Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nircmd.exe, Kel_astlog, Keyl_kgbkeylog, Etc.


  • This topic is locked This topic is locked
17 replies to this topic

#1 netster

netster

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 16 January 2008 - 08:25 AM

Thanks in advance for your help!

MY PC is acting stranger over time. System Restore stopped working (I tried Scannow with the CD and also turning it off and on--didn't work).
Programs like Windows Explorer, Firefox, WMP, RealPlayer, and others suddenly display error messages "This program has encountered a problem and needs to close. Do you want to send a report to Microsoft?" If I ignore these messages the programs keep running.

I followed all the prep steps as directed.
Panda online found and killed NirCmd.A
House Call online found and killed Kel_Astlog and Keyl_Kgbkeylog
Bit Defender online, AdAware, Spybot, and Stinger all found nothing.

Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:29 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Unlogger\UnLogger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick.php?C...Field2=-93.5665
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\Phase One\Capture One LE\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnLogger] C:\Program Files\Unlogger\UnLogger.exe tray
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Ilona\Application Data\Mozilla\Firefox\Profiles\jn5zbwox.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Ilona\Application Data\Mozilla\Firefox\Profiles\jn5zbwox.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\SYSTEM32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10578 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 PM

Posted 27 January 2008 - 09:15 PM

Hello netster and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It's clean.

Panda usually seems to have a problem with products from NirSoft Tools. That's where that warning came from. The tools are harmless.

Let's look a little deeper and see if we find anything. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 netster

netster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 January 2008 - 10:45 PM

Thanks Old Timer,

I started to download the program listed in your reply, but when starting to save it Kaspersky announced that it contains "Trojan.Win32.Inject.mf." So I'm still OK?

Thanks,

netster

#4 netster

netster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 January 2008 - 10:52 PM

I just remembered that Kaspersky also found Backdoor.Win32.SDBot.cic in a recent scan, FYI.

Thanks.

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 PM

Posted 28 January 2008 - 12:31 AM

Hi netster. The program is fine. Instruct Kaspersky to ignore or allow it, whatever option it has.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 netster

netster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 29 January 2008 - 05:59 AM

HI OT, OK here is the scan log. Thanks again.

WinPFind35 logfile created on: 1/29/2008 4:55:09 AM
WinPFind35U Version Beta40	 Folder = C:\Documents and Settings\Ilona\Desktop\security\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 12288 12288;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 352.85 Gb Total Space | 181.79 Gb Free Space | 51.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 19.50 Gb Total Space | 19.43 Gb Free Space | 99.67% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded

Computer Name: SCRIPTIO
Current User Name: Ilona
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/26/2008 10:10:08 AM | Attr =	]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 10:30:48 AM | Attr =	]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 10:26:20 AM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 11:42:38 AM | Attr =	]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 8:01:00 AM | Attr =	]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 6.2.0.2002 | Size = 81920 bytes | Modified Date = 9/29/2006 11:38:50 AM | Attr =	]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.8.13.1 | Size = 79136 bytes | Modified Date = 6/28/2007 11:31:38 AM | Attr =	]
lxrjd31s.exe -> %System32%\LxrJD31s.exe ->  [Ver =  | Size = 71168 bytes | Modified Date = 5/17/2006 6:42:37 AM | Attr =	]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 6.2.0.2002 | Size = 151552 bytes | Modified Date = 9/29/2006 11:39:20 AM | Attr =	]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.0.2007032900 | Size = 624248 bytes | Modified Date = 3/29/2007 9:14:29 PM | Attr =	]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 1:42:54 PM | Attr =	]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.24.99 | Size = 784912 bytes | Modified Date = 11/15/2007 10:12:04 AM | Attr =	]
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 7/3/2007 8:05:31 AM | Attr =	]
khalmnpr.exe -> %CommonProgramFiles%\Logishrd\KHAL2\KHALMNPR.exe -> Logitech, Inc. [Ver = 4.24.28 | Size = 55824 bytes | Modified Date = 11/15/2007 10:08:26 AM | Attr =	]
winpfind35u.exe -> %UserDesktop%\security\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 1/29/2008 3:05:50 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(a2free) a-squared Free Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.384 | Size = 366712 bytes | Modified Date = 1/19/2008 8:29:38 AM | Attr =	]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/26/2008 10:10:08 AM | Attr =	]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,212 | Size = 155648 bytes | Modified Date = 9/20/2005 7:31:38 PM | Attr =	]
(Adobe Version Cue CS3) Adobe Version Cue CS3 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 153792 bytes | Modified Date = 3/20/2007 3:41:24 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe ->  [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 8/2/2006 4:27:00 PM | Attr =	]
(AVP) Kaspersky Internet Security 7.0 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 11:51:38 AM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 11:42:38 AM | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 8:01:00 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 7/3/2007 8:05:31 AM | Attr =	]
(GHOSTFILES) Ghostfiles Service [Win32_Own | Disabled | Stopped] ->  -> File not found
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 9/13/2007 9:14:00 PM | Attr =	]
(IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 6.2.0.2002 | Size = 81920 bytes | Modified Date = 9/29/2006 11:38:50 AM | Attr =	]
(ICDSPTSV) Sony SPTI Service for DVE [Win32_Own | On_Demand | Stopped] -> %System32%\IcdSptSv.exe -> Sony Corporation [Ver = 3.0.03.04010 | Size = 69632 bytes | Modified Date = 4/1/2003 10:08:30 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 12:06:04 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr =	]
(LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Logitech\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.24.99 | Size = 121360 bytes | Modified Date = 11/15/2007 10:09:42 AM | Attr =	]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 10:30:48 AM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.8.13.1 | Size = 79136 bytes | Modified Date = 6/28/2007 11:31:38 AM | Attr =	]
(LxrJD31s) Lexar JD31 [Win32_Own | Auto | Running] -> %System32%\LxrJD31s.exe ->  [Ver =  | Size = 71168 bytes | Modified Date = 5/17/2006 6:42:37 AM | Attr =	]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 267560 bytes | Modified Date = 7/4/2007 2:01:52 PM | Attr =	]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Eset\nod32krn.exe -> File not found
(PersFw) Kerio Personal Firewall [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Kerio\Personal Firewall\persfw.exe -> File not found
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
(TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> %System32%\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.0.0.9 | Size = 306432 bytes | Modified Date = 1/26/2008 7:25:08 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\afc.sys -> Arcsoft, Inc. [Ver = 1, 0, 0, 2 | Size = 11776 bytes | Modified Date = 2/23/2005 2:58:56 PM | Attr =	]
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\DRIVERS\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 10:07:44 PM | Attr =	]
(AMON) AMON [Kernel | Auto | Stopped] -> %System32%\DRIVERS\amon.sys -> Eset  [Ver = 2, 50, 25  | Size = 502208 bytes | Modified Date = 9/4/2005 11:29:53 AM | Attr =	]
(Amps2prt) A4Tech PS/2 Port Mouse Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\Amps2prt.sys -> File not found
(asc) asc [Kernel | Boot | Running] -> %System32%\DRIVERS\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(asc3550) asc3550 [Kernel | Boot | Running] -> %System32%\DRIVERS\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(ASPI32) ASPI32 [Kernel | System | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6476 | Size = 787456 bytes | Modified Date = 8/25/2004 10:28:46 AM | Attr =	]
(AVG Anti-Rootkit) AVG Anti-Rootkit [Kernel | Boot | Running] -> %System32%\DRIVERS\avgarkt.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.13 | Size = 5632 bytes | Modified Date = 1/31/2007 7:33:46 AM | Attr =	]
(AvgArCln) Avg Anti-Rootkit Clean Driver [Kernel | System | Running] -> %System32%\DRIVERS\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 1/18/2007 6:00:28 AM | Attr =	]
(b57w2k) Broadcom NetXtreme Gigabit Ethernet Adapter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\b57xp32.sys -> Broadcom Corporation [Ver = 9.16.0.0 built by: WinDDK | Size = 150528 bytes | Modified Date = 1/27/2006 5:44:24 PM | Attr =	]
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> %System32%\DRIVERS\BANTExt.sys ->  [Ver =  | Size = 3840 bytes | Modified Date = 4/7/2005 4:18:34 PM | Attr =	]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Ilona\LOCALS~1\Temp\catchme.sys -> File not found
(cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %System32%\DRIVERS\cercsr6.sys -> Adaptec, Inc. [Ver = 4.1.0.7405 | Size = 39904 bytes | Modified Date = 3/21/2005 7:48:30 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %System32%\DRIVERS\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1081-2.04.0050 | Size = 138752 bytes | Modified Date = 1/10/2005 9:15:24 AM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %System32%\DRIVERS\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(DgiVecp) Team MFP Comm Driver [Kernel | Auto | Running] -> %System32%\DRIVERS\DGIVECP.SYS -> DeviceGuys, Inc. [Ver = 1.1.1.30 | Size = 41984 bytes | Modified Date = 5/19/2004 7:01:54 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\DRIVERS\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\E100B325.SYS -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 11:12:10 AM | Attr =	]
