Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Hacked - All Accounts Accessed & Passwords Changed


  • Please log in to reply
16 replies to this topic

#1 jennifero_hanlon

jennifero_hanlon

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 16 January 2008 - 03:54 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:07, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=4061121
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=4061121
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ie/ig/dell?hl=en&cli...amp;ibd=4061121
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.2.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 360Share On Startup.lnk = C:\Program Files\360Share\Gui\360Share.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...201/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14180 bytes

BC AdBot (Login to Remove)

 


#2 jennifero_hanlon

jennifero_hanlon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 16 January 2008 - 03:58 PM

Sorry - just highlighting my lack of computer knowledge by submitting the post without an explanation. Essentially my computer was hacked and I'm really sorry but I don't know the name of the virus/malware etc. I've followed all the steps as per the forum with the exception of intalling the firewall. When the firewall is installed I can't access the internet. My query now is - is my computer clean and safe to use again? So far I've avoided logging onto any site that requires personal information. Thanks in advance for the help :thumbsup:

PS. My original post is at http://www.bleepingcomputer.com/forums/t/124641/unable-to-log-into-any-accounts-hotmail-facebook-ebayhelp/

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:12 AM

Posted 23 January 2008 - 02:30 PM

Hello jennifero_hanlon and welcome to the BC HijackThis forum. I don't see anything in this log so let's look a little deeper.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Session Manager Settings
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 jennifero_hanlon

jennifero_hanlon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 January 2008 - 12:58 PM

Hi OldTimer,

Thanks for the help. I've followed your instructions but the following pop-up appears a few seconds after I start running the scan - 'List index out of bounds (103)'. The footer does still say 'Scanning Temp...' but nothing seems to be happening. I'll let it keep running and update you if anything more happens.

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:12 AM

Posted 24 January 2008 - 01:04 PM

Hi jennifero_hanlon. It might have been a corrupted downlod. Delete that copy and try downloading it again.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 jennifero_hanlon

jennifero_hanlon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 January 2008 - 01:34 PM

Hi OT,

Downloaded the second version but got the same type of message again - 'List index out of bounds (95)'. The following also appears in the box titled Paste Fix Here - 'C:\WINDOWS\temp\mcu43.tmp\vso folder deleted successfully.'

Thx

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:12 AM

Posted 24 January 2008 - 03:11 PM

Hi jennifero_hanlon. Are you copying/pasting anythig into that box before scanning? Nothing should be in ther before or appear in there after a scan at this point. Also, are you clicking the Run Scan or Run Fix button? You should be clikcing the Run Scan button (all the way over on the left).

For the Additional Scan items you need to check each checkbox in the list at the lower-right. Do not attempt to copy/paste the list into the box on the upper-right or things wil not go well.

Let me know.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 jennifero_hanlon

jennifero_hanlon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 28 January 2008 - 02:56 PM

Hi OT,

I've followed your instructions to the letter but I'm still getting the error message. I haven't copied and pasted anything anywhere on the page. Is there anything else I can try?

Thanks,

Jen

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:12 AM

Posted 28 January 2008 - 04:27 PM

Hi jennifero_hanlon. Download it again and try it. It should be version Beta39.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 jennifero_hanlon

jennifero_hanlon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 28 January 2008 - 04:41 PM

WinPFind35 logfile created on: 28/01/2008 21:37:45

WinPFind35U Version Beta39	 Folder = C:\Documents and Settings\Jennifer\Desktop\WinPFind35u

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

 

1022.37 Mb Total Physical Memory | 363.59 Mb Available Physical Memory | 35.56% Memory free

2.40 Gb Paging File | 1.71 Gb Available in Paging File | 71.39% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 67.80 Gb Total Space | 43.14 Gb Free Space | 63.62% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded



