -> File not found
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP -> File not found
(HTTP) HTTP [Kernel | On_Demand | Running] -> %System32%\drivers\http -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\drivers\i8042prt -> File not found
(Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %System32%\drivers\imapi -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Boot | Running] -> %System32%\drivers\intelide -> File not found
(intelppm) Intel Processor Driver [Kernel | System | Running] -> %System32%\drivers\intelppm -> File not found
(ip6fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ip6fw -> File not found
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv -> File not found
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip -> File not found
(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %System32%\drivers\ipnat -> File not found
(IPSec) IPSEC driver [Kernel | System | Running] -> %System32%\drivers\ipsec -> File not found
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\irenum -> File not found
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\isapnp -> File not found
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\drivers\kbdclass -> File not found
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Running] -> %System32%\drivers\kmixer -> File not found
(KmxAgent) KmxAgent [Kernel | System | Running] -> %System32%\drivers\KmxAgent -> File not found
(KmxCF) KmxCF [Kernel | Auto | Running] -> %System32%\drivers\KmxCF -> File not found
(KmxCfg) KmxCfg [Kernel | On_Demand | Running] -> %System32%\drivers\KmxCfg -> File not found
(KmxFile) KmxFile [Kernel | System | Running] -> %System32%\drivers\KmxFile -> File not found
(KmxFw) KmxFw [Kernel | System | Running] -> %System32%\drivers\KmxFw -> File not found
(KmxSbx) KmxSbx [Kernel | Auto | Running] -> %System32%\drivers\KmxSbx -> File not found
(KmxStart) KmxStart [Kernel | Boot | Running] -> %System32%\drivers\KmxStart -> File not found
(KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd -> File not found
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> %System32%\drivers\L8042Kbd -> File not found
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042MOU -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidKE -> File not found
(LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidUsbK -> File not found
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouKE -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk -> File not found
(mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\mnmdd -> File not found
(Modem) Modem [Kernel | On_Demand | Running] -> %System32%\drivers\modem -> File not found
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %System32%\drivers\MODEMCSA -> File not found
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\drivers\mouclass -> File not found
(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mouhid -> File not found
(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> %System32%\drivers\mountmgr -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %System32%\drivers\mrxdav -> File not found
(MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\drivers\mrxsmb -> File not found
(Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs -> File not found
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mskssrv -> File not found
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspclock -> File not found
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspqm -> File not found
(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mssmbios -> File not found
(MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [Kernel | On_Demand | Stopped] -> %System32%\drivers\mstee -> File not found
(Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup -> File not found
(MVDCODEC) ATI WDM Specialized MVD Codec [Kernel | Auto | Running] -> %System32%\drivers\atinmdxx -> File not found
(NABTSFEC) NABTS/FEC VBI Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\nabtsfec -> File not found
(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis -> File not found
(NdisIP) Microsoft TV/Video Connection [Kernel | On_Demand | Stopped] -> %System32%\drivers\ndisip -> File not found
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndistapi -> File not found
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\ndisuio -> File not found
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndiswan -> File not found
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\ndproxy -> File not found
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %System32%\drivers\netbios -> File not found
(NetBT) NetBios over Tcpip [Kernel | System | Running] -> %System32%\drivers\netbt -> File not found
(nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmnt -> File not found
(Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs -> File not found
(Ntfs) Ntfs [File_System | Disabled | Running] -> %System32%\drivers\ntfs -> File not found
(Null) Null [Kernel | System | Running] -> %System32%\drivers\null -> File not found
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd -> File not found
(OMCI) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\drivers\omci -> File not found
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctoss2k -> File not found
(P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\P16X -> File not found
(Parport) Parallel port driver [Kernel | On_Demand | Running] -> %System32%\drivers\parport -> File not found
(PartMgr) Partition Manager [Kernel | Boot | Running] -> %System32%\drivers\partmgr -> File not found
(ParVdm) ParVdm [Kernel | Auto | Running] -> %System32%\drivers\parvdm -> File not found
(PCDCODEC) ATI WDM Specialized PCD Codec [Kernel | Auto | Running] -> %System32%\drivers\atinpdxx -> File not found
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\pci -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Boot | Running] -> %System32%\drivers\pciide -> File not found
(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %System32%\drivers\pcmcia -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\PFMODNT -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %System32%\drivers\raspptp -> File not found
(Processor) Processor Driver [Kernel | System | Stopped] -> %System32%\drivers\processr -> File not found
(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %System32%\drivers\psched -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink -> File not found
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20 -> File not found
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %System32%\drivers\rasacd -> File not found
(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %System32%\drivers\rasl2tp -> File not found
(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %System32%\drivers\raspppoe -> File not found
(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %System32%\drivers\raspti -> File not found
(Rdbss) Rdbss [File_System | System | Running] -> %System32%\drivers\rdbss -> File not found
(RDPCDD) RDPCDD [Kernel | System | Running] -> %System32%\drivers\rdpcdd -> File not found
(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdpwd -> File not found
(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %System32%\drivers\redbook -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv -> File not found
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM -> File not found
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv -> File not found
(serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\serenum -> File not found
(Serial) Serial port driver [Kernel | System | Running] -> %System32%\drivers\serial -> File not found
(Sfloppy) Sfloppy [Kernel | System | Stopped] -> %System32%\drivers\sfloppy -> File not found
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SLIP) BDA Slip De-Framer [Kernel | On_Demand | Stopped] -> %System32%\drivers\slip -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %System32%\drivers\splitter -> File not found
(sr) System Restore Filter Driver [File_System | Disabled | Stopped] -> %System32%\drivers\sr -> File not found
(Srv) Srv [File_System | On_Demand | Running] -> %System32%\drivers\srv -> File not found
(streamip) BDA IPSink [Kernel | On_Demand | Stopped] -> %System32%\drivers\streamip -> File not found
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %System32%\drivers\swenum -> File not found
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\swmidi -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %System32%\drivers\sysaudio -> File not found
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %System32%\drivers\tcpip -> File not found
(Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | System | Running] -> %System32%\drivers\tcpip6 -> File not found
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe -> File not found
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp -> File not found
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %System32%\drivers\termdd -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(tunmp) Microsoft Tun Miniport Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\tunmp -> File not found
(Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %System32%\drivers\update -> File not found
(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbccgp -> File not found
(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbehci -> File not found
(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %System32%\drivers\usbhub -> File not found
(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Running] -> %System32%\drivers\usbprint -> File not found
(usbscan) USB Scanner Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbscan -> File not found
(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Running] -> %System32%\drivers\USBSTOR -> File not found
(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbuhci -> File not found
(VET-FILT) VET File System Filter [Kernel | System | Running] -> %System32%\drivers\vet-filt -> File not found
(VET-REC) VET File System Recognizer [Kernel | System | Running] -> %System32%\drivers\vet-rec -> File not found
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %System32%\drivers\veteboot -> File not found
(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %System32%\drivers\vetefile -> File not found
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %System32%\drivers\vetfddnt -> File not found
(VETMONNT) VET File Monitor [Kernel | System | Running] -> %System32%\drivers\vetmonnt -> File not found
(VgaSave) VGA Display Controller. [Kernel | System | Running] -> %System32%\drivers\vga -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap -> File not found
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wanarp -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wdmaud -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT -> File not found
(WSTCODEC) World Standard Teletext Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\wstcodec -> File not found
(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfPf -> File not found
(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfRd -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
ATIModeChange -> %System32%\Ati2mdxx -> File not found
cafwc -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\cafw -> File not found
capfasem -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfasem -> File not found
capfupgrade -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade -> File not found
CAVRID -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\cavrid -> File not found
cctray -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray -> File not found
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched -> File not found
Windows Defender -> %ProgramFiles%\Windows Defender\MSASCui -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ctfmon.exe -> %System32%\ctfmon -> File not found
*MultiFile Done* -> ->
< Windows NT\\Load [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\pmnlm.exe -> %System32%\pmnlm.exe -> File not found
*MultiFile Done* -> ->
< Windows NT\\Load [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\pmnlm.exe -> %System32%\pmnlm.exe -> File not found
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Run [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ctfmon.exe -> %System32%\ctfmon -> File not found
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop -> File not found
< Dad Startup Folder > -> C:\Documents and Settings\Dad\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Dad\Start Menu\Programs\Startup\desktop -> File not found
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop -> File not found
< Hope Startup Folder > -> C:\Documents and Settings\Hope\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Hope\Start Menu\Programs\Startup\desktop -> File not found
< Jennifer Startup Folder > -> C:\Documents and Settings\Jennifer\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Jennifer\Start Menu\Programs\Startup\desktop -> File not found
< Mom Startup Folder > -> C:\Documents and Settings\Mom\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop -> File not found
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %System32%\ntsd [Debugger] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer -> File not found
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %System32%\userinit -> File not found
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %System32%\logonui -> File not found
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %System32%\rundll32 -> File not found
Control_RunDLL "sysdm.cpl" -> %System32%\sysdm -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
PFW -> %System32%\UmxWNP.dll -> CA [Ver = 6, 0, 0, 5 | Size = 79368 bytes | Modified Date = 5/18/2007 2:30:00 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (223027 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.rr.com/flash/index.cfm?rev=10238 ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: Main\\Start Page -> http://www.rr.com/flash/index.cfm?rev=10238 ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4163 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4163 domain(s) found. ->
www_pandasecurity.com [http] -> Trusted sites ->
www_pandasecurity.com [https] -> Trusted sites ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4163 domain(s) found. ->
www_pandasecurity.com [http] -> Trusted sites ->
www_pandasecurity.com [https] -> Trusted sites ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{53AFF78C-310F-4D25-9EBF-198E64D5FE9B} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{8F9E2BE3-766D-4831-BB0E-766D5B819995} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [BndBlock4 BHO Class] -> File not found
{a4228b22-b155-4fc5-9332-4db1ab4f344e} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{1FE2EBE5-42FF-4586-A144-CA420C84FF6A} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Internet Speed Monitor] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{44226DFF-747E-4edc-B30C-78752E50CD0C}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ATI TV] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec -> %SystemRoot%\network diagnostic\xpnetdiag [@xpsp3res.dll,-20001] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ATI Multimedia\tv\EXPLBAR.DLL [&ATI TV] -> ATI Technologies Inc. [Ver = 8.0.001 | Size = 139341 bytes | Modified Date = 1/20/2003 10:52:20 PM | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ATI Multimedia\tv\EXPLBAR.DLL [&ATI TV] -> ATI Technologies Inc. [Ver = 8.0.001 | Size = 139341 bytes | Modified Date = 1/20/2003 10:52:20 PM | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Messenger] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{506BEAA9-5458-47DB-8614-D392ABAFCF4B} -> () ->
{DD253A6D-E3AC-441E-9ACD-161F877D2D68} -> (Intel® PRO/100 VE Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000025 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000026 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 11/20/2007 9:17:41 PM | Attr = ]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab[Support.com Configuration Class] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b...heckControl.cab[Windows Genuine Advantage Validation Tool] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftu...b?1183959451312[WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftu...b?1183959443078[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ]
C:\WINDOWS\system32\pmnlm -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1660 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost [%SystemRoot%\System32\svchost.exe -k netsvcs] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 7333 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe -> C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007 [C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:*:Enabled:Ad-Aware 2007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{683F9741-DCA4-44FE-A065-B3BAC733D11F} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{506BEAA9-5458-47DB-8614-D392ABAFCF4B} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{DD253A6D-E3AC-441E-9ACD-161F877D2D68} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FB36596F-21A9-482F-8D19-BE94F6E373AE} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost [%systemroot%\system32\svchost.exe -k netsvcs] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd -> File not found
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 11:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg -> File not found
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 6:55:59 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
-> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
< Software Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\policies\ ->
HKEY_USERS\.DEFAULT\Software\Policies\ -> ->
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\ -> ->
< Software Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\policies\ ->
HKEY_USERS\S-1-5-18\Software\Policies\ -> ->
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\ -> ->
< Software Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\policies\ ->
HKEY_USERS\S-1-5-19\Software\Policies\ -> ->
HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\ -> ->
< Software Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\policies\ ->
HKEY_USERS\S-1-5-20\Software\Policies\ -> ->
HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\ -> ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\policies\ ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\Software\Policies\ -> ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\Software\Policies\Microsoft\ -> ->