(FilterService) Filter Service [Kernel | On_Demand | Stopped] -> System32\Drivers\filter.sys -> File not found
(fwdrv) Kerio Personal Firewall Driver [Kernel | System | Stopped] -> system32\Drivers\fwdrv.sys -> File not found
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 3/7/2005 10:52:48 AM | Attr =	]
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %System32%\DRIVERS\iaStor.sys -> Intel Corporation [Ver = 6.2.0.2002 | Size = 250368 bytes | Modified Date = 9/29/2006 10:59:58 AM | Attr =	]
(ICDUSB2) Sony IC Recorder (P) [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\IcdUsb2.sys -> Sony Corporation [Ver = 1.2.10.11280 | Size = 39048 bytes | Modified Date = 11/28/2002 9:23:24 PM | Attr =	]
(kl1) kl1 [Kernel | Boot | Running] -> %System32%\DRIVERS\kl1.sys -> Kaspersky Lab [Ver = 6.1.21.0 | Size = 110360 bytes | Modified Date = 4/28/2007 3:51:02 PM | Attr =	]
(klif) klif [Kernel | System | Running] -> %System32%\DRIVERS\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 12/20/2007 11:55:54 AM | Attr =	]
(klim5) Kaspersky Anti-Virus NDIS Filter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\klim5.sys -> Kaspersky Lab [Ver = 6.1.22.0 | Size = 24344 bytes | Modified Date = 4/4/2007 1:58:26 PM | Attr =	]
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\L8042Kbd.sys -> Logitech, Inc. [Ver = 4.24.28.00 | Size = 20240 bytes | Modified Date = 9/21/2007 3:10:20 AM | Attr =	]
(L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\L8042mou.Sys -> Logitech, Inc. [Ver = 4.24.28.00 | Size = 63120 bytes | Modified Date = 9/21/2007 3:10:26 AM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LMouKE.Sys -> Logitech, Inc. [Ver = 4.24.28.00 | Size = 78992 bytes | Modified Date = 9/21/2007 3:10:54 AM | Attr =	]
(LxrJD31d) LxrJD31d [Kernel | Auto | Running] -> %System32%\DRIVERS\LxrJD31d.sys ->  [Ver =  | Size = 69824 bytes | Modified Date = 5/17/2006 6:42:37 AM | Attr =	]
(MEMSWEEP2) MEMSWEEP2 [Kernel | On_Demand | Stopped] -> %System32%\10.tmp -> File not found
(mraid35x) mraid35x [Kernel | Boot | Running] -> %System32%\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(MS1000) MS1000 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\MS1000.sys -> File not found
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\NV4_MINI.SYS -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 9:29:56 PM | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 12:45:06 PM | Attr =	]
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.1081-2.04.0050 | Size = 106496 bytes | Modified Date = 1/10/2005 9:15:30 AM | Attr =	]
(P17) SB Live! 24-bit [Kernel | On_Demand | Running] -> %System32%\DRIVERS\P17.sys -> Creative Technology Ltd. [Ver = 5.12.01.514 | Size = 1127936 bytes | Modified Date = 6/15/2007 1:47:26 AM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 9/19/2003 2:47:24 PM | Attr =	]
(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\DRIVERS\Pfmodnt.sys -> Creative Technology Ltd. [Ver = 3.0.0.11 | Size = 8704 bytes | Modified Date = 12/22/2004 10:58:14 AM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.41a | Size = 36560 bytes | Modified Date = 9/27/2006 3:53:22 PM | Attr =	]
(ql1080) ql1080 [Kernel | Boot | Running] -> %System32%\DRIVERS\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(ql12160) ql12160 [Kernel | Boot | Running] -> %System32%\DRIVERS\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(ql1280) ql1280 [Kernel | Boot | Running] -> %System32%\DRIVERS\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr =	]
(senfilt) senfilt [Kernel | On_Demand | Running] -> %System32%\DRIVERS\senfilt.sys -> Creative Technology Ltd. [Ver = 5.10.00.3614 | Size = 732928 bytes | Modified Date = 9/17/2004 8:02:54 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %System32%\DRIVERS\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 10:07:44 PM | Attr =	]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5246 | Size = 260352 bytes | Modified Date = 1/27/2005 2:31:06 PM | Attr =	]
(snapman) Acronis Snapshots Manager [Kernel | Boot | Running] -> %System32%\DRIVERS\snapman.sys -> Acronis [Ver = 1.06 build 131 | Size = 82464 bytes | Modified Date = 4/27/2005 6:26:14 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %System32%\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(sptd) sptd [Kernel | Boot | Stopped] -> %System32%\DRIVERS\sptd.sys -> Duplex Secure Ltd. [Ver = 1.43.0.0 built by: WinDDK | Size = 682232 bytes | Modified Date = 7/3/2007 7:51:53 AM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %System32%\DRIVERS\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %System32%\DRIVERS\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %System32%\DRIVERS\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(sysid) sysid [Kernel | On_Demand | Stopped] -> %System32%\drivers\sysid.sys -> File not found
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %System32%\DRIVERS\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 10/15/2004 6:17:02 PM | Attr =	]
(tifsfilter) Acronis TrueImage FS Filter [File_System | Auto | Running] -> %System32%\DRIVERS\tifsfilt.sys -> Acronis [Ver = 1.1 build 222 | Size = 28928 bytes | Modified Date = 9/20/2005 7:31:32 PM | Attr =	]
(timounter) Acronis TrueImage Backup Archive Explorer [Kernel | Boot | Running] -> %System32%\DRIVERS\timntr.sys -> Acronis [Ver = 1.1 build 222 | Size = 212288 bytes | Modified Date = 9/20/2005 7:31:32 PM | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\DRIVERS\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 9/19/2007 5:56:47 PM | Attr =	]
(ultra) ultra [Kernel | Boot | Running] -> %System32%\DRIVERS\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(V0060VID) Creative WebCam Live! Ultra [Kernel | On_Demand | Running] -> %System32%\DRIVERS\V0060Vid.sys -> Creative Technology Ltd. [Ver = 1.01.03.00 | Size = 196409 bytes | Modified Date = 2/2/2005 2:15:14 AM | Attr = R  ]
(VNUSB) VN Series Device [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\VNUSB.sys -> OLYMPUS OPTICAL CO.,LTD. [Ver = 1.00 | Size = 38448 bytes | Modified Date = 12/15/2003 6:22:00 PM | Attr =	]
(vsdatant) vsdatant [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %System32%\DRIVERS\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:38 PM | Attr =	]
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %System32%\DRIVERS\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:40 PM | Attr =	]
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %System32%\DRIVERS\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:42 PM | Attr =	]
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %System32%\DRIVERS\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:44 PM | Attr =	]
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %System32%\DRIVERS\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 10/15/2004 6:18:46 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.0.2007032900 | Size = 624248 bytes | Modified Date = 3/29/2007 9:14:29 PM | Attr =	]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:55 PM | Attr =	]
Adobe_ID0EYTHM -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe -> Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 1884160 bytes | Modified Date = 3/20/2007 3:40:44 PM | Attr =	]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5120 | Size = 339968 bytes | Modified Date = 8/25/2004 12:52:00 PM | Attr =	]