Computer Name: D9M5TL2J

Current User Name: Jennifer

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user





[Processes - Non-Microsoft Only]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4133 | Size = 409600 bytes | Modified Date = 23/05/2006 13:59:38 | Attr =	]

evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 114753 bytes | Modified Date = 01/05/2006 09:20:52 | Attr =	]

s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10, 1, 1, 34 | Size = 540745 bytes | Modified Date = 01/05/2006 09:22:42 | Attr =	]

wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10, 1, 1, 28 | Size = 262217 bytes | Modified Date = 01/05/2006 09:34:00 | Attr =	]

aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> Lavasoft AB [Ver = 7, 0, 2, 2 | Size = 87392 bytes | Modified Date = 30/08/2007 12:19:28 | Attr =	]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr =	]

astsrv.exe -> %System32%\AstSrv.exe ->  Advanced Software Technologies [Ver = 1, 0, 1, 0 | Size = 53248 bytes | Modified Date = 20/06/2007 09:11:58 | Attr =	]

avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 07/01/2008 23:27:43 | Attr =	]

avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 07/01/2008 23:27:48 | Attr =	]

googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 09/01/2008 21:04:33 | Attr =	]

mcdetect.exe -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 13/10/2005 19:56:16 | Attr =	]

mcshield.exe -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Modified Date = 10/08/2005 11:22:02 | Attr =	]

mctskshd.exe -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 24/08/2005 16:01:04 | Attr =	]

mpfservice.exe -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Modified Date = 11/11/2005 16:43:04 | Attr =	]

regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Modified Date = 01/05/2006 09:20:26 | Attr =	]

svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 02/10/2007 16:27:06 | Attr =	]

swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 02/10/2007 16:27:12 | Attr =	]

calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 30/03/2006 08:15:44 | Attr =	]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4133 | Size = 409600 bytes | Modified Date = 23/05/2006 13:59:38 | Attr =	]

jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 13:03:52 | Attr =	]

stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1  nd446 cp1 | Size = 282624 bytes | Modified Date = 24/03/2006 23:30:44 | Attr =	]

syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 08/03/2006 18:48:02 | Attr =	]

quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 12, 0 | Size = 1032192 bytes | Modified Date = 03/08/2006 18:51:42 | Attr =	]

zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Modified Date = 01/05/2006 09:28:06 | Attr =	]

ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Modified Date = 01/05/2006 09:28:26 | Attr =	]

ctsvolfe.exe -> %ProgramFiles%\Creative\Mixer\CTSVolFE.exe -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 57344 bytes | Modified Date = 23/02/2005 15:57:24 | Attr =	]

issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 16:50:18 | Attr =	]

oasclnt.exe -> %ProgramFiles%\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Modified Date = 11/08/2005 22:02:44 | Attr =	]

mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 22/09/2005 18:29:08 | Attr =	]

pcmservice.exe -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 22/08/2006 15:32:18 | Attr =	]

mcvsshld.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Modified Date = 10/08/2005 12:49:20 | Attr =	]

mskagent.exe -> %ProgramFiles%\McAfee\SpamKiller\MSKAgent.exe -> McAfee Inc. [Ver = 7.0.2.0 | Size = 110592 bytes | Modified Date = 26/09/2005 10:26:58 | Attr =	]

mpftray.exe -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Modified Date = 11/11/2005 17:00:56 | Attr =	]

mscifapp.exe -> %ProgramFiles%\McAfee.com\MPS\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Modified Date = 30/03/2006 14:31:24 | Attr =	]

tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 15/11/2007 13:11:04 | Attr =	]

avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 09/01/2008 19:57:31 | Attr =	]

dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10, 1, 1, 84 | Size = 397381 bytes | Modified Date = 01/05/2006 09:26:14 | Attr =	]

sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.31 | Size = 1065288 bytes | Modified Date = 02/10/2007 16:27:04 | Attr =	]

netwaiting.exe -> %ProgramFiles%\NetWaiting\netwaiting.exe ->  [Ver =  | Size = 20480 bytes | Modified Date = 10/09/2003 02:24:00 | Attr =	]

dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 28/08/2006 21:57:12 | Attr =	]

mpfagent.exe -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfAgent.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 524288 bytes | Modified Date = 11/11/2005 16:42:12 | Attr =	]

picasamediadetector.exe -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 23/10/2007 21:18:15 | Attr =	]

teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 16:46:28 | Attr =	]

ezi_hnm2.exe -> %ProgramFiles%\Dell Network Assistant\ezi_hnm2.exe -> SingleClick Systems [Ver = 1, 0, 0, 0 | Size = 991232 bytes | Modified Date = 12/06/2006 23:25:52 | Attr =	]

dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 02:06:00 | Attr =	]

googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 09/01/2008 21:04:31 | Attr =	]

ezi_hnm2.exe -> %ProgramFiles%\Dell Network Assistant\ezi_hnm2.exe -> SingleClick Systems [Ver = 1, 0, 0, 0 | Size = 991232 bytes | Modified Date = 12/06/2006 23:25:52 | Attr =	]

ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 15/11/2007 13:10:54 | Attr =	]

winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 28/01/2008 21:36:50 | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr =	]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr =	]

(astcc) AST Service [Win32_Own | Auto | Running] -> %System32%\AstSrv.exe ->  Advanced Software Technologies [Ver = 1, 0, 1, 0 | Size = 53248 bytes | Modified Date = 20/06/2007 09:11:58 | Attr =	]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4133 | Size = 409600 bytes | Modified Date = 23/05/2006 13:59:38 | Attr =	]

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 07/01/2008 23:27:43 | Attr =	]

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 07/01/2008 23:27:48 | Attr =	]

(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 30/03/2006 08:15:44 | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 114753 bytes | Modified Date = 01/05/2006 09:20:52 | Attr =	]

(GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 13/01/2008 21:00:08 | Attr =	]

(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 09/01/2008 21:04:33 | Attr =	]

(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 15/11/2007 13:10:54 | Attr =	]

(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 13/10/2005 19:56:16 | Attr =	]

(McShield) McAfee.com McShield [Win32_Own | Auto | Paused] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Modified Date = 10/08/2005 11:22:02 | Attr =	]

(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 24/08/2005 16:01:04 | Attr =	]

(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Modified Date = 01/07/2005 19:22:50 | Attr =	]

(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfService.exe -> McAfee Corporation [Ver = 7.1.0.113 | Size = 548864 bytes | Modified Date = 11/11/2005 16:43:04 | Attr =	]

(MskService) McAfee SpamKiller Server [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee\SpamKiller\MSKSrvr.exe -> McAfee Inc. [Ver = 7.0.1.3 | Size = 963072 bytes | Modified Date = 12/07/2005 18:10:18 | Attr =	]

(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Modified Date = 01/05/2006 09:20:26 | Attr =	]

(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10, 1, 1, 34 | Size = 540745 bytes | Modified Date = 01/05/2006 09:22:42 | Attr =	]

(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 02/10/2007 16:27:06 | Attr =	]

(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 02/10/2007 16:27:12 | Attr =	]

(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10, 1, 1, 28 | Size = 262217 bytes | Modified Date = 01/05/2006 09:34:00 | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.10.0 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.10.0 | Size = 21275 bytes | Modified Date = 21/11/2006 23:48:06 | Attr =	]

(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 17/08/2001 13:51:56 | Attr =	]

(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 03/08/2004 23:07:44 | Attr =	]

(APPDRV) APPDRV [Kernel | System | Running] -> %System32%\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 12/08/2005 17:50:46 | Attr =	]

(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 17/08/2001 13:52:00 | Attr =	]

(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 17/08/2001 13:51:58 | Attr =	]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6618 | Size = 1578496 bytes | Modified Date = 23/05/2006 14:06:36 | Attr =	]

(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 07/01/2008 23:27:51 | Attr =	]

(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 07/01/2008 23:27:54 | Attr =	]

(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 07/01/2008 23:27:55 | Attr =	]

(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 09/01/2008 19:57:34 | Attr =	]

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.52.0.0 built by: WinDDK | Size = 44544 bytes | Modified Date = 25/08/2006 07:23:08 | Attr =	]

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 17/08/2001 13:51:54 | Attr =	]

(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 17/08/2001 13:52:16 | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.13a | Size = 88352 bytes | Modified Date = 22/04/2005 03:22:00 | Attr =	]