[Files/Folders - Created Within 30 days]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 1/3/2008 6:25:32 PM | Attr = ]
vet-filt.sys -> %System32%\drivers\vet-filt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 26376 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vet-rec.sys -> %System32%\drivers\vet-rec.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 21128 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
veteboot.sys -> %System32%\drivers\veteboot.sys -> Computer Associates International, Inc. [Ver = 31.1.0.0 | Size = 108312 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vetefile.sys -> %System32%\drivers\vetefile.sys -> Computer Associates International, Inc. [Ver = 31.1.0.0 | Size = 879784 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vetfddnt.sys -> %System32%\drivers\vetfddnt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 21512 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vetmonnt.sys -> %System32%\drivers\vetmonnt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 32264 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
ddccd.exe -> %System32%\ddccd.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 10:27:17 PM | Attr = ]
isafeif.dll -> %System32%\isafeif.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 99592 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
isafprod.dll -> %System32%\isafprod.dll -> CA, Inc. [Ver = Version 8.4.0.28 | Size = 75016 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
mlnmp.ini -> %System32%\mlnmp.ini -> [Ver = | Size = 670800 bytes | Created Date = 12/31/2007 5:39:43 PM | Attr = HS]
mlnmp.ini2 -> %System32%\mlnmp.ini2 -> [Ver = | Size = 670800 bytes | Created Date = 12/31/2007 5:39:43 PM | Attr = HS]
vetredir.dll -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 21 bytes | Created Date = 12/31/2007 8:39:32 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/6/2008 6:19:31 PM | Attr = ]
hpoins09.dat.temp -> %SystemRoot%\hpoins09.dat.temp -> [Ver = | Size = 118642 bytes | Created Date = 12/31/2007 9:08:46 PM | Attr = ]
hpomdl09.dat.temp -> %SystemRoot%\hpomdl09.dat.temp -> [Ver = | Size = 11645 bytes | Created Date = 12/31/2007 9:08:45 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/30/2007 10:06:51 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/30/2007 10:06:51 PM | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 1/14/2008 7:30:12 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 10240 bytes | Created Date = 1/14/2008 7:00:30 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[Files Created - Additional Folder Scans - Non-Microsoft Only]
CA -> %AllUsersAppData%\CA -> [Folder | Created Date = 1/15/2008 11:20:15 PM | Attr = ]
Sonic -> %AllUsersAppData%\Sonic -> [Folder | Created Date = 12/31/2007 9:22:37 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 1/4/2008 6:33:08 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/7/2008 11:19:43 PM | Attr = ]
QQ Games Plugin -> %UserAppData%\QQ Games Plugin -> [Folder | Created Date = 12/31/2007 9:07:09 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Created Date = 1/14/2008 7:30:12 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/7/2008 11:19:25 PM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Created Date = 12/31/2007 9:03:58 PM | Attr = ]
HP -> %LocalAppData%\HP -> [Folder | Created Date = 12/31/2007 10:39:32 PM | Attr = ]
IsolatedStorage -> %LocalAppData%\IsolatedStorage -> [Folder | Created Date = 12/31/2007 10:40:28 PM | Attr = ]
HP Document Viewer.lnk -> %AllUsersDesktop%\HP Document Viewer.lnk -> [Ver = | Size = 1894 bytes | Created Date = 12/31/2007 9:26:22 PM | Attr = ]
HP Photosmart Essential.lnk -> %AllUsersDesktop%\HP Photosmart Essential.lnk -> [Ver = | Size = 1887 bytes | Created Date = 1/2/2008 9:05:36 PM | Attr = ]
HP Photosmart Premier.lnk -> %AllUsersDesktop%\HP Photosmart Premier.lnk -> [Ver = | Size = 898 bytes | Created Date = 12/31/2007 9:19:05 PM | Attr = ]
defender.html -> %UserDesktop%\defender.html -> [Ver = | Size = 264038 bytes | Created Date = 1/11/2008 9:34:40 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 1/11/2008 11:17:30 PM | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/11/2008 11:16:41 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
iss_en_32.exe -> %UserDesktop%\iss_en_32.exe -> CA [Ver = 3.2.1.18 | Size = 45275272 bytes | Created Date = 1/15/2008 11:18:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iss_en_32.exe:Zone.Identifier
Shortcut to ATF-Cleaner.lnk -> %UserDesktop%\Shortcut to ATF-Cleaner.lnk -> [Ver = | Size = 751 bytes | Created Date = 1/6/2008 1:05:53 PM | Attr = ]
Shortcut to spades.lnk -> %UserDesktop%\Shortcut to spades.lnk -> [Ver = | Size = 699 bytes | Created Date = 12/27/2007 5:59:04 PM | Attr = ]
Shortcut to WinPFind35U.lnk -> %UserDesktop%\Shortcut to WinPFind35U.lnk -> [Ver = | Size = 604 bytes | Created Date = 1/19/2008 9:43:39 AM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Created Date = 1/4/2008 6:33:13 PM | Attr = ]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 1/11/2008 9:53:49 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\stinger.exe:Zone.Identifier
stinger.opt -> %UserDesktop%\stinger.opt -> [Ver = | Size = 22 bytes | Created Date = 1/11/2008 11:10:43 PM | Attr = ]
stng260.exe -> %UserDesktop%\stng260.exe -> McAfee Inc. [Ver = 2.6.0. | Size = 1144839 bytes | Created Date = 1/11/2008 9:47:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\stng260.exe:Zone.Identifier
stng260.opt -> %UserDesktop%\stng260.opt -> [Ver = | Size = 17 bytes | Created Date = 1/11/2008 9:53:58 PM | Attr = ]
VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 1/14/2008 8:06:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 1/7/2008 11:15:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
WindowsDefender.msi -> %UserDesktop%\WindowsDefender.msi -> [Ver = | Size = 5154304 bytes | Created Date = 1/13/2008 9:36:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WindowsDefender.msi:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/19/2008 9:42:31 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 471950 bytes | Created Date = 1/19/2008 9:36:05 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/14/2008 7:24:45 PM | Attr = ]
Scanner -> %CommonProgramFiles%\Scanner -> [Folder | Created Date = 1/15/2008 11:20:30 PM | Attr = ]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared -> [Folder | Created Date = 12/31/2007 9:22:35 PM | Attr = ]
supportsoft -> %CommonProgramFiles%\supportsoft -> [Folder | Created Date = 1/4/2008 9:30:07 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 1/10/2008 6:42:58 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/15/2008 11:21:23 PM | Attr = H ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 2413 bytes | Modified Date = 1/2/2008 9:11:12 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/15/2008 11:20:14 PM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/11/2008 9:37:49 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/11/2008 8:48:02 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/19/2008 7:37:14 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/10/2008 6:47:28 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 223027 bytes | Modified Date = 1/10/2008 6:47:28 PM | Attr = R ]
hosts.20080104-211517.backup -> %System32%\drivers\etc\hosts.20080104-211517.backup -> [Ver = | Size = 222475 bytes | Modified Date = 1/4/2008 7:12:20 PM | Attr = R ]
hosts.20080110-184533.backup -> %System32%\drivers\etc\hosts.20080110-184533.backup -> [Ver = | Size = 222475 bytes | Modified Date = 1/4/2008 9:15:17 PM | Attr = R ]
hosts.20080110-184728.backup -> %System32%\drivers\etc\hosts.20080110-184728.backup -> [Ver = | Size = 222475 bytes | Modified Date = 1/10/2008 6:45:33 PM | Attr = R ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/15/2008 11:30:03 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/28/2007 11:41:11 AM | Attr = ]
ddccd.exe -> %System32%\ddccd.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 10:27:17 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/9/2008 11:59:44 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/15/2008 11:21:04 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 169096 bytes | Modified Date = 12/31/2007 9:31:55 PM | Attr = ]
mlnmp.ini -> %System32%\mlnmp.ini -> [Ver = | Size = 670800 bytes | Modified Date = 1/10/2008 10:04:43 PM | Attr = HS]
mlnmp.ini2 -> %System32%\mlnmp.ini2 -> [Ver = | Size = 670800 bytes | Modified Date = 1/10/2008 10:04:40 PM | Attr = HS]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70066 bytes | Modified Date = 1/14/2008 7:22:33 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 435920 bytes | Modified Date = 1/14/2008 7:22:33 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 514654 bytes | Modified Date = 1/14/2008 7:22:33 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/11/2008 9:37:49 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/15/2008 11:25:16 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 12:04:16 AM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/31/2007 9:26:45 PM | Attr = R S]
atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 21 bytes | Modified Date = 12/31/2007 8:39:32 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/11/2008 8:04:08 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/15/2008 11:23:09 PM | Attr = S]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 1/15/2008 1:37:50 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/14/2008 10:36:11 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/31/2007 9:22:12 PM | Attr = R S]
hpoins09.dat -> %SystemRoot%\hpoins09.dat -> [Ver = | Size = 118572 bytes | Modified Date = 12/31/2007 9:29:10 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4566 bytes | Modified Date = 1/14/2008 7:22:36 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/14/2008 8:14:43 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/15/2008 11:21:18 PM | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/14/2008 7:00:30 PM | Attr = ]
PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [Ver = | Size = 151 bytes | Modified Date = 12/21/2007 10:43:42 PM | Attr = ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 16 bytes | Modified Date = 1/19/2008 12:52:57 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/18/2008 11:07:22 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/4/2008 10:35:26 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/30/2007 10:06:51 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/30/2007 10:06:51 PM | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 1/14/2008 7:30:12 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 1/15/2008 11:09:44 PM | Attr = ]
SYSTEM.UNV -> %SystemRoot%\SYSTEM.UNV -> [Ver = | Size = 227 bytes | Modified Date = 1/10/2008 6:42:58 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/19/2008 7:37:14 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/15/2008 11:28:43 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/19/2008 9:41:40 AM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 10240 bytes | Modified Date = 1/14/2008 7:00:31 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 572 bytes | Modified Date = 1/10/2008 6:42:58 PM | Attr = ]
WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 147 bytes | Modified Date = 1/11/2008 7:15:04 PM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 1/19/2008 1:31:02 AM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/15/2008 11:23:20 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Modified Date = 12/31/2007 8:37:55 PM | Attr = ]
AOL Downloads -> %AllUsersAppData%\AOL Downloads -> [Folder | Modified Date = 12/31/2007 8:39:41 PM | Attr = ]
ATI MMC -> %AllUsersAppData%\ATI MMC -> [Folder | Modified Date = 12/21/2007 12:00:04 AM | Attr = ]
CA -> %AllUsersAppData%\CA -> [Folder | Modified Date = 1/15/2008 11:26:59 PM | Attr = ]
Google -> %AllUsersAppData%\Google -> [Folder | Modified Date = 1/13/2008 9:29:11 PM | Attr = ]
Sonic -> %AllUsersAppData%\Sonic -> [Folder | Modified Date = 12/31/2007 9:22:37 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 1/4/2008 8:11:35 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/7/2008 11:19:44 PM | Attr = ]
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Modified Date = 1/11/2008 7:34:46 PM | Attr = ]
QQ Games Plugin -> %UserAppData%\QQ Games Plugin -> [Folder | Modified Date = 12/31/2007 9:07:09 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Modified Date = 1/14/2008 7:30:12 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/7/2008 11:19:25 PM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Modified Date = 1/13/2008 9:29:24 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 1/3/2008 7:38:01 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 13824 bytes | Modified Date = 1/14/2008 7:00:29 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 36984 bytes | Modified Date = 12/31/2007 10:39:23 PM | Attr = ]
Google -> %LocalAppData%\Google -> [Folder | Modified Date = 1/13/2008 9:29:11 PM | Attr = ]
HP -> %LocalAppData%\HP -> [Folder | Modified Date = 12/31/2007 10:39:32 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4470798 bytes | Modified Date = 1/15/2008 11:22:20 PM | Attr = H ]
IsolatedStorage -> %LocalAppData%\IsolatedStorage -> [Folder | Modified Date = 12/31/2007 10:40:28 PM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/11/2008 8:06:33 PM | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 12/20/2007 9:31:46 PM | Attr = R ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 1/16/2008 11:50:57 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/5/2008 5:52:15 PM | Attr = R ]
HP Document Viewer.lnk -> %AllUsersDesktop%\HP Document Viewer.lnk -> [Ver = | Size = 1894 bytes | Modified Date = 12/31/2007 9:26:22 PM | Attr = ]
HP Photosmart Essential.lnk -> %AllUsersDesktop%\HP Photosmart Essential.lnk -> [Ver = | Size = 1887 bytes | Modified Date = 1/2/2008 9:05:36 PM | Attr = ]
HP Photosmart Premier.lnk -> %AllUsersDesktop%\HP Photosmart Premier.lnk -> [Ver = | Size = 898 bytes | Modified Date = 12/31/2007 9:19:05 PM | Attr = ]
defender.html -> %UserDesktop%\defender.html -> [Ver = | Size = 264038 bytes | Modified Date = 1/11/2008 9:33:38 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 1/11/2008 11:17:31 PM | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/11/2008 11:16:45 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
iss_en_32.exe -> %UserDesktop%\iss_en_32.exe -> CA [Ver = 3.2.1.18 | Size = 45275272 bytes | Modified Date = 1/15/2008 11:19:17 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iss_en_32.exe:Zone.Identifier
Shortcut to ATF-Cleaner.lnk -> %UserDesktop%\Shortcut to ATF-Cleaner.lnk -> [Ver = | Size = 751 bytes | Modified Date = 1/6/2008 1:05:53 PM | Attr = ]
Shortcut to spades.lnk -> %UserDesktop%\Shortcut to spades.lnk -> [Ver = | Size = 699 bytes | Modified Date = 12/27/2007 5:59:04 PM | Attr = ]
Shortcut to WinPFind35U.lnk -> %UserDesktop%\Shortcut to WinPFind35U.lnk -> [Ver = | Size = 604 bytes | Modified Date = 1/19/2008 9:43:39 AM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Modified Date = 1/14/2008 10:18:59 PM | Attr = ]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 1/11/2008 9:54:06 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\stinger.exe:Zone.Identifier
stinger.opt -> %UserDesktop%\stinger.opt -> [Ver = | Size = 22 bytes | Modified Date = 1/11/2008 11:10:43 PM | Attr = ]
stng260.exe -> %UserDesktop%\stng260.exe -> McAfee Inc. [Ver = 2.6.0. | Size = 1144839 bytes | Modified Date = 1/11/2008 9:48:05 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\stng260.exe:Zone.Identifier
stng260.opt -> %UserDesktop%\stng260.opt -> [Ver = | Size = 17 bytes | Modified Date = 1/11/2008 9:53:58 PM | Attr = ]
VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 1/14/2008 8:06:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 1/14/2008 7:33:03 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
WindowsDefender.msi -> %UserDesktop%\WindowsDefender.msi -> [Ver = | Size = 5154304 bytes | Modified Date = 1/13/2008 9:36:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WindowsDefender.msi:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/19/2008 9:42:31 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 471950 bytes | Modified Date = 1/19/2008 9:36:15 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
HP -> %CommonProgramFiles%\HP -> [Folder | Modified Date = 12/31/2007 9:18:22 PM | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 1/14/2008 7:24:45 PM | Attr = ]
Scanner -> %CommonProgramFiles%\Scanner -> [Folder | Modified Date = 1/15/2008 11:20:31 PM | Attr = ]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared -> [Folder | Modified Date = 12/31/2007 9:22:35 PM | Attr = ]
supportsoft -> %CommonProgramFiles%\supportsoft -> [Folder | Modified Date = 1/4/2008 9:30:07 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/13/2008 9:30:48 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0 -> [Ver = | Size = 5454 bytes | Modified Date = 1/18/2008 1:31:42 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1 -> [Ver = | Size = 6680 bytes | Modified Date = 1/18/2008 1:31:42 AM | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat -> [Ver = | Size = 16384 bytes | Modified Date = 7/20/2007 9:45:04 PM | Attr = ]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts -> [Ver = | Size = 553560 bytes | Modified Date = 7/11/2007 9:34:23 PM | Attr = ]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk -> [Ver = | Size = 553560 bytes | Modified Date = 7/11/2007 9:34:23 PM | Attr = ]