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 11:51:38 AM | Attr =	]
CTSysVol -> %ProgramFiles%\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Modified Date = 9/17/2003 9:43:36 AM | Attr =	]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 6.2.0.2002 | Size = 151552 bytes | Modified Date = 9/29/2006 11:39:20 AM | Attr =	]
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech, Inc. [Ver = 4.24.28 | Size = 55824 bytes | Modified Date = 9/21/2007 3:10:12 AM | Attr =	]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 161064 bytes | Modified Date = 7/4/2007 2:20:30 PM | Attr =	]
P17Helper -> %System32%\P17.dll ->  [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 5/3/2005 10:38:42 AM | Attr =	]
Phase One Media Reader -> %ProgramFiles%\Phase One\Capture One LE\DCIMImp.exe -> Phase One A/S, Copenhagen, Denmark [Ver = 3.7.0.8 | Size = 229376 bytes | Modified Date = 4/25/2007 6:41:20 AM | Attr =	]
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 1:42:54 PM | Attr =	]
VF0060 STISvc -> %System32%\V0060Pin.dll -> Creative Technology Ltd. [Ver = 1.00.03.00 | Size = 36864 bytes | Modified Date = 10/31/2004 7:00:00 PM | Attr = R  ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
TuneUp MemOptimizer -> %ProgramFiles%\TuneUp Utilities 2008\MemOptimizer.exe -> TuneUp Software GmbH [Ver = 7.0.7992.228 | Size = 196864 bytes | Modified Date = 1/8/2008 1:31:18 PM | Attr =	]
UnLogger -> %ProgramFiles%\Unlogger\UnLogger.exe -> EasySmallSoft [Ver = 2.3.10.190 | Size = 350208 bytes | Modified Date = 2/13/2006 4:00:18 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Device Detector 3.lnk -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> OLYMPUS IMAGING CORP. [Ver = 3, 2, 0, 2 | Size = 114688 bytes | Modified Date = 3/11/2005 5:17:08 PM | Attr =	]
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.24.99 | Size = 784912 bytes | Modified Date = 11/15/2007 10:12:04 AM | Attr =	]
< Ilona Startup Folder > -> C:\Documents and Settings\Ilona\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 91400 bytes | Modified Date = 6/28/2007 11:51:42 AM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 206088 bytes | Modified Date = 6/28/2007 11:51:48 AM | Attr =	]
LBTWlgn -> %CommonProgramFiles%\Logitech\Bluetooth\LBTWLgn.dll -> Logitech, Inc. [Ver = 4.24.99 | Size = 72208 bytes | Modified Date = 11/15/2007 10:10:16 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyDocs -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyPictures -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://forecast.weather.gov/MapClick.php?CityName=Excelsior&state=MN&site=MPX&textField1=44.9007&textField2=-93.5665 -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 15 domain(s) found. -> 
15 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3614 domain(s) found. -> 
421 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 9/13/2007 9:14:25 PM | Attr = R  ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 3/29/2007 9:11:22 PM | Attr =	]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe [Contribute Toolbar] ->  [Folder | Modified Date = 7/15/2007 6:29:57 AM | Attr =	]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 368640 bytes | Modified Date = 2/22/2005 1:50:34 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 9/13/2007 9:14:25 PM | Attr = R  ]
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 3/29/2007 9:11:22 PM | Attr =	]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 9/13/2007 9:14:25 PM | Attr = R  ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 3/29/2007 9:11:22 PM | Attr =	]
WebBrowser\\{55FAF0F2-44D4-425F-B5F5-6B275B621EAB} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{B13721C7-F507-4982-B2E5-502A71474FED} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 368640 bytes | Modified Date = 2/22/2005 1:50:34 PM | Attr =	]
WebBrowser\\{F35CE83E-9EBF-40D5-AE87-53F982389740} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 222472 bytes | Modified Date = 6/28/2007 11:51:52 AM | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 3:46:14 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 222472 bytes | Modified Date = 6/28/2007 11:51:52 AM | Attr =	]
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 10/25/2007 10:26:48 AM | Attr =	]
CmdMapping\\{91663649-416A-42A5-8E54-B63C1ECA0548} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AFC3FA82-AD07-45cd-8B57-983435B9899E} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 3:46:14 PM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Open Link Target in Firefox ->  -> File not found
View This Page in Firefox ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{36DED4C2-E5EE-4AEE-A4AA-4670BE7A15D1} ->	(Broadcom NetXtreme 57xx Gigabit Controller) -> 
{73A1DB6C-0342-413E-BAD9-F2A4665538ED} ->	() -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 11:42:30 AM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000001 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000022 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000023 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000024 -> iimon.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000025 -> iimon.dll -> File not found
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.2r | Size = 106496 bytes | Modified Date = 5/17/2007 9:44:10 AM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01A88BB1-1174-41EC-ACCB-963509EAE56B}[HKEY_LOCAL_MACHINE] -> http://support.dell.com/systemprofiler/SysPro.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] -> 
{41F17733-B041-4099-A042-B518BB6A408C}[HKEY_LOCAL_MACHINE] -> http://appldnld.m7z.net/qtinstall.info.apple.com/bizzarini/us/win/QuickTimeInstaller.exe[Reg Error: Key does not exist or could not be opened.] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D6376DD2-C2BD-49B2-A1B1-138F869633F3}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab[ASPRO Installer Class] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1100 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\SYSTEM32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 4628 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -> C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe [C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home] -> Nero AG [Ver = 1, 5, 13, 0 | Size = 668968 bytes | Modified Date = 7/4/2007 2:00:38 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\LEXPPS.EXE -> C:\WINDOWS\SYSTEM32\LEXPPS.EXE [C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 10:26:20 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 12/1/2007 6:01:23 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes] -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 14144000 bytes | Modified Date = 2/23/2006 4:31:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe -> C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe [C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime Essentials] -> Nero AG [Ver = 3, 2, 3, 2 | Size = 4830504 bytes | Modified Date = 7/4/2007 2:06:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger] -> Microsoft Corporation [Ver = 5.1.0639 | Size = 1611488 bytes | Modified Date = 2/22/2005 7:55:38 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{24C07441-B193-4121-AAFD-A0C6311A36CB} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{22528581-1ABF-4194-B786-57F302FF58DC} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\WUAUSERV.DLL [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 10:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\SYSTEM32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 10:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\0 -> Root\LEGACY_TLNTSVR\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
stdtsa -> %SystemDrive%\stdtsa ->  [Folder | Created Date = 1/22/2008 5:39:00 AM | Attr =	]
hvgthbveavfq.sys -> %System32%\drivers\hvgthbveavfq.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/20/2008 7:17:07 AM | Attr =	]
SDTHOOK.SYS -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 1/20/2008 7:19:40 AM | Attr =	]
Teefer.sys -> %System32%\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Created Date = 1/16/2008 8:10:52 PM | Attr =	]
wg3n.sys -> %System32%\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 1/16/2008 8:10:53 PM | Attr =	]
wg4n.sys -> %System32%\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 1/16/2008 8:10:53 PM | Attr =	]
wg5n.sys -> %System32%\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 1/16/2008 8:10:54 PM | Attr =	]
wg6n.sys -> %System32%\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 1/16/2008 8:10:54 PM | Attr =	]
wpsdrvnt.sys -> %System32%\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Created Date = 1/16/2008 8:10:51 PM | Attr =	]
.ico -> %System32%\.ico ->  [Ver =  | Size = 3377 bytes | Created Date = 1/14/2008 9:48:54 PM | Attr =	]
ASPRO -> %System32%\ASPRO ->  [Folder | Created Date = 1/14/2008 9:48:18 PM | Attr =	]
11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
asprouni.exe -> %System32%\asprouni.exe -> Panda Software [Ver = 1, 0, 0, 1 | Size = 69632 bytes | Created Date = 1/14/2008 9:49:49 PM | Attr =	]
BtCoreIf.dll -> %System32%\BtCoreIf.dll -> Broadcom Corporation. [Ver = 5.1.0.3600 | Size = 301656 bytes | Created Date = 1/1/2008 12:07:47 AM | Attr =	]
Helppro.ico -> %System32%\Helppro.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 1/14/2008 9:48:54 PM | Attr =	]
pavaspro.ico -> %System32%\pavaspro.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 1/14/2008 9:48:53 PM | Attr =	]
SSSensor.dll -> %System32%\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Created Date = 1/16/2008 8:10:40 PM | Attr =	]
TuneUpDefragService.exe -> %System32%\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.0.0.9 | Size = 306432 bytes | Created Date = 1/26/2008 7:25:07 AM | Attr =	]
Uninstallpro.ico -> %System32%\Uninstallpro.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 1/14/2008 9:48:54 PM | Attr =	]
uxtuneup.dll -> %System32%\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.9 | Size = 29440 bytes | Created Date = 1/26/2008 7:25:03 AM | Attr =	]
DVEdit.INI -> %SystemRoot%\DVEdit.INI ->  [Ver =  | Size = 0 bytes | Created Date = 1/10/2008 6:53:53 AM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Created Date = 1/20/2008 12:59:07 PM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 1/16/2008 8:55:09 PM | Attr =	]
pav.sig -> %SystemRoot%\pav.sig ->  [Ver =  | Size = 81073226 bytes | Created Date = 1/14/2008 10:00:38 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
WLInstaller -> %AllUsersAppData%\WLInstaller ->  [Folder | Created Date = 1/16/2008 7:01:39 AM | Attr =	]
HouseCall 6.6 -> %UserAppData%\HouseCall 6.6 ->  [Folder | Created Date = 1/19/2008 10:18:56 PM | Attr =	]
Sophos -> %LocalAppData%\Sophos ->  [Folder | Created Date = 1/22/2008 6:01:19 AM | Attr =	]
a-squared Free -> %UserDocuments%\a-squared Free ->  [Folder | Created Date = 1/19/2008 7:20:51 AM | Attr =	]
080116 Firefox Error Report.doc -> %UserDesktop%\080116 Firefox Error Report.doc ->  [Ver =  | Size = 372736 bytes | Created Date = 1/16/2008 11:42:21 AM | Attr =	]
080116 PT Exercises.xls -> %UserDesktop%\080116 PT Exercises.xls ->  [Ver =  | Size = 1763840 bytes | Created Date = 1/16/2008 3:55:00 PM | Attr =	]
080116 PT1.jpg -> %UserDesktop%\080116 PT1.jpg ->  [Ver =  | Size = 54851 bytes | Created Date = 1/16/2008 3:23:30 PM | Attr =	]
080116 PT10.jpg -> %UserDesktop%\080116 PT10.jpg ->  [Ver =  | Size = 210405 bytes | Created Date = 1/16/2008 5:14:48 PM | Attr =	]
080116 PT11.jpg -> %UserDesktop%\080116 PT11.jpg ->  [Ver =  | Size = 222790 bytes | Created Date = 1/16/2008 6:11:33 PM | Attr =	]
080116 PT12.jpg -> %UserDesktop%\080116 PT12.jpg ->  [Ver =  | Size = 231448 bytes | Created Date = 1/16/2008 8:16:49 PM | Attr =	]
080116 PT13.jpg -> %UserDesktop%\080116 PT13.jpg ->  [Ver =  | Size = 76656 bytes | Created Date = 1/16/2008 8:28:24 PM | Attr =	]
080116 PT14.jpg -> %UserDesktop%\080116 PT14.jpg ->  [Ver =  | Size = 77685 bytes | Created Date = 1/16/2008 8:24:49 PM | Attr =	]
080116 PT2.jpg -> %UserDesktop%\080116 PT2.jpg ->  [Ver =  | Size = 45648 bytes | Created Date = 1/16/2008 3:29:12 PM | Attr =	]
080116 PT3.jpg -> %UserDesktop%\080116 PT3.jpg ->  [Ver =  | Size = 188406 bytes | Created Date = 1/16/2008 3:51:50 PM | Attr =	]
080116 PT4.jpg -> %UserDesktop%\080116 PT4.jpg ->  [Ver =  | Size = 44534 bytes | Created Date = 1/16/2008 3:59:45 PM | Attr =	]
080116 PT5.jpg -> %UserDesktop%\080116 PT5.jpg ->  [Ver =  | Size = 21946 bytes | Created Date = 1/16/2008 4:18:21 PM | Attr =	]
080116 PT6.jpg -> %UserDesktop%\080116 PT6.jpg ->  [Ver =  | Size = 215482 bytes | Created Date = 1/16/2008 4:38:09 PM | Attr =	]
080116 PT7.jpg -> %UserDesktop%\080116 PT7.jpg ->  [Ver =  | Size = 39184 bytes | Created Date = 1/16/2008 4:45:26 PM | Attr =	]
080116 PT8.jpg -> %UserDesktop%\080116 PT8.jpg ->  [Ver =  | Size = 60826 bytes | Created Date = 1/16/2008 4:56:16 PM | Attr =	]
080116 PT9.jpg -> %UserDesktop%\080116 PT9.jpg ->  [Ver =  | Size = 64146 bytes | Created Date = 1/16/2008 5:03:14 PM | Attr =	]
080120 PT15.jpg -> %UserDesktop%\080120 PT15.jpg ->  [Ver =  | Size = 81308 bytes | Created Date = 1/20/2008 6:35:55 PM | Attr =	]
080120 PT16.jpg -> %UserDesktop%\080120 PT16.jpg ->  [Ver =  | Size = 68009 bytes | Created Date = 1/20/2008 7:26:18 PM | Attr =	]
Hi Jeanne.doc -> %UserDesktop%\Hi Jeanne.doc ->  [Ver =  | Size = 24576 bytes | Created Date = 1/20/2008 5:33:51 PM | Attr =	]
NEW ADVENT Home.url -> %UserDesktop%\NEW ADVENT Home.url ->  [Ver =  | Size = 93 bytes | Created Date = 1/1/2008 4:18:30 PM | Attr =	]
NMT.doc -> %UserDesktop%\NMT.doc ->  [Ver =  | Size = 743936 bytes | Created Date = 1/23/2008 6:10:53 PM | Attr =	]
P 0.0  PROSPER PLANNER 080117.xls -> %UserDesktop%\P 0.0  PROSPER PLANNER 080117.xls ->  [Ver =  | Size = 842752 bytes | Created Date = 1/23/2008 5:45:35 PM | Attr =	]
PROSPER B Categories 080116.doc -> %UserDesktop%\PROSPER B Categories 080116.doc ->  [Ver =  | Size = 492544 bytes | Created Date = 1/16/2008 3:00:43 PM | Attr =	]
security -> %UserDesktop%\security ->  [Folder | Created Date = 1/27/2008 9:40:56 PM | Attr =	]
Logishrd -> %CommonProgramFiles%\Logishrd ->  [Folder | Created Date = 1/1/2008 12:03:46 AM | Attr =	]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller ->  [Folder | Created Date = 1/16/2008 7:02:02 AM | Attr =  HS]