< End of report >

Attached Files


Clueless On The East Coast

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:06 AM

Posted 19 January 2008 - 12:01 PM

Hi wolfz_1964. Something is interfering with the scan. My guess is it's either CA or Defender. Try running the scan from Safe Mode (NOT Safe Mode with Networking). Save the scan to your desktop as wpfscan.txt and tehn reboot normally and post those results back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 wolfz_1964

wolfz_1964
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:06 PM

Posted 19 January 2008 - 03:24 PM

ok
Clueless On The East Coast

#7 wolfz_1964

wolfz_1964
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:06 PM

Posted 19 January 2008 - 04:01 PM

OK.....here ya go....I tried to upload the file again and it failed. Said it was too big.


WinPFind35 logfile created on: 1/19/2008 3:39:55 PM
WinPFind35U Version Beta25 Folder = C:\Documents and Settings\Mom\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1.50 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 76.91% Memory free
2.86 Gb Paging File | 2.69 Gb Available in Paging File | 94.17% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 42.94 Gb Free Space | 76.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 195.26 Gb Free Space | 83.85% Space Free | Partition Type: NTFS

Computer Name: MELANIE
Current User Name: Mom
Logged in as Administrator.
Cannot determine boot mode.
Scan Mode: All users


[Processes - Non-Microsoft Only]
smss.exe -> %System32%\smss -> File not found
csrss.exe -> %System32%\csrss -> File not found
winlogon.exe -> %System32%\winlogon -> File not found
services.exe -> %System32%\services -> File not found
lsass.exe -> %System32%\lsass -> File not found
svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> File not found
-> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> [Wmi] -> File not found
svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> File not found
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
-> [Wmi] -> File not found
msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng -> File not found
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice -> File not found
svchost.exe -> %System32%\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> File not found
-> %System32%\6to4svc.dll [6to4] -> Microsoft Corporation [Ver = 5.1.2600.2975 (xpsp_sp2_gdr.060816-0059) | Size = 100352 bytes | Modified Date = 8/16/2006 6:58:05 AM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> File not found
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 2:56:41 AM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 7:59:41 AM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 11:39:45 PM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 11:39:45 PM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 2:32:34 PM | Attr = ]
-> %System32%\wkssvc.dll [LanmanWorkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 7:28:27 AM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 1:29:46 PM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 5:47:18 AM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 9/3/2002 11:42:48 AM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 2:56:45 AM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 11:27:56 AM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\wbem\wmisvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\mspmsnsv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 8:47:16 PM | Attr = ]
-> [Wmi] -> File not found
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray -> File not found
explorer.exe -> %SystemRoot%\explorer -> File not found
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U -> File not found

[Win32 Services - Non-Microsoft Only]
(6to4) IPv6 Helper Service [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice -> File not found
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Stopped] -> %System32%\alg -> File not found
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state -> File not found
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %System32%\ati2evxx -> File not found
(AudioSrv) Windows Audio [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(BITS) Background Intelligent Transfer Service [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(Browser) Computer Browser [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(CaCCProvSP) CaCCProvSP [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp -> File not found
(CAISafe) CAISafe [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\isafe -> File not found
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc -> File not found
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv -> File not found
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw -> File not found
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost -> File not found
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> %System32%\CTsvcCDA -> File not found
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(Dhcp) DHCP Client [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin -> File not found
(dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(Dnscache) DNS Client [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services -> File not found
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache -> File not found
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi -> File not found
(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC -> File not found
(lanmanserver) Server [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(LanmanWorkstation) Workstation [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc -> [Folder | Modified Date = 7/8/2007 10:30:59 PM | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec -> File not found
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde -> File not found
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde -> File not found
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass -> File not found
(Netman) Network Connections [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost -> File not found
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass -> File not found
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services -> File not found
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %System32%\HPZipm12 -> File not found
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Stopped] -> %System32%\lsass -> File not found
(PPCtlPriv) PPCtlPriv [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv -> File not found
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Stopped] -> %System32%\lsass -> File not found
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr -> File not found
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp -> File not found
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Stopped] -> %System32%\lsass -> File not found
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr -> File not found
(Schedule) Task Scheduler [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(seclogon) Secondary Logon [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(SENS) System Event Notification [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(Spooler) Print Spooler [Win32_Own | Auto | Stopped] -> %System32%\spoolsv -> File not found
(srservice) System Restore Service [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(SupportSoft RemoteAssist) SupportSoft RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\supportsoft\bin\ssrc -> File not found
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost -> File not found
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc -> File not found
(TapiSrv) Telephony [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(TermService) Terminal Services [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(Themes) Themes [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(UmxAgent) HIPS Event Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxAgent -> File not found
(UmxCfg) HIPS Configuration Interpreter [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxCfg -> File not found
(UmxFwHlp) HIPS Firewall Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxFwHlp -> File not found
(UmxPol) HIPS Policy Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxPol -> File not found
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups -> File not found
(VETMSGNT) VET Message Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg -> File not found
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc -> File not found
(W32Time) Windows Time [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(WebClient) WebClient [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng -> File not found
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Stopped] -> %System32%\MsPMSPSv -> File not found
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv -> File not found
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk -> File not found
(wscsvc) Security Center [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(wuauserv) Automatic Updates [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Stopped] -> %System32%\svchost -> File not found
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi -> File not found
(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %System32%\drivers\acpiec -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec -> File not found
(AFD) AFD Networking Support Environment [Kernel | System | Stopped] -> %System32%\drivers\afd -> File not found
(agp440) Intel AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\agp440 -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac -> File not found
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> %System32%\drivers\ati2mtag -> File not found
(atinrvxx) ATI WDM Rage Theater Video [Kernel | On_Demand | Stopped] -> %System32%\drivers\atinrvxx -> File not found
(ATITUNEP) ATI WDM TV Tuner [Kernel | Auto | Stopped] -> %System32%\drivers\atintuxx -> File not found
(ativraxx) ATI WDM Rage Theater Audio [Kernel | On_Demand | Stopped] -> %System32%\drivers\atinraxx -> File not found
(ATIXSAudio) ATI WDM TV Audio Crossbar [Kernel | Auto | Stopped] -> %System32%\drivers\atinxsxx -> File not found
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc -> File not found
(audstub) Audio Stub Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\audstub -> File not found
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep -> File not found
(Bridge) MAC Bridge [Kernel | On_Demand | Stopped] -> %System32%\drivers\bridge -> File not found
(BridgeMP) MAC Bridge Miniport [Kernel | On_Demand | Stopped] -> %System32%\drivers\bridge -> File not found
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k -> File not found
(CCDECODE) Closed Caption Decoder [Kernel | On_Demand | Stopped] -> %System32%\drivers\ccdecode -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio -> File not found
(Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs -> File not found
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ctsfm2k -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot -> File not found
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio -> File not found
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload -> File not found
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\dmusic -> File not found
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud -> File not found
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325 -> File not found
(Fastfat) Fastfat [File_System | Disabled | Running] -> %System32%\drivers\fastfat -> File not found
(Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\fdc -> File not found
(Fips) Fips [Kernel | System | Stopped] -> %System32%\drivers\fips -> File not found
(Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %System32%\drivers\flpydisk -> File not found
(FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\drivers\fltmgr -> File not found
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk -> File not found
(gameenum) Game Port Enumerator [Kernel | On_Demand | Stopped] -> %System32%\drivers\gameenum -> File not found
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Stopped] -> %System32%\drivers\msgpc -> File not found
(hidusb) Microsoft HID Class Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\hidusb -> File not found
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZid412 -> File not found
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZipr12 -> File not found
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %System32%\drivers\HPZius12 -> File not found
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HSFHWBS2 -> File not found
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %System32%\drivers\HSF_DP -> File not found
(HTTP) HTTP [Kernel | On_Demand | Stopped] -> %System32%\drivers\http -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\drivers\i8042prt -> File not found
(Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %System32%\drivers\imapi -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Boot | Running] -> %System32%\drivers\intelide -> File not found
(intelppm) Intel Processor Driver [Kernel | System | Stopped] -> %System32%\drivers\intelppm -> File not found
(ip6fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ip6fw -> File not found
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv -> File not found
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip -> File not found
(IpNat) IP Network Address Translator [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipnat -> File not found
(IPSec) IPSEC driver [Kernel | System | Stopped] -> %System32%\drivers\ipsec -> File not found
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\irenum -> File not found
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\isapnp -> File not found
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\drivers\kbdclass -> File not found
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Stopped] -> %System32%\drivers\kmixer -> File not found
(KmxAgent) KmxAgent [Kernel | System | Stopped] -> %System32%\drivers\KmxAgent -> File not found
(KmxCF) KmxCF [Kernel | Auto | Stopped] -> %System32%\drivers\KmxCF -> File not found
(KmxCfg) KmxCfg [Kernel | On_Demand | Stopped] -> %System32%\drivers\KmxCfg -> File not found
(KmxFile) KmxFile [Kernel | System | Stopped] -> %System32%\drivers\KmxFile -> File not found
(KmxFw) KmxFw [Kernel | System | Stopped] -> %System32%\drivers\KmxFw -> File not found
(KmxSbx) KmxSbx [Kernel | Auto | Stopped] -> %System32%\drivers\KmxSbx -> File not found
(KmxStart) KmxStart [Kernel | Boot | Stopped] -> %System32%\drivers\KmxStart -> File not found
(KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd -> File not found
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> %System32%\drivers\L8042Kbd -> File not found
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\L8042MOU -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidKE -> File not found
(LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidUsbK -> File not found
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouKE -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Stopped] -> %System32%\drivers\mdmxsdk -> File not found
(mnmdd) mnmdd [Kernel | System | Stopped] -> %System32%\drivers\mnmdd -> File not found
(Modem) Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\modem -> File not found
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\MODEMCSA -> File not found
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\drivers\mouclass -> File not found
(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mouhid -> File not found
(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> %System32%\drivers\mountmgr -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Stopped] -> %System32%\drivers\mrxdav -> File not found
(MRxSmb) MRxSmb [File_System | System | Stopped] -> %System32%\drivers\mrxsmb -> File not found
(Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs -> File not found
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mskssrv -> File not found
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspclock -> File not found
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspqm -> File not found
(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mssmbios -> File not found
(MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [Kernel | On_Demand | Stopped] -> %System32%\drivers\mstee -> File not found
(Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup -> File not found
(MVDCODEC) ATI WDM Specialized MVD Codec [Kernel | Auto | Stopped] -> %System32%\drivers\atinmdxx -> File not found
(NABTSFEC) NABTS/FEC VBI Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\nabtsfec -> File not found
(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis -> File not found
(NdisIP) Microsoft TV/Video Connection [Kernel | On_Demand | Stopped] -> %System32%\drivers\ndisip -> File not found
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ndistapi -> File not found
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\ndisuio -> File not found
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ndiswan -> File not found
(NDProxy) NDIS Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\ndproxy -> File not found
(NetBIOS) NetBIOS Interface [File_System | System | Stopped] -> %System32%\drivers\netbios -> File not found
(NetBT) NetBios over Tcpip [Kernel | System | Stopped] -> %System32%\drivers\netbt -> File not found
(nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmnt -> File not found
(Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs -> File not found
(Ntfs) Ntfs [File_System | Disabled | Running] -> %System32%\drivers\ntfs -> File not found
(Null) Null [Kernel | System | Running] -> %System32%\drivers\null -> File not found
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd -> File not found
(OMCI) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\drivers\omci -> File not found
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ctoss2k -> File not found
(P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\P16X -> File not found
(Parport) Parallel port driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\parport -> File not found
(PartMgr) Partition Manager [Kernel | Boot | Running] -> %System32%\drivers\partmgr -> File not found
(ParVdm) ParVdm [Kernel | Auto | Stopped] -> %System32%\drivers\parvdm -> File not found
(PCDCODEC) ATI WDM Specialized PCD Codec [Kernel | Auto | Stopped] -> %System32%\drivers\atinpdxx -> File not found
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\pci -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Boot | Running] -> %System32%\drivers\pciide -> File not found
(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %System32%\drivers\pcmcia -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PfModNT) PfModNT [Kernel | Auto | Stopped] -> %System32%\PFMODNT -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Stopped] -> %System32%\drivers\raspptp -> File not found
(Processor) Processor Driver [Kernel | System | Stopped] -> %System32%\drivers\processr -> File not found
(PSched) QoS Packet Scheduler [Kernel | On_Demand | Stopped] -> %System32%\drivers\psched -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ptilink -> File not found
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20 -> File not found
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Stopped] -> %System32%\drivers\rasacd -> File not found
(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Stopped] -> %System32%\drivers\rasl2tp -> File not found
(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\raspppoe -> File not found
(Raspti) Direct Parallel [Kernel | On_Demand | Stopped] -> %System32%\drivers\raspti -> File not found
(Rdbss) Rdbss [File_System | System | Stopped] -> %System32%\drivers\rdbss -> File not found
(RDPCDD) RDPCDD [Kernel | System | Stopped] -> %System32%\drivers\rdpcdd -> File not found
(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdpwd -> File not found
(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %System32%\drivers\redbook -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv -> File not found
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM -> File not found
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv -> File not found
(serenum) Serenum Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\serenum -> File not found
(Serial) Serial port driver [Kernel | System | Stopped] -> %System32%\drivers\serial -> File not found
(Sfloppy) Sfloppy [Kernel | System | Stopped] -> %System32%\drivers\sfloppy -> File not found
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SLIP) BDA Slip De-Framer [Kernel | On_Demand | Stopped] -> %System32%\drivers\slip -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %System32%\drivers\splitter -> File not found
(sr) System Restore Filter Driver [File_System | Disabled | Stopped] -> %System32%\drivers\sr -> File not found
(Srv) Srv [File_System | On_Demand | Stopped] -> %System32%\drivers\srv -> File not found
(streamip) BDA IPSink [Kernel | On_Demand | Stopped] -> %System32%\drivers\streamip -> File not found
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %System32%\drivers\swenum -> File not found
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\swmidi -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\sysaudio -> File not found
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Stopped] -> %System32%\drivers\tcpip -> File not found
(Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | System | Stopped] -> %System32%\drivers\tcpip6 -> File not found
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe -> File not found
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp -> File not found
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %System32%\drivers\termdd -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(tunmp) Microsoft Tun Miniport Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\tunmp -> File not found
(Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %System32%\drivers\update -> File not found
(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbccgp -> File not found
(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbehci -> File not found
(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %System32%\drivers\usbhub -> File not found
(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Running] -> %System32%\drivers\usbprint -> File not found
(usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbscan -> File not found
(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Running] -> %System32%\drivers\USBSTOR -> File not found
(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbuhci -> File not found
(VET-FILT) VET File System Filter [Kernel | System | Stopped] -> %System32%\drivers\vet-filt -> File not found
(VET-REC) VET File System Recognizer [Kernel | System | Stopped] -> %System32%\drivers\vet-rec -> File not found
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Stopped] -> %System32%\drivers\veteboot -> File not found
(VETEFILE) VET File Scan Engine [Kernel | System | Stopped] -> %System32%\drivers\vetefile -> File not found
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %System32%\drivers\vetfddnt -> File not found
(VETMONNT) VET File Monitor [Kernel | System | Stopped] -> %System32%\drivers\vetmonnt -> File not found
(VgaSave) VGA Display Controller. [Kernel | System | Running] -> %System32%\drivers\vga -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap -> File not found
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\wanarp -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\wdmaud -> File not found
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> %System32%\drivers\HSF_CNXT -> File not found
(WSTCODEC) World Standard Teletext Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\wstcodec -> File not found
(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfPf -> File not found
(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfRd -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ATIModeChange -> %System32%\Ati2mdxx -> File not found
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR -> File not found
MSConfig -> %SystemRoot%\PCHealth\HelpCtr\Binaries\msconfig -> File not found
Windows Defender -> %ProgramFiles%\Windows Defender\MSASCui -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ctfmon.exe -> %System32%\ctfmon -> File not found
*MultiFile Done* -> ->
< Windows NT\\Load [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\pmnlm.exe -> %System32%\pmnlm.exe -> File not found
*MultiFile Done* -> ->
< Windows NT\\Load [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\pmnlm.exe -> %System32%\pmnlm.exe -> File not found
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Run [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ctfmon.exe -> %System32%\ctfmon -> File not found
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop -> File not found
< Dad Startup Folder > -> C:\Documents and Settings\Dad\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Dad\Start Menu\Programs\Startup\desktop -> File not found
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop -> File not found
< Hope Startup Folder > -> C:\Documents and Settings\Hope\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Hope\Start Menu\Programs\Startup\desktop -> File not found
< Jennifer Startup Folder > -> C:\Documents and Settings\Jennifer\Start Menu\Programs\Startup ->
-> %SystemDrive%\Documents and Settings\Jennifer\Start Menu\Programs\Startup\desktop -> File not found
< Mom Startup Folder > -> C:\Documents and Settings\Mom\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop -> File not found
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %System32%\ntsd [Debugger] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer -> File not found
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %System32%\userinit -> File not found
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %System32%\logonui -> File not found
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %System32%\rundll32 -> File not found
Control_RunDLL "sysdm.cpl" -> %System32%\sysdm -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
PFW -> %System32%\UmxWNP.dll -> CA [Ver = 6, 0, 0, 5 | Size = 79368 bytes | Modified Date = 5/18/2007 2:30:00 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (223027 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.rr.com/flash/index.cfm?rev=10238 ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: Main\\Start Page -> http://www.rr.com/flash/index.cfm?rev=10238 ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4163 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4163 domain(s) found. ->
www_pandasecurity.com [http] -> Trusted sites ->
www_pandasecurity.com [https] -> Trusted sites ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4163 domain(s) found. ->
www_pandasecurity.com [http] -> Trusted sites ->
www_pandasecurity.com [https] -> Trusted sites ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{53AFF78C-310F-4D25-9EBF-198E64D5FE9B} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{8F9E2BE3-766D-4831-BB0E-766D5B819995} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [BndBlock4 BHO Class] -> File not found
{a4228b22-b155-4fc5-9332-4db1ab4f344e} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{1FE2EBE5-42FF-4586-A144-CA420C84FF6A} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Internet Speed Monitor] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{44226DFF-747E-4edc-B30C-78752E50CD0C}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ATI TV] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec -> %SystemRoot%\network diagnostic\xpnetdiag [@xpsp3res.dll,-20001] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ATI Multimedia\tv\EXPLBAR.DLL [&ATI TV] -> ATI Technologies Inc. [Ver = 8.0.001 | Size = 139341 bytes | Modified Date = 1/20/2003 10:52:20 PM | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ATI Multimedia\tv\EXPLBAR.DLL [&ATI TV] -> ATI Technologies Inc. [Ver = 8.0.001 | Size = 139341 bytes | Modified Date = 1/20/2003 10:52:20 PM | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Messenger] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{506BEAA9-5458-47DB-8614-D392ABAFCF4B} -> () ->
{DD253A6D-E3AC-441E-9ACD-161F877D2D68} -> (Intel® PRO/100 VE Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000025 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000026 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 11/20/2007 9:17:41 PM | Attr = ]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab[Support.com Configuration Class] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b...heckControl.cab[Windows Genuine Advantage Validation Tool] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftu...b?1183959451312[WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftu...b?1183959443078[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ]
C:\WINDOWS\system32\pmnlm -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 268 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost [%SystemRoot%\System32\svchost.exe -k netsvcs] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 7341 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe -> C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007 [C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:*:Enabled:Ad-Aware 2007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{683F9741-DCA4-44FE-A065-B3BAC733D11F} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{506BEAA9-5458-47DB-8614-D392ABAFCF4B} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{DD253A6D-E3AC-441E-9ACD-161F877D2D68} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FB36596F-21A9-482F-8D19-BE94F6E373AE} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost [%systemroot%\system32\svchost.exe -k netsvcs] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd -> File not found
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 11:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg -> File not found
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 6:55:59 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
-> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
< Software Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\policies\ ->
HKEY_USERS\.DEFAULT\Software\Policies\ -> ->
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\ -> ->
< Software Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\policies\ ->
HKEY_USERS\S-1-5-18\Software\Policies\ -> ->
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\ -> ->
< Software Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\policies\ ->
HKEY_USERS\S-1-5-20\Software\Policies\ -> ->
HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\ -> ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005] > -> HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\SOFTWARE\policies\ ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\Software\Policies\ -> ->
HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1005\Software\Policies\Microsoft\ -> ->