[Files/Folders - Modified Within 30 days]
backup 10-10-05.pst -> %SystemDrive%\backup 10-10-05.pst ->  [Ver =  | Size = 2556928 bytes | Modified Date = 1/26/2008 10:56:34 PM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 1/27/2008 7:07:12 PM | Attr =  HS]
I386 -> %SystemDrive%\I386 ->  [Folder | Modified Date = 1/27/2008 7:02:54 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/28/2008 5:43:44 AM | Attr = R  ]
stdtsa -> %SystemDrive%\stdtsa ->  [Folder | Modified Date = 1/22/2008 5:39:04 AM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/16/2008 6:57:49 AM | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 1/28/2008 7:43:42 AM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/29/2008 4:51:53 AM | Attr =	]
_@Prosper USB Backup -> %SystemDrive%\_@Prosper USB Backup ->  [Folder | Modified Date = 1/26/2008 2:23:57 PM | Attr =	]
ETC -> %System32%\drivers\ETC ->  [Folder | Modified Date = 1/16/2008 1:16:07 AM | Attr =	]
fidbox.dat -> %System32%\drivers\fidbox.dat ->  [Ver =  | Size = 70285856 bytes | Modified Date = 1/29/2008 4:52:29 AM | Attr =  HS]
fidbox.idx -> %System32%\drivers\fidbox.idx ->  [Ver =  | Size = 945368 bytes | Modified Date = 1/28/2008 9:38:06 PM | Attr =  HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat ->  [Ver =  | Size = 5841440 bytes | Modified Date = 1/29/2008 4:53:18 AM | Attr =  HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx ->  [Ver =  | Size = 552788 bytes | Modified Date = 1/28/2008 9:38:07 PM | Attr =  HS]
.ico -> %System32%\.ico ->  [Ver =  | Size = 3377 bytes | Modified Date = 1/15/2008 10:09:23 PM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Modified Date = 1/20/2008 7:54:11 AM | Attr =	]
11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
ActiveScan -> %System32%\ActiveScan ->  [Folder | Modified Date = 1/20/2008 7:54:14 AM | Attr =	]
ASPRO -> %System32%\ASPRO ->  [Folder | Modified Date = 1/15/2008 11:54:43 PM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 1/23/2008 6:51:05 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/29/2008 4:19:40 AM | Attr =	]
CONFIG -> %System32%\CONFIG ->  [Folder | Modified Date = 1/20/2008 7:54:47 AM | Attr =	]
DLLCACHE -> %System32%\DLLCACHE ->  [Folder | Modified Date = 1/19/2008 8:25:03 AM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS ->  [Folder | Modified Date = 1/27/2008 7:05:55 PM | Attr =	]
en-us -> %System32%\en-us ->  [Folder | Modified Date = 1/23/2008 6:41:49 AM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 2295136 bytes | Modified Date = 1/23/2008 6:45:31 AM | Attr =	]
GroupPolicy -> %System32%\GroupPolicy ->  [Folder | Modified Date = 1/25/2008 8:30:59 PM | Attr =  H ]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 1/20/2008 7:11:36 AM | Attr =	]
Helppro.ico -> %System32%\Helppro.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 1/15/2008 10:09:23 PM | Attr =	]
lsdelete.exe -> %System32%\lsdelete.exe ->  [Ver =  | Size = 12632 bytes | Modified Date = 1/26/2008 10:10:42 AM | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 1/20/2008 7:11:36 AM | Attr =	]
pavaspro.ico -> %System32%\pavaspro.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 1/15/2008 10:09:23 PM | Attr =	]
PERFC009.DAT -> %System32%\PERFC009.DAT ->  [Ver =  | Size = 96948 bytes | Modified Date = 1/23/2008 6:39:42 AM | Attr =	]
PERFH009.DAT -> %System32%\PERFH009.DAT ->  [Ver =  | Size = 501410 bytes | Modified Date = 1/23/2008 6:39:42 AM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 589550 bytes | Modified Date = 1/23/2008 6:39:42 AM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/16/2008 6:57:49 AM | Attr =	]
TuneUpDefragService.exe -> %System32%\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.0.0.9 | Size = 306432 bytes | Modified Date = 1/26/2008 7:25:08 AM | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 1/20/2008 7:11:37 AM | Attr =	]
Uninstallpro.ico -> %System32%\Uninstallpro.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 1/15/2008 10:09:23 PM | Attr =	]
WBEM -> %System32%\WBEM ->  [Folder | Modified Date = 1/20/2008 7:57:22 AM | Attr =	]
WPA.DBL -> %System32%\WPA.DBL ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/29/2008 4:19:56 AM | Attr =	]
XPSViewer -> %System32%\XPSViewer ->  [Folder | Modified Date = 1/23/2008 6:41:46 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/10/2008 6:55:00 AM | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 1/20/2008 7:18:13 AM | Attr =	]
ASSEMBLY -> %SystemRoot%\ASSEMBLY ->  [Folder | Modified Date = 1/23/2008 7:00:23 AM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 1/21/2008 8:00:13 PM | Attr =	]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/29/2008 4:18:48 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/20/2008 7:22:05 AM | Attr =   S]
DVEdit.INI -> %SystemRoot%\DVEdit.INI ->  [Ver =  | Size = 0 bytes | Modified Date = 1/10/2008 6:53:53 AM | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 1/26/2008 9:26:47 PM | Attr =	]
IME -> %SystemRoot%\IME ->  [Folder | Modified Date = 1/20/2008 7:26:36 AM | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 1/22/2008 5:40:37 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/27/2008 7:07:15 PM | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 1/23/2008 6:58:17 AM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 1/28/2008 7:43:54 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 1/16/2008 8:55:09 PM | Attr =	]
pav.sig -> %SystemRoot%\pav.sig ->  [Ver =  | Size = 81073226 bytes | Modified Date = 1/14/2008 10:00:47 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/29/2008 4:53:39 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 1/20/2008 12:55:46 PM | Attr =  H ]
Quicken.ini -> %SystemRoot%\Quicken.ini ->  [Ver =  | Size = 385 bytes | Modified Date = 1/12/2008 6:17:33 PM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 1/20/2008 7:54:09 AM | Attr =	]
SRCHASST -> %SystemRoot%\SRCHASST ->  [Folder | Modified Date = 1/15/2008 11:54:30 PM | Attr =	]
SYSTEM32 -> %System32% ->  [Folder | Modified Date = 1/27/2008 7:06:08 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/29/2008 4:21:54 AM | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 1/29/2008 4:51:53 AM | Attr =	]
TWAIN_32 -> %SystemRoot%\TWAIN_32 ->  [Folder | Modified Date = 1/20/2008 6:28:45 PM | Attr =	]
WIN.INI -> %SystemRoot%\WIN.INI ->  [Ver =  | Size = 8188 bytes | Modified Date = 1/14/2008 10:00:55 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/23/2008 6:39:33 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 1/14/2008 4:42:04 PM | Attr =	]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 1/29/2008 4:21:55 AM | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/29/2008 4:18:55 AM | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 8131 bytes | Modified Date = 3/5/2006 7:01:22 AM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5572 bytes | Modified Date = 1/29/2008 4:20:35 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5572 bytes | Modified Date = 1/29/2008 4:20:34 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11060 bytes | Modified Date = 12/16/2007 9:51:00 PM | Attr =	]
GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\GridLayout.dat ->  [Ver =  | Size = 101841 bytes | Modified Date = 4/5/2005 2:39:08 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat ->  [Ver =  | Size = 11892 bytes | Modified Date = 6/14/2005 8:15:40 PM | Attr =	]
Perflib_Perfdata_110.dat -> C:\Documents and Settings\Ilona\Local Settings\Temp\Perflib_Perfdata_110.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/29/2008 4:19:10 AM | Attr =	]
1 C:\Documents and Settings\Ilona\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Ilona\Local Settings\Temp\*.tmp -> 
update.ini -> C:\Documents and Settings\Ilona\Local Settings\Temp\a2temp\update.ini ->  [Ver =  | Size = 30689 bytes | Modified Date = 1/26/2008 10:13:33 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Modified Date = 1/29/2008 4:19:38 AM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/26/2008 10:11:15 AM | Attr =	]
WLInstaller -> %AllUsersAppData%\WLInstaller ->  [Folder | Modified Date = 1/16/2008 7:01:39 AM | Attr =	]
HouseCall 6.6 -> %UserAppData%\HouseCall 6.6 ->  [Folder | Modified Date = 1/19/2008 10:30:19 PM | Attr =	]
SmarThruOptions.xml -> %UserAppData%\SmarThruOptions.xml ->  [Ver =  | Size = 5371 bytes | Modified Date = 1/20/2008 7:34:09 PM | Attr =	]
U3 -> %UserAppData%\U3 ->  [Folder | Modified Date = 1/27/2008 9:22:01 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 379240 bytes | Modified Date = 1/23/2008 6:47:23 AM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 14292736 bytes | Modified Date = 1/28/2008 8:02:04 AM | Attr =  H ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 1/16/2008 7:05:41 AM | Attr =	]
Sophos -> %LocalAppData%\Sophos ->  [Folder | Modified Date = 1/22/2008 6:01:19 AM | Attr =	]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 131 bytes | Modified Date = 1/25/2008 7:22:47 PM | Attr =  HS]
a-squared Free -> %UserDocuments%\a-squared Free ->  [Folder | Modified Date = 1/19/2008 7:20:51 AM | Attr =	]
Business Pro documents.bfl -> %UserDocuments%\Business Pro documents.bfl ->  [Ver =  | Size = 768 bytes | Modified Date = 1/12/2008 6:15:36 PM | Attr =	]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk ->  [Ver =  | Size = 571 bytes | Modified Date = 1/29/2008 4:21:06 AM | Attr =	]
Quicken -> %UserDocuments%\Quicken ->  [Folder | Modified Date = 1/12/2008 6:20:03 PM | Attr =	]
Shared Documents -> %UserDocuments%\Shared Documents ->  [Folder | Modified Date = 1/29/2008 4:50:20 AM | Attr =	]
080116 Firefox Error Report.doc -> %UserDesktop%\080116 Firefox Error Report.doc ->  [Ver =  | Size = 372736 bytes | Modified Date = 1/16/2008 12:03:32 PM | Attr =	]
080116 PT Exercises.xls -> %UserDesktop%\080116 PT Exercises.xls ->  [Ver =  | Size = 1763840 bytes | Modified Date = 1/20/2008 7:34:00 PM | Attr =	]
080116 PT1.jpg -> %UserDesktop%\080116 PT1.jpg ->  [Ver =  | Size = 54851 bytes | Modified Date = 1/16/2008 3:23:30 PM | Attr =	]
080116 PT10.jpg -> %UserDesktop%\080116 PT10.jpg ->  [Ver =  | Size = 210405 bytes | Modified Date = 1/16/2008 5:14:48 PM | Attr =	]
080116 PT11.jpg -> %UserDesktop%\080116 PT11.jpg ->  [Ver =  | Size = 222790 bytes | Modified Date = 1/16/2008 6:11:33 PM | Attr =	]
080116 PT12.jpg -> %UserDesktop%\080116 PT12.jpg ->  [Ver =  | Size = 231448 bytes | Modified Date = 1/16/2008 8:16:49 PM | Attr =	]
080116 PT13.jpg -> %UserDesktop%\080116 PT13.jpg ->  [Ver =  | Size = 76656 bytes | Modified Date = 1/16/2008 8:28:24 PM | Attr =	]
080116 PT14.jpg -> %UserDesktop%\080116 PT14.jpg ->  [Ver =  | Size = 77685 bytes | Modified Date = 1/16/2008 8:24:49 PM | Attr =	]
080116 PT2.jpg -> %UserDesktop%\080116 PT2.jpg ->  [Ver =  | Size = 45648 bytes | Modified Date = 1/16/2008 3:29:12 PM | Attr =	]
080116 PT3.jpg -> %UserDesktop%\080116 PT3.jpg ->  [Ver =  | Size = 188406 bytes | Modified Date = 1/16/2008 3:51:50 PM | Attr =	]
080116 PT4.jpg -> %UserDesktop%\080116 PT4.jpg ->  [Ver =  | Size = 44534 bytes | Modified Date = 1/16/2008 3:59:45 PM | Attr =	]
080116 PT5.jpg -> %UserDesktop%\080116 PT5.jpg ->  [Ver =  | Size = 21946 bytes | Modified Date = 1/16/2008 4:18:21 PM | Attr =	]
080116 PT6.jpg -> %UserDesktop%\080116 PT6.jpg ->  [Ver =  | Size = 215482 bytes | Modified Date = 1/16/2008 4:38:09 PM | Attr =	]
080116 PT7.jpg -> %UserDesktop%\080116 PT7.jpg ->  [Ver =  | Size = 39184 bytes | Modified Date = 1/16/2008 4:45:26 PM | Attr =	]
080116 PT8.jpg -> %UserDesktop%\080116 PT8.jpg ->  [Ver =  | Size = 60826 bytes | Modified Date = 1/16/2008 4:56:16 PM | Attr =	]
080116 PT9.jpg -> %UserDesktop%\080116 PT9.jpg ->  [Ver =  | Size = 64146 bytes | Modified Date = 1/16/2008 5:03:14 PM | Attr =	]
080120 PT15.jpg -> %UserDesktop%\080120 PT15.jpg ->  [Ver =  | Size = 81308 bytes | Modified Date = 1/20/2008 6:35:55 PM | Attr =	]
080120 PT16.jpg -> %UserDesktop%\080120 PT16.jpg ->  [Ver =  | Size = 68009 bytes | Modified Date = 1/20/2008 7:26:18 PM | Attr =	]
2 - ROSEWOOD -> %UserDesktop%\2 - ROSEWOOD ->  [Folder | Modified Date = 1/16/2008 12:36:25 PM | Attr =	]
3 - OPUS 9 -> %UserDesktop%\3 - OPUS 9 ->  [Folder | Modified Date = 1/16/2008 12:21:25 PM | Attr =	]
4 - SCRIPTIO -> %UserDesktop%\4 - SCRIPTIO ->  [Folder | Modified Date = 1/16/2008 12:33:44 PM | Attr =	]
5 - PICTURA -> %UserDesktop%\5 - PICTURA ->  [Folder | Modified Date = 1/16/2008 12:09:36 PM | Attr =	]
ARCHIVES -> %UserDesktop%\ARCHIVES ->  [Folder | Modified Date = 1/27/2008 5:42:16 PM | Attr =	]
COMPUTER NETWORK -> %UserDesktop%\COMPUTER NETWORK ->  [Folder | Modified Date = 1/22/2008 6:33:26 PM | Attr = R  ]
Hi Jeanne.doc -> %UserDesktop%\Hi Jeanne.doc ->  [Ver =  | Size = 24576 bytes | Modified Date = 1/20/2008 5:53:51 PM | Attr =	]
NEW ADVENT Home.url -> %UserDesktop%\NEW ADVENT Home.url ->  [Ver =  | Size = 93 bytes | Modified Date = 1/1/2008 4:18:30 PM | Attr =	]
NMT.doc -> %UserDesktop%\NMT.doc ->  [Ver =  | Size = 743936 bytes | Modified Date = 1/23/2008 6:51:18 PM | Attr =	]
P 0.0  PROSPER PLANNER 080117.xls -> %UserDesktop%\P 0.0  PROSPER PLANNER 080117.xls ->  [Ver =  | Size = 842752 bytes | Modified Date = 1/23/2008 10:01:26 AM | Attr =	]
PROSPER B Categories 080116.doc -> %UserDesktop%\PROSPER B Categories 080116.doc ->  [Ver =  | Size = 492544 bytes | Modified Date = 1/16/2008 3:00:43 PM | Attr =	]
security -> %UserDesktop%\security ->  [Folder | Modified Date = 1/29/2008 4:53:17 AM | Attr =	]
Logitech SetPoint.lnk -> %AllUsersStartup%\Logitech SetPoint.lnk ->  [Ver =  | Size = 1687 bytes | Modified Date = 1/1/2008 12:07:47 AM | Attr =	]
LightScribe -> %CommonProgramFiles%\LightScribe ->  [Folder | Modified Date = 1/14/2008 6:56:40 AM | Attr =	]
Logishrd -> %CommonProgramFiles%\Logishrd ->  [Folder | Modified Date = 1/1/2008 12:08:00 AM | Attr =	]
Logitech -> %CommonProgramFiles%\Logitech ->  [Folder | Modified Date = 1/1/2008 12:07:51 AM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 1/16/2008 7:05:25 AM | Attr =	]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller ->  [Folder | Modified Date = 1/16/2008 7:03:40 AM | Attr =  HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 12/30/2007 10:20:45 PM | Attr =	]