[Files/Folders - Created Within 30 days]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 1/3/2008 6:25:32 PM | Attr = ]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 34694 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
vet-filt.sys -> %System32%\drivers\vet-filt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 26376 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vet-rec.sys -> %System32%\drivers\vet-rec.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 21128 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
veteboot.sys -> %System32%\drivers\veteboot.sys -> Computer Associates International, Inc. [Ver = 31.1.0.0 | Size = 108312 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vetefile.sys -> %System32%\drivers\vetefile.sys -> Computer Associates International, Inc. [Ver = 31.1.0.0 | Size = 879784 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vetfddnt.sys -> %System32%\drivers\vetfddnt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 21512 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vetmonnt.sys -> %System32%\drivers\vetmonnt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 32264 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
ddccd.exe -> %System32%\ddccd.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 10:27:17 PM | Attr = ]
isafeif.dll -> %System32%\isafeif.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 99592 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
isafprod.dll -> %System32%\isafprod.dll -> CA, Inc. [Ver = Version 8.4.0.28 | Size = 75016 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
mlnmp.ini -> %System32%\mlnmp.ini -> [Ver = | Size = 670800 bytes | Created Date = 12/31/2007 5:39:43 PM | Attr = HS]
mlnmp.ini2 -> %System32%\mlnmp.ini2 -> [Ver = | Size = 670800 bytes | Created Date = 12/31/2007 5:39:43 PM | Attr = HS]
vetredir.dll -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 21 bytes | Created Date = 12/31/2007 8:39:32 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/6/2008 6:19:31 PM | Attr = ]
hpoins09.dat.temp -> %SystemRoot%\hpoins09.dat.temp -> [Ver = | Size = 118642 bytes | Created Date = 12/31/2007 9:08:46 PM | Attr = ]
hpomdl09.dat.temp -> %SystemRoot%\hpomdl09.dat.temp -> [Ver = | Size = 11645 bytes | Created Date = 12/31/2007 9:08:45 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/30/2007 10:06:51 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/30/2007 10:06:51 PM | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 1/14/2008 7:30:12 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 10240 bytes | Created Date = 1/14/2008 7:00:30 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[Files Created - Additional Folder Scans - Non-Microsoft Only]
CA -> %AllUsersAppData%\CA -> [Folder | Created Date = 1/15/2008 11:20:15 PM | Attr = ]
Sonic -> %AllUsersAppData%\Sonic -> [Folder | Created Date = 12/31/2007 9:22:37 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 1/4/2008 6:33:08 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/7/2008 11:19:43 PM | Attr = ]
QQ Games Plugin -> %UserAppData%\QQ Games Plugin -> [Folder | Created Date = 12/31/2007 9:07:09 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Created Date = 1/14/2008 7:30:12 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/7/2008 11:19:25 PM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Created Date = 12/31/2007 9:03:58 PM | Attr = ]
HP -> %LocalAppData%\HP -> [Folder | Created Date = 12/31/2007 10:39:32 PM | Attr = ]
IsolatedStorage -> %LocalAppData%\IsolatedStorage -> [Folder | Created Date = 12/31/2007 10:40:28 PM | Attr = ]
HP Document Viewer.lnk -> %AllUsersDesktop%\HP Document Viewer.lnk -> [Ver = | Size = 1894 bytes | Created Date = 12/31/2007 9:26:22 PM | Attr = ]
HP Photosmart Essential.lnk -> %AllUsersDesktop%\HP Photosmart Essential.lnk -> [Ver = | Size = 1887 bytes | Created Date = 1/2/2008 9:05:36 PM | Attr = ]
HP Photosmart Premier.lnk -> %AllUsersDesktop%\HP Photosmart Premier.lnk -> [Ver = | Size = 898 bytes | Created Date = 12/31/2007 9:19:05 PM | Attr = ]
defender.html -> %UserDesktop%\defender.html -> [Ver = | Size = 264038 bytes | Created Date = 1/11/2008 9:34:40 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 1/11/2008 11:17:30 PM | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/11/2008 11:16:41 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
iss_en_32.exe -> %UserDesktop%\iss_en_32.exe -> CA [Ver = 3.2.1.18 | Size = 45275272 bytes | Created Date = 1/15/2008 11:18:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iss_en_32.exe:Zone.Identifier
Shortcut to ATF-Cleaner.lnk -> %UserDesktop%\Shortcut to ATF-Cleaner.lnk -> [Ver = | Size = 751 bytes | Created Date = 1/6/2008 1:05:53 PM | Attr = ]
Shortcut to spades.lnk -> %UserDesktop%\Shortcut to spades.lnk -> [Ver = | Size = 699 bytes | Created Date = 12/27/2007 5:59:04 PM | Attr = ]
Shortcut to WinPFind35U.lnk -> %UserDesktop%\Shortcut to WinPFind35U.lnk -> [Ver = | Size = 604 bytes | Created Date = 1/19/2008 9:43:39 AM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Created Date = 1/4/2008 6:33:13 PM | Attr = ]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 1/11/2008 9:53:49 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\stinger.exe:Zone.Identifier
stinger.opt -> %UserDesktop%\stinger.opt -> [Ver = | Size = 22 bytes | Created Date = 1/11/2008 11:10:43 PM | Attr = ]
stng260.exe -> %UserDesktop%\stng260.exe -> McAfee Inc. [Ver = 2.6.0. | Size = 1144839 bytes | Created Date = 1/11/2008 9:47:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\stng260.exe:Zone.Identifier
stng260.opt -> %UserDesktop%\stng260.opt -> [Ver = | Size = 17 bytes | Created Date = 1/11/2008 9:53:58 PM | Attr = ]
VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 1/14/2008 8:06:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 1/7/2008 11:15:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
WindowsDefender.msi -> %UserDesktop%\WindowsDefender.msi -> [Ver = | Size = 5154304 bytes | Created Date = 1/13/2008 9:36:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WindowsDefender.msi:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/19/2008 9:42:31 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 471950 bytes | Created Date = 1/19/2008 9:36:05 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/14/2008 7:24:45 PM | Attr = ]
Scanner -> %CommonProgramFiles%\Scanner -> [Folder | Created Date = 1/15/2008 11:20:30 PM | Attr = ]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared -> [Folder | Created Date = 12/31/2007 9:22:35 PM | Attr = ]
supportsoft -> %CommonProgramFiles%\supportsoft -> [Folder | Created Date = 1/4/2008 9:30:07 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 1/19/2008 3:31:50 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/15/2008 11:21:23 PM | Attr = H ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 2413 bytes | Modified Date = 1/2/2008 9:11:12 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/15/2008 11:20:14 PM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/11/2008 9:37:49 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/11/2008 8:48:02 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/19/2008 3:33:07 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/10/2008 6:47:28 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 223027 bytes | Modified Date = 1/10/2008 6:47:28 PM | Attr = R ]
hosts.20080104-211517.backup -> %System32%\drivers\etc\hosts.20080104-211517.backup -> [Ver = | Size = 222475 bytes | Modified Date = 1/4/2008 7:12:20 PM | Attr = R ]
hosts.20080110-184533.backup -> %System32%\drivers\etc\hosts.20080110-184533.backup -> [Ver = | Size = 222475 bytes | Modified Date = 1/4/2008 9:15:17 PM | Attr = R ]
hosts.20080110-184728.backup -> %System32%\drivers\etc\hosts.20080110-184728.backup -> [Ver = | Size = 222475 bytes | Modified Date = 1/10/2008 6:45:33 PM | Attr = R ]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 34694 bytes | Modified Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Modified Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Modified Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Modified Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Modified Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Modified Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Modified Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver = | Size = 64 bytes | Modified Date = 1/19/2008 3:32:17 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/15/2008 11:30:03 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/28/2007 11:41:11 AM | Attr = ]
ddccd.exe -> %System32%\ddccd.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 10:27:17 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/9/2008 11:59:44 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/15/2008 11:21:04 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 169096 bytes | Modified Date = 12/31/2007 9:31:55 PM | Attr = ]
mlnmp.ini -> %System32%\mlnmp.ini -> [Ver = | Size = 670800 bytes | Modified Date = 1/10/2008 10:04:43 PM | Attr = HS]
mlnmp.ini2 -> %System32%\mlnmp.ini2 -> [Ver = | Size = 670800 bytes | Modified Date = 1/10/2008 10:04:40 PM | Attr = HS]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70066 bytes | Modified Date = 1/14/2008 7:22:33 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 435920 bytes | Modified Date = 1/14/2008 7:22:33 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 514654 bytes | Modified Date = 1/14/2008 7:22:33 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/11/2008 9:37:49 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/15/2008 11:25:16 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 12:04:16 AM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/31/2007 9:26:45 PM | Attr = R S]
atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 21 bytes | Modified Date = 12/31/2007 8:39:32 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/11/2008 8:04:08 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/19/2008 3:33:19 PM | Attr = S]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 1/19/2008 11:13:52 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/14/2008 10:36:11 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/31/2007 9:22:12 PM | Attr = R S]
hpoins09.dat -> %SystemRoot%\hpoins09.dat -> [Ver = | Size = 118572 bytes | Modified Date = 12/31/2007 9:29:10 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4566 bytes | Modified Date = 1/14/2008 7:22:36 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/14/2008 8:14:43 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/15/2008 11:21:18 PM | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/14/2008 7:00:30 PM | Attr = ]
PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [Ver = | Size = 151 bytes | Modified Date = 12/21/2007 10:43:42 PM | Attr = ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 16 bytes | Modified Date = 1/19/2008 12:52:57 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/19/2008 9:44:08 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/4/2008 10:35:26 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/30/2007 10:06:51 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/30/2007 10:06:51 PM | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 1/14/2008 7:30:12 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 1/19/2008 3:31:50 PM | Attr = ]
SYSTEM.UNV -> %SystemRoot%\SYSTEM.UNV -> [Ver = | Size = 227 bytes | Modified Date = 1/10/2008 6:42:58 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/19/2008 7:37:14 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/19/2008 3:38:48 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/19/2008 1:38:27 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 10240 bytes | Modified Date = 1/14/2008 7:00:31 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 572 bytes | Modified Date = 1/19/2008 3:31:50 PM | Attr = ]
WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 147 bytes | Modified Date = 1/11/2008 7:15:04 PM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 1/19/2008 3:38:48 PM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/19/2008 3:32:12 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Modified Date = 12/31/2007 8:37:55 PM | Attr = ]
AOL Downloads -> %AllUsersAppData%\AOL Downloads -> [Folder | Modified Date = 12/31/2007 8:39:41 PM | Attr = ]
ATI MMC -> %AllUsersAppData%\ATI MMC -> [Folder | Modified Date = 12/21/2007 12:00:04 AM | Attr = ]
CA -> %AllUsersAppData%\CA -> [Folder | Modified Date = 1/15/2008 11:26:59 PM | Attr = ]
Google -> %AllUsersAppData%\Google -> [Folder | Modified Date = 1/13/2008 9:29:11 PM | Attr = ]
Sonic -> %AllUsersAppData%\Sonic -> [Folder | Modified Date = 12/31/2007 9:22:37 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 1/4/2008 8:11:35 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/7/2008 11:19:44 PM | Attr = ]
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Modified Date = 1/11/2008 7:34:46 PM | Attr = ]
QQ Games Plugin -> %UserAppData%\QQ Games Plugin -> [Folder | Modified Date = 12/31/2007 9:07:09 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Modified Date = 1/14/2008 7:30:12 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/7/2008 11:19:25 PM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Modified Date = 1/13/2008 9:29:24 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 1/3/2008 7:38:01 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 13824 bytes | Modified Date = 1/14/2008 7:00:29 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 36984 bytes | Modified Date = 12/31/2007 10:39:23 PM | Attr = ]
Google -> %LocalAppData%\Google -> [Folder | Modified Date = 1/13/2008 9:29:11 PM | Attr = ]
HP -> %LocalAppData%\HP -> [Folder | Modified Date = 12/31/2007 10:39:32 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 2187990 bytes | Modified Date = 1/19/2008 3:31:58 PM | Attr = H ]
IsolatedStorage -> %LocalAppData%\IsolatedStorage -> [Folder | Modified Date = 12/31/2007 10:40:28 PM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/11/2008 8:06:33 PM | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 12/20/2007 9:31:46 PM | Attr = R ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 1/16/2008 11:50:57 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/5/2008 5:52:15 PM | Attr = R ]
HP Document Viewer.lnk -> %AllUsersDesktop%\HP Document Viewer.lnk -> [Ver = | Size = 1894 bytes | Modified Date = 12/31/2007 9:26:22 PM | Attr = ]
HP Photosmart Essential.lnk -> %AllUsersDesktop%\HP Photosmart Essential.lnk -> [Ver = | Size = 1887 bytes | Modified Date = 1/2/2008 9:05:36 PM | Attr = ]
HP Photosmart Premier.lnk -> %AllUsersDesktop%\HP Photosmart Premier.lnk -> [Ver = | Size = 898 bytes | Modified Date = 12/31/2007 9:19:05 PM | Attr = ]
defender.html -> %UserDesktop%\defender.html -> [Ver = | Size = 264038 bytes | Modified Date = 1/11/2008 9:33:38 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 1/11/2008 11:17:31 PM | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/11/2008 11:16:45 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
iss_en_32.exe -> %UserDesktop%\iss_en_32.exe -> CA [Ver = 3.2.1.18 | Size = 45275272 bytes | Modified Date = 1/15/2008 11:19:17 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iss_en_32.exe:Zone.Identifier
Shortcut to ATF-Cleaner.lnk -> %UserDesktop%\Shortcut to ATF-Cleaner.lnk -> [Ver = | Size = 751 bytes | Modified Date = 1/6/2008 1:05:53 PM | Attr = ]
Shortcut to spades.lnk -> %UserDesktop%\Shortcut to spades.lnk -> [Ver = | Size = 699 bytes | Modified Date = 12/27/2007 5:59:04 PM | Attr = ]
Shortcut to WinPFind35U.lnk -> %UserDesktop%\Shortcut to WinPFind35U.lnk -> [Ver = | Size = 604 bytes | Modified Date = 1/19/2008 9:43:39 AM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Modified Date = 1/14/2008 10:18:59 PM | Attr = ]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 1/11/2008 9:54:06 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\stinger.exe:Zone.Identifier
stinger.opt -> %UserDesktop%\stinger.opt -> [Ver = | Size = 22 bytes | Modified Date = 1/11/2008 11:10:43 PM | Attr = ]
stng260.exe -> %UserDesktop%\stng260.exe -> McAfee Inc. [Ver = 2.6.0. | Size = 1144839 bytes | Modified Date = 1/11/2008 9:48:05 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\stng260.exe:Zone.Identifier
stng260.opt -> %UserDesktop%\stng260.opt -> [Ver = | Size = 17 bytes | Modified Date = 1/11/2008 9:53:58 PM | Attr = ]
VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 1/14/2008 8:06:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 1/14/2008 7:33:03 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
WindowsDefender.msi -> %UserDesktop%\WindowsDefender.msi -> [Ver = | Size = 5154304 bytes | Modified Date = 1/13/2008 9:36:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WindowsDefender.msi:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/19/2008 9:46:44 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 471950 bytes | Modified Date = 1/19/2008 9:36:15 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
HP -> %CommonProgramFiles%\HP -> [Folder | Modified Date = 12/31/2007 9:18:22 PM | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 1/14/2008 7:24:45 PM | Attr = ]
Scanner -> %CommonProgramFiles%\Scanner -> [Folder | Modified Date = 1/15/2008 11:20:31 PM | Attr = ]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared -> [Folder | Modified Date = 12/31/2007 9:22:35 PM | Attr = ]
supportsoft -> %CommonProgramFiles%\supportsoft -> [Folder | Modified Date = 1/4/2008 9:30:07 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/13/2008 9:30:48 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0 -> [Ver = | Size = 5454 bytes | Modified Date = 1/18/2008 1:31:42 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1 -> [Ver = | Size = 6680 bytes | Modified Date = 1/18/2008 1:31:42 AM | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat -> [Ver = | Size = 16384 bytes | Modified Date = 7/20/2007 9:45:04 PM | Attr = ]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts -> [Ver = | Size = 553560 bytes | Modified Date = 7/11/2007 9:34:23 PM | Attr = ]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk -> [Ver = | Size = 553560 bytes | Modified Date = 7/11/2007 9:34:23 PM | Attr = ]

< End of report >
Clueless On The East Coast

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:06 AM

Posted 19 January 2008 - 09:11 PM

Hi wolfz_1964. I'm going to need to investigate this a bit. This machine is not showing any file extensions and it is reporting on a number of things that it should not be.

I'll get back to you.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 wolfz_1964

wolfz_1964
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:06 PM

Posted 19 January 2008 - 09:41 PM

Hey OldTimer,
OK, thanks. Computer seems to operating ok. Altought I haven't been using it much. I ran the scan as told except I did check the box for "Scan All User Accounts".
Clueless On The East Coast

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:06 AM

Posted 20 January 2008 - 11:38 AM

Hi wolfz_1964. Let's see if we can clean some of this up. Please print these directions and then follow the steps below in order.

Step #1

Open Notepad and copy/paste the text in the codebox below into the new document:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Windows NT\\Load [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system32\pmnlm.exe -> %System32%\pmnlm.exe
< Windows NT\\Load [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system32\pmnlm.exe -> %System32%\pmnlm.exe
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\pmnlm -> 
< BotCheck > -> 
[Files/Folders - Created Within 30 days]
NY -> mlnmp.ini -> %System32%\mlnmp.ini
NY -> mlnmp.ini2 -> %System32%\mlnmp.ini2
[Files/Folders - Modified Within 30 days]
NY -> ddccd.exe -> %System32%\ddccd.exe
NY -> mlnmp.ini -> %System32%\mlnmp.ini
NY -> mlnmp.ini2 -> %System32%\mlnmp.ini2
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
NY -> popcinfo.dat -> %SystemRoot%\popcinfo.dat
[Empty Temp Folders]
[Start Explorer]

Save the document to your desktop as wpf35.txt and close Notepad.

Step #2

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Close SUPERAntiSpyware, we will come back to it later on.
Step #3

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Step #4

Start SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #5

Now start WinPFind35U. Open Notepad and then open the wpf35.txt file that you saved to your desktop. Copy/paste the contents of the Notepad file into the WinPFind35u textbox where it says Paste Fix Here and click the Run Fix button.

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot the computer normally.

Step #6

Post the following back here:
  • the VundoFix log (c:\vundofix.txt)
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u\MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
  • a new WinPFind35U report with the following options:
    • Under Additional Scans] click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Do not change any other settings.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

Edited by OldTimer, 20 January 2008 - 11:39 AM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 wolfz_1964

wolfz_1964
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:06 PM

Posted 20 January 2008 - 01:31 PM

Hey OldTimer,
Thanks.....will report back soon.
:wacko: :thumbsup: :blink: :)
Clueless On The East Coast

#12 wolfz_1964

wolfz_1964
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:06 PM

Posted 20 January 2008 - 06:02 PM

Everything ran fine up until I ran WinPFind35U with included text to fix. Not sure how long this is suppose to take. I tried to expaind the window and got a "not responding" at the top left of the window. Anyhow....thing has been running about 10 to 15 mins at the time of this post.
Clueless On The East Coast

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:06 AM

Posted 20 January 2008 - 06:04 PM

Just terminate it then. there is probably some vundo still in there that doesn't like getting kicked around lol.

Run the new scan and post all the logs.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 wolfz_1964

wolfz_1964
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:06 PM

Posted 20 January 2008 - 06:10 PM

lol..ok will do
Clueless On The East Coast

#15 wolfz_1964

wolfz_1964
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:06 PM

Posted 20 January 2008 - 06:28 PM

Hey OldTimer,
VundoFix found nothing.....That was the third time it's been run...I had ran it before after reading of forum topics. It found stuff before but I don't have the logs any longer.