< End of report >


#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 PM

Posted 29 January 2008 - 11:52 AM

Hi netster. I don't see anything inthe log as far as malware goes but there are a couple of things that should be taken care of.

If you are using Kerio's personal firewall then I would uninstall it and reinstall it. Portions of it are missing and so it is not functioning properly. That may be a factor in some of the behavior you are seeing. If you no longer use it then just uninstall it.

I want to try and find a file that shows as not found.

  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • Select None for ALL of the 8 sections in the Basic Scans group.
  • Copy/paste the line below into the input box named Manual File or Registry Key Scans:
    c:\windows\system32\iimon.dll /s
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 netster

netster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 29 January 2008 - 10:12 PM

HI OT,

This is a home PC and it's often late before I can get on it! Here is the log you requested and thanks for the tip on Kerio. I don't need it anymore and will uninstall.

netster

WinPFind35 logfile created on: 1/29/2008 9:05:25 PM
WinPFind35U Version Beta40	 Folder = C:\Documents and Settings\Ilona\Desktop\security\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 12288 12288;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 352.85 Gb Total Space | 181.83 Gb Free Space | 51.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 19.50 Gb Total Space | 19.43 Gb Free Space | 99.67% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded

Computer Name: SCRIPTIO
Current User Name: Ilona
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user



[Manual Scans]
< c:\windows\system32\iimon.dll /s >
< End of report >


#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 PM

Posted 01 February 2008 - 10:21 AM

Hi netster. Ok, let's get started. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
NY -> Protocol_Catalog9\Catalog_Entries\000000000001 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000002 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000003 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000004 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000005 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000006 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000007 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000008 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000009 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000010 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000011 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000012 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000013 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000014 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000015 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000016 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000017 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000018 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000019 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000020 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000021 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000022 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000023 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000024 -> iimon.dll
NY -> Protocol_Catalog9\Catalog_Entries\000000000025 -> iimon.dll
[Empty Temp Folders]

The fix should only take a very short time. It will notifiy you when it is complete. Click the Ok button and Notepad will open with a list of the actions taken. Post that information back here in your next post.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report (just use the default options. You do not need to change anything).
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 netster

netster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 02 February 2008 - 11:48 PM

Hi OT. Step #2 with pasting the code into Winpfind35u seems to be hanging (Not Responding in Task Manager) and never finishes. I tried it twice let it run for quite awhile but never saw any HD activity light. It does show around 50% CPU load but it still hangs.

Thanks,

netster

#11 netster

netster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 03 February 2008 - 06:43 AM

HI OT,

Here is the SuperAnti Spyware report, not including the WinPFind35u code pasting in Step#2. I will run it again when you tell me what to do about the code step hanging.

Thanks!
netster

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/03/2008 at 04:56 AM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 06:05:49

Memory items scanned : 669
Memory threats detected : 0
Registry items scanned : 8400
Registry threats detected : 0
File items scanned : 428470
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Ilona\Cookies\ilona@tracking.foxnews[1].txt

Unclassified.Unknown Origin
C:\WINDOWS\SYSTEM32\AMUNINST.EX_

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 PM

Posted 03 February 2008 - 11:25 AM

Hi netster. It sounds like the opening brackey is missing (the '['). Verify that all of the code is getting pasted in and that no characters are left out from the first line and the last line.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 netster

netster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 03 February 2008 - 04:33 PM

Hi OT,

I did paste everything in right, but it still hangs on {Empty Temp Folders}. It shows many instances of the line in the Fix Pane window. When I try to click on anything except the X to close it, the hourglass just keeps running. What should I do otherwise?

Thank you,

netster

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 PM

Posted 03 February 2008 - 06:34 PM

Hi netster. That's fine. It might have been empty already.

Any continuing issues? None of the scanners have found anything so it does not appear that malware is at cause here.

Let me know.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 netster

netster
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 03 February 2008 - 08:59 PM

Hi OT.

The PC is running very smooth and there are NO lingering issues now! All the weird memory error messages and Windows component program crashes/error reports are gone.

I really appreciate all your help in cleaning things up here--thanks again!

netster




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users