________________________________________________________________________________
WinPFind35 logfile created on: 1/20/2008 6:15:14 PM
WinPFind35U Version Beta25 Folder = C:\Documents and Settings\Mom\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1.50 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 66.15% Memory free
2.86 Gb Paging File | 2.51 Gb Available in Paging File | 87.97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 42.92 Gb Free Space | 76.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 195.26 Gb Free Space | 83.85% Space Free | Partition Type: NTFS

Computer Name: MELANIE
Current User Name: Mom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 11/9/2007 7:08:28 PM | Attr = ]
umxcfg.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxCfg.exe -> CA [Ver = 1.0.2.171 | Size = 813840 bytes | Modified Date = 7/24/2007 5:37:16 PM | Attr = ]
umxfwhlp.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -> CA [Ver = 6.5.5.5 | Size = 145936 bytes | Modified Date = 6/27/2007 10:56:46 AM | Attr = ]
umxpol.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxPol.exe -> CA [Ver = 6.0.0.44 | Size = 275976 bytes | Modified Date = 5/18/2007 2:30:00 PM | Attr = ]
umxagent.exe -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxAgent.exe -> CA [Ver = 6, 0, 1, 199 | Size = 1034768 bytes | Modified Date = 7/24/2007 5:00:44 PM | Attr = ]
isafe.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 144960 bytes | Modified Date = 8/20/2007 1:42:56 PM | Attr = ]
ctsvccda.exe -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:01:00 AM | Attr = ]
itmrtsvc.exe -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.26 | Size = 280080 bytes | Modified Date = 1/4/2007 12:10:22 PM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 2:27:52 AM | Attr = ]
vetmsg.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -> CA, Inc. [Ver = Version 8.4.0.28 | Size = 242952 bytes | Modified Date = 8/20/2007 1:42:54 PM | Attr = ]
ccprovsp.exe -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp.exe -> CA, Inc. [Ver = Version 3.2.1.18 | Size = 214280 bytes | Modified Date = 8/16/2007 10:25:12 PM | Attr = ]
ppctlpriv.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -> CA, Inc. [Ver = 9.1.0.9 | Size = 189704 bytes | Modified Date = 8/16/2007 9:10:16 PM | Attr = ]
capfsem.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe -> CA, Inc. [Ver = Version 9.1.0.35 | Size = 181512 bytes | Modified Date = 8/14/2007 10:06:48 AM | Attr = ]
cctray.exe -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray.exe -> CA, Inc. [Ver = Version 3.2.1.18 | Size = 177416 bytes | Modified Date = 8/16/2007 10:25:10 PM | Attr = ]
cavrid.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe -> CA, Inc. [Ver = Version 8.4.0.28 | Size = 230664 bytes | Modified Date = 8/20/2007 1:42:56 PM | Attr = ]
cappactiveprotection.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe -> CA, Inc. [Ver = 9, 1, 0, 2 | Size = 218376 bytes | Modified Date = 8/16/2007 9:10:14 PM | Attr = ]
capfasem.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe -> CA, Inc. [Ver = Version 9.1.0.35 | Size = 173320 bytes | Modified Date = 8/14/2007 10:06:52 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 300544 bytes | Modified Date = 1/19/2008 8:43:38 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 11/9/2007 7:08:28 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %System32%\ati2evxx.exe -> [Ver = | Size = 249945 bytes | Modified Date = 4/25/2003 1:16:12 PM | Attr = ]
(CaCCProvSP) CaCCProvSP [Win32_Own | On_Demand | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp.exe -> CA, Inc. [Ver = Version 3.2.1.18 | Size = 214280 bytes | Modified Date = 8/16/2007 10:25:12 PM | Attr = ]
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 144960 bytes | Modified Date = 8/20/2007 1:42:56 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.26 | Size = 280080 bytes | Modified Date = 1/4/2007 12:10:22 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 2:27:52 AM | Attr = ]
(PPCtlPriv) PPCtlPriv [Win32_Own | On_Demand | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -> CA, Inc. [Ver = 9.1.0.9 | Size = 189704 bytes | Modified Date = 8/16/2007 9:10:16 PM | Attr = ]
(SupportSoft RemoteAssist) SupportSoft RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\supportsoft\bin\ssrc.exe -> SupportSoft, Inc. [Ver = 6.9.2555.0 | Size = 382320 bytes | Modified Date = 12/11/2007 4:39:12 AM | Attr = ]
(UmxAgent) HIPS Event Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxAgent.exe -> CA [Ver = 6, 0, 1, 199 | Size = 1034768 bytes | Modified Date = 7/24/2007 5:00:44 PM | Attr = ]
(UmxCfg) HIPS Configuration Interpreter [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxCfg.exe -> CA [Ver = 1.0.2.171 | Size = 813840 bytes | Modified Date = 7/24/2007 5:37:16 PM | Attr = ]
(UmxFwHlp) HIPS Firewall Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -> CA [Ver = 6.5.5.5 | Size = 145936 bytes | Modified Date = 6/27/2007 10:56:46 AM | Attr = ]
(UmxPol) HIPS Policy Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\HIPSEngine\UmxPol.exe -> CA [Ver = 6.0.0.44 | Size = 275976 bytes | Modified Date = 5/18/2007 2:30:00 PM | Attr = ]
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -> CA, Inc. [Ver = Version 8.4.0.28 | Size = 242952 bytes | Modified Date = 8/20/2007 1:42:54 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 8/28/2002 5:17:32 PM | Attr = ]
cafwc -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -> CA, Inc. [Ver = Version 9.1.0.35 | Size = 1193224 bytes | Modified Date = 8/14/2007 10:06:46 AM | Attr = ]
capfasem -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe -> CA, Inc. [Ver = Version 9.1.0.35 | Size = 173320 bytes | Modified Date = 8/14/2007 10:06:52 AM | Attr = ]
capfupgrade -> %ProgramFiles%\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe -> CA, Inc. [Ver = 9.1.0.35 | Size = 253952 bytes | Modified Date = 8/14/2007 10:01:54 AM | Attr = ]
CAVRID -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe -> CA, Inc. [Ver = Version 8.4.0.28 | Size = 230664 bytes | Modified Date = 8/20/2007 1:42:56 PM | Attr = ]
cctray -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray.exe -> CA, Inc. [Ver = Version 3.2.1.18 | Size = 177416 bytes | Modified Date = 8/16/2007 10:25:10 PM | Attr = ]
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.30.314 | Size = 49152 bytes | Modified Date = 12/10/2004 12:45:26 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 7/8/2007 10:33:44 PM | Attr = HS]
< Mom Startup Folder > -> C:\Documents and Settings\Mom\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 7/8/2007 10:33:44 PM | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
PFW -> %System32%\UmxWNP.dll -> CA [Ver = 6, 0, 0, 5 | Size = 79368 bytes | Modified Date = 5/18/2007 2:30:00 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (223027 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.rr.com/flash/index.cfm?rev=10238 ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4163 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4163 domain(s) found. ->
www_pandasecurity.com [http] -> Trusted sites ->
www_pandasecurity.com [https] -> Trusted sites ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{53AFF78C-310F-4D25-9EBF-198E64D5FE9B} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{a4228b22-b155-4fc5-9332-4db1ab4f344e} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{1FE2EBE5-42FF-4586-A144-CA420C84FF6A} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Internet Speed Monitor] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{44226DFF-747E-4edc-B30C-78752E50CD0C}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ATI TV] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{FB5F1910-F110-11d2-BB9E-00C04F795683}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Messenger] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{506BEAA9-5458-47DB-8614-D392ABAFCF4B} -> () ->
{DD253A6D-E3AC-441E-9ACD-161F877D2D68} -> (Intel® PRO/100 VE Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000025 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000026 -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Modified Date = 8/20/2007 1:42:58 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 11/20/2007 9:17:41 PM | Attr = ]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab[Support.com Configuration Class] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b...heckControl.cab[Windows Genuine Advantage Validation Tool] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftu...b?1183959451312[WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftu...b?1183959443078[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->



[Files/Folders - Created Within 30 days]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 1/3/2008 6:25:32 PM | Attr = ]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 37734 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver = | Size = 64 bytes | Created Date = 1/19/2008 3:32:17 PM | Attr = ]
vet-filt.sys -> %System32%\drivers\vet-filt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 26376 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vet-rec.sys -> %System32%\drivers\vet-rec.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 21128 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
veteboot.sys -> %System32%\drivers\veteboot.sys -> Computer Associates International, Inc. [Ver = 31.1.0.0 | Size = 108312 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vetefile.sys -> %System32%\drivers\vetefile.sys -> Computer Associates International, Inc. [Ver = 31.1.0.0 | Size = 879784 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vetfddnt.sys -> %System32%\drivers\vetfddnt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 21512 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
vetmonnt.sys -> %System32%\drivers\vetmonnt.sys -> Computer Associates International, Inc. [Ver = 8.4.0.28 | Size = 32264 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
ddccd.exe -> %System32%\ddccd.exe -> [Ver = | Size = 1 bytes | Created Date = 12/30/2007 10:27:17 PM | Attr = ]
isafeif.dll -> %System32%\isafeif.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 99592 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
isafprod.dll -> %System32%\isafprod.dll -> CA, Inc. [Ver = Version 8.4.0.28 | Size = 75016 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/14/2008 7:25:50 PM | Attr = ]
mlnmp.ini -> %System32%\mlnmp.ini -> [Ver = | Size = 670800 bytes | Created Date = 12/31/2007 5:39:43 PM | Attr = HS]
mlnmp.ini2 -> %System32%\mlnmp.ini2 -> [Ver = | Size = 670800 bytes | Created Date = 12/31/2007 5:39:43 PM | Attr = HS]
vetredir.dll -> %System32%\vetredir.dll -> Computer Associates International, Inc. [Ver = Version 8.0.8.0 | Size = 79424 bytes | Created Date = 1/15/2008 11:20:41 PM | Attr = ]
atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 21 bytes | Created Date = 12/31/2007 8:39:32 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 1/6/2008 6:19:31 PM | Attr = ]
hpoins09.dat.temp -> %SystemRoot%\hpoins09.dat.temp -> [Ver = | Size = 118642 bytes | Created Date = 12/31/2007 9:08:46 PM | Attr = ]
hpomdl09.dat.temp -> %SystemRoot%\hpomdl09.dat.temp -> [Ver = | Size = 11645 bytes | Created Date = 12/31/2007 9:08:45 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/30/2007 10:06:51 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/30/2007 10:06:51 PM | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 1/14/2008 7:30:12 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 10240 bytes | Created Date = 1/14/2008 7:00:30 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[Files Created - Additional Folder Scans - Non-Microsoft Only]
CA -> %AllUsersAppData%\CA -> [Folder | Created Date = 1/15/2008 11:20:15 PM | Attr = ]
Sonic -> %AllUsersAppData%\Sonic -> [Folder | Created Date = 12/31/2007 9:22:37 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 1/4/2008 6:33:08 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/7/2008 11:19:43 PM | Attr = ]
QQ Games Plugin -> %UserAppData%\QQ Games Plugin -> [Folder | Created Date = 12/31/2007 9:07:09 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Created Date = 1/14/2008 7:30:12 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/7/2008 11:19:25 PM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Created Date = 12/31/2007 9:03:58 PM | Attr = ]
HP -> %LocalAppData%\HP -> [Folder | Created Date = 12/31/2007 10:39:32 PM | Attr = ]
IsolatedStorage -> %LocalAppData%\IsolatedStorage -> [Folder | Created Date = 12/31/2007 10:40:28 PM | Attr = ]
HP Document Viewer.lnk -> %AllUsersDesktop%\HP Document Viewer.lnk -> [Ver = | Size = 1894 bytes | Created Date = 12/31/2007 9:26:22 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 1/20/2008 2:33:15 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 1/11/2008 11:17:30 PM | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/11/2008 11:16:41 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Shortcut to ATF-Cleaner.lnk -> %UserDesktop%\Shortcut to ATF-Cleaner.lnk -> [Ver = | Size = 751 bytes | Created Date = 1/6/2008 1:05:53 PM | Attr = ]
Shortcut to spades.lnk -> %UserDesktop%\Shortcut to spades.lnk -> [Ver = | Size = 699 bytes | Created Date = 12/27/2007 5:59:04 PM | Attr = ]
Shortcut to WinPFind35U.lnk -> %UserDesktop%\Shortcut to WinPFind35U.lnk -> [Ver = | Size = 604 bytes | Created Date = 1/19/2008 9:43:39 AM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Created Date = 1/4/2008 6:33:13 PM | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 1/20/2008 2:29:17 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 1/20/2008 2:36:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
WindowsDefender.msi -> %UserDesktop%\WindowsDefender.msi -> [Ver = | Size = 5154304 bytes | Created Date = 1/13/2008 9:36:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WindowsDefender.msi:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/19/2008 9:42:31 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 471950 bytes | Created Date = 1/19/2008 9:36:05 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/14/2008 7:24:45 PM | Attr = ]
Scanner -> %CommonProgramFiles%\Scanner -> [Folder | Created Date = 1/15/2008 11:20:30 PM | Attr = ]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared -> [Folder | Created Date = 12/31/2007 9:22:35 PM | Attr = ]
supportsoft -> %CommonProgramFiles%\supportsoft -> [Folder | Created Date = 1/4/2008 9:30:07 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 1/19/2008 3:50:44 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/20/2008 2:33:21 PM | Attr = H ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 2413 bytes | Modified Date = 1/2/2008 9:11:12 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/15/2008 11:20:14 PM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/11/2008 9:37:49 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/11/2008 8:48:02 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/20/2008 5:22:43 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/10/2008 6:47:28 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 223027 bytes | Modified Date = 1/10/2008 6:47:28 PM | Attr = R ]
hosts.20080104-211517.backup -> %System32%\drivers\etc\hosts.20080104-211517.backup -> [Ver = | Size = 222475 bytes | Modified Date = 1/4/2008 7:12:20 PM | Attr = R ]
hosts.20080110-184533.backup -> %System32%\drivers\etc\hosts.20080110-184533.backup -> [Ver = | Size = 222475 bytes | Modified Date = 1/4/2008 9:15:17 PM | Attr = R ]
hosts.20080110-184728.backup -> %System32%\drivers\etc\hosts.20080110-184728.backup -> [Ver = | Size = 222475 bytes | Modified Date = 1/10/2008 6:45:33 PM | Attr = R ]
kmxcfg.u2k0 -> %System32%\drivers\kmxcfg.u2k0 -> [Ver = | Size = 37734 bytes | Modified Date = 1/20/2008 5:14:46 PM | Attr = ]
kmxcfg.u2k1 -> %System32%\drivers\kmxcfg.u2k1 -> [Ver = | Size = 64 bytes | Modified Date = 1/20/2008 5:14:46 PM | Attr = ]
kmxcfg.u2k2 -> %System32%\drivers\kmxcfg.u2k2 -> [Ver = | Size = 64 bytes | Modified Date = 1/20/2008 5:14:47 PM | Attr = ]
kmxcfg.u2k3 -> %System32%\drivers\kmxcfg.u2k3 -> [Ver = | Size = 64 bytes | Modified Date = 1/20/2008 5:14:47 PM | Attr = ]
kmxcfg.u2k4 -> %System32%\drivers\kmxcfg.u2k4 -> [Ver = | Size = 64 bytes | Modified Date = 1/20/2008 5:14:47 PM | Attr = ]
kmxcfg.u2k5 -> %System32%\drivers\kmxcfg.u2k5 -> [Ver = | Size = 64 bytes | Modified Date = 1/20/2008 5:14:47 PM | Attr = ]
kmxcfg.u2k6 -> %System32%\drivers\kmxcfg.u2k6 -> [Ver = | Size = 64 bytes | Modified Date = 1/20/2008 5:14:47 PM | Attr = ]
kmxcfg.u2k7 -> %System32%\drivers\kmxcfg.u2k7 -> [Ver = | Size = 64 bytes | Modified Date = 1/20/2008 5:14:47 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/20/2008 5:21:26 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/28/2007 11:41:11 AM | Attr = ]
ddccd.exe -> %System32%\ddccd.exe -> [Ver = | Size = 1 bytes | Modified Date = 12/30/2007 10:27:17 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/9/2008 11:59:44 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/15/2008 11:21:04 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 169096 bytes | Modified Date = 12/31/2007 9:31:55 PM | Attr = ]
mlnmp.ini -> %System32%\mlnmp.ini -> [Ver = | Size = 670800 bytes | Modified Date = 1/10/2008 10:04:43 PM | Attr = HS]
mlnmp.ini2 -> %System32%\mlnmp.ini2 -> [Ver = | Size = 670800 bytes | Modified Date = 1/10/2008 10:04:40 PM | Attr = HS]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70066 bytes | Modified Date = 1/14/2008 7:22:33 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 435920 bytes | Modified Date = 1/14/2008 7:22:33 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 514654 bytes | Modified Date = 1/14/2008 7:22:33 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/11/2008 9:37:49 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/20/2008 6:12:47 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 12:04:16 AM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/31/2007 9:26:45 PM | Attr = R S]
atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 21 bytes | Modified Date = 12/31/2007 8:39:32 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 1/11/2008 8:04:08 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/20/2008 5:15:21 PM | Attr = S]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 1/20/2008 4:36:16 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/14/2008 10:36:11 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/31/2007 9:22:12 PM | Attr = R S]
hpoins09.dat -> %SystemRoot%\hpoins09.dat -> [Ver = | Size = 118572 bytes | Modified Date = 12/31/2007 9:29:10 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4566 bytes | Modified Date = 1/14/2008 7:22:36 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/14/2008 8:14:43 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/20/2008 2:33:22 PM | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/14/2008 7:00:30 PM | Attr = ]
PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI -> [Ver = | Size = 151 bytes | Modified Date = 12/21/2007 10:43:42 PM | Attr = ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 16 bytes | Modified Date = 1/19/2008 12:52:57 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/20/2008 6:13:02 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/4/2008 10:35:26 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/30/2007 10:06:51 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/30/2007 10:06:51 PM | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 1/14/2008 7:30:12 PM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 1/19/2008 3:50:44 PM | Attr = ]
SYSTEM.UNV -> %SystemRoot%\SYSTEM.UNV -> [Ver = | Size = 227 bytes | Modified Date = 1/10/2008 6:42:58 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/20/2008 5:22:43 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/20/2008 5:21:21 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/20/2008 6:13:59 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 10240 bytes | Modified Date = 1/14/2008 7:00:31 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 572 bytes | Modified Date = 1/19/2008 3:50:44 PM | Attr = ]
WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 147 bytes | Modified Date = 1/11/2008 7:15:04 PM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 1/20/2008 5:21:22 PM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/20/2008 5:15:32 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Modified Date = 12/31/2007 8:37:55 PM | Attr = ]
AOL Downloads -> %AllUsersAppData%\AOL Downloads -> [Folder | Modified Date = 12/31/2007 8:39:41 PM | Attr = ]
CA -> %AllUsersAppData%\CA -> [Folder | Modified Date = 1/15/2008 11:26:59 PM | Attr = ]
Google -> %AllUsersAppData%\Google -> [Folder | Modified Date = 1/13/2008 9:29:11 PM | Attr = ]
Sonic -> %AllUsersAppData%\Sonic -> [Folder | Modified Date = 12/31/2007 9:22:37 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 1/4/2008 8:11:35 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/7/2008 11:19:44 PM | Attr = ]
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Modified Date = 1/11/2008 7:34:46 PM | Attr = ]
QQ Games Plugin -> %UserAppData%\QQ Games Plugin -> [Folder | Modified Date = 12/31/2007 9:07:09 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Modified Date = 1/14/2008 7:30:12 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/7/2008 11:19:25 PM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Modified Date = 1/13/2008 9:29:24 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 1/3/2008 7:38:01 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 13824 bytes | Modified Date = 1/14/2008 7:00:29 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 36984 bytes | Modified Date = 12/31/2007 10:39:23 PM | Attr = ]
Google -> %LocalAppData%\Google -> [Folder | Modified Date = 1/13/2008 9:29:11 PM | Attr = ]
HP -> %LocalAppData%\HP -> [Folder | Modified Date = 12/31/2007 10:39:32 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4470932 bytes | Modified Date = 1/20/2008 5:14:24 PM | Attr = H ]
IsolatedStorage -> %LocalAppData%\IsolatedStorage -> [Folder | Modified Date = 12/31/2007 10:40:28 PM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/11/2008 8:06:33 PM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 1/16/2008 11:50:57 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/5/2008 5:52:15 PM | Attr = R ]
HP Document Viewer.lnk -> %AllUsersDesktop%\HP Document Viewer.lnk -> [Ver = | Size = 1894 bytes | Modified Date = 12/31/2007 9:26:22 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 1/20/2008 2:33:16 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 1/11/2008 11:17:31 PM | Attr = ]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/11/2008 11:16:45 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Shortcut to ATF-Cleaner.lnk -> %UserDesktop%\Shortcut to ATF-Cleaner.lnk -> [Ver = | Size = 751 bytes | Modified Date = 1/6/2008 1:05:53 PM | Attr = ]
Shortcut to spades.lnk -> %UserDesktop%\Shortcut to spades.lnk -> [Ver = | Size = 699 bytes | Modified Date = 12/27/2007 5:59:04 PM | Attr = ]
Shortcut to WinPFind35U.lnk -> %UserDesktop%\Shortcut to WinPFind35U.lnk -> [Ver = | Size = 604 bytes | Modified Date = 1/19/2008 9:43:39 AM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Modified Date = 1/14/2008 10:18:59 PM | Attr = ]
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 1/20/2008 2:29:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 1/20/2008 2:36:37 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
WindowsDefender.msi -> %UserDesktop%\WindowsDefender.msi -> [Ver = | Size = 5154304 bytes | Modified Date = 1/13/2008 9:36:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WindowsDefender.msi:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/20/2008 5:23:27 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 471950 bytes | Modified Date = 1/19/2008 9:36:15 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
HP -> %CommonProgramFiles%\HP -> [Folder | Modified Date = 12/31/2007 9:18:22 PM | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 1/14/2008 7:24:45 PM | Attr = ]
Scanner -> %CommonProgramFiles%\Scanner -> [Folder | Modified Date = 1/15/2008 11:20:31 PM | Attr = ]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared -> [Folder | Modified Date = 12/31/2007 9:22:35 PM | Attr = ]
supportsoft -> %CommonProgramFiles%\supportsoft -> [Folder | Modified Date = 1/4/2008 9:30:07 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/20/2008 2:32:52 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5454 bytes | Modified Date = 1/18/2008 1:31:42 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6680 bytes | Modified Date = 1/18/2008 1:31:42 AM | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/20/2007 9:45:04 PM | Attr = ]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 553560 bytes | Modified Date = 7/11/2007 9:34:23 PM | Attr = ]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 553560 bytes | Modified Date = 7/11/2007 9:34:23 PM | Attr = ]

< End of report >


__________________________________________________________________________________

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2008 at 05:12 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384
Trace Rules Database Version: 1378

Scan type : Complete Scan
Total Scan Time : 02:10:04

Memory items scanned : 406
Memory threats detected : 0
Registry items scanned : 6399
Registry threats detected : 10
File items scanned : 66935
File threats detected : 1

Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{8F9E2BE3-766D-4831-BB0E-766D5B819995}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F9E2BE3-766D-4831-BB0E-766D5B819995}
HKCR\CLSID\{8F9E2BE3-766D-4831-BB0E-766D5B819995}
HKCR\CLSID\{8F9E2BE3-766D-4831-BB0E-766D5B819995}#AppID
HKCR\CLSID\{8F9E2BE3-766D-4831-BB0E-766D5B819995}\InprocServer32
HKCR\CLSID\{8F9E2BE3-766D-4831-BB0E-766D5B819995}\InprocServer32#ThreadingModel
HKCR\CLSID\{8F9E2BE3-766D-4831-BB0E-766D5B819995}\ProgID
HKCR\CLSID\{8F9E2BE3-766D-4831-BB0E-766D5B819995}\TypeLib
HKCR\CLSID\{8F9E2BE3-766D-4831-BB0E-766D5B819995}\VersionIndependentProgID

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}

Adware.Tracking Cookie
C:\Documents and Settings\Dad\Cookies\dad@pandasoftware.112.2o7[1].txt
Clueless On The East Coast




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users