(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.53a | Size = 40544 bytes | Modified Date = 21/04/2005 02:56:00 | Attr =	]

(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\Dell Support\GTAction\triggers\DSproct.sys -> GTek Technologies Ltd. [Ver = 1, 0, 0, 28 | Size = 4864 bytes | Modified Date = 10/01/2006 11:07:58 | Attr =	]

(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 17/08/2001 12:12:10 | Attr =	]

(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 15:44:04 | Attr =	]

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 12/08/2004 17:45:54 | Attr =	]

(hnmwrlspkt) HomeNet Manager Wireless Protocol [Kernel | Auto | Running] -> %System32%\drivers\hnm_wrls_pkt.sys -> SingleClick Systems [Ver = 1, 0, 0, 0 | Size = 13696 bytes | Modified Date = 12/01/2006 22:27:16 | Attr =	]

(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 201600 bytes | Modified Date = 22/07/2005 03:01:08 | Attr =	]

(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 1035008 bytes | Modified Date = 22/07/2005 03:02:12 | Attr =	]

(IKFileSec) File Security Driver [File_System | Boot | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Modified Date = 04/10/2007 17:10:52 | Attr =	]

(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 62280 bytes | Modified Date = 04/10/2007 17:10:54 | Attr =	]

(IKSysSec) System Security Driver [Kernel | System | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 79688 bytes | Modified Date = 04/10/2007 17:10:58 | Attr =	]

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 17/03/2004 03:04:14 | Attr =	]

(MPFIREWL) MPFIREWL [Kernel | System | Running] -> %System32%\drivers\MpFirewall.sys -> McAfee [Ver = 7.1.0.113 | Size = 80640 bytes | Modified Date = 11/11/2005 16:43:52 | Attr =	]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 17/08/2001 13:52:12 | Attr =	]

(NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %System32%\drivers\naiavf5x.sys -> McAfee Inc. [Ver = 11.0.0.142 | Size = 114464 bytes | Modified Date = 10/08/2005 11:22:10 | Attr =	]

(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 03/08/2004 22:29:56 | Attr =	]

(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\drivers\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 13/02/2004 16:46:00 | Attr =	]

(Packet) Auto Internet Protocol [Kernel | Auto | Running] -> %System32%\drivers\packet.sys -> SingleClick Systems [Ver = 1, 0, 0, 0 | Size = 13312 bytes | Modified Date = 12/01/2006 22:26:10 | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.41a | Size = 36560 bytes | Modified Date = 27/09/2006 21:53:22 | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 17/08/2001 13:52:20 | Attr =	]

(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 17/08/2001 13:52:20 | Attr =	]

(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 17/08/2001 13:52:18 | Attr =	]

(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %System32%\drivers\rimmptsk.sys -> REDC [Ver = 1.0.0.6 | Size = 28544 bytes | Modified Date = 14/10/2005 15:40:18 | Attr =	]

(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %System32%\drivers\rimsptsk.sys -> REDC [Ver = 1.00.01.12 | Size = 51328 bytes | Modified Date = 14/10/2005 15:40:18 | Attr =	]

(rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %System32%\drivers\rixdptsk.sys -> REDC [Ver = 1.00.02.04 | Size = 307968 bytes | Modified Date = 14/10/2005 15:40:18 | Attr =	]

(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 10, 1, 1, 3 | Size = 13568 bytes | Modified Date = 01/05/2006 09:52:02 | Attr =	]

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 03/08/2004 23:07:44 | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 17/08/2001 14:07:44 | Attr =	]

(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.90a | Size = 5627 bytes | Modified Date = 13/05/2005 10:37:28 | Attr =	]

(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.90a | Size = 23545 bytes | Modified Date = 13/05/2005 10:37:20 | Attr =	]

(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4995.1  nd446 cp1 | Size = 1156648 bytes | Modified Date = 24/03/2006 23:34:30 | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 17/08/2001 14:07:34 | Attr =	]

(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 17/08/2001 14:07:36 | Attr =	]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 17/08/2001 14:07:40 | Attr =	]

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 17/08/2001 14:07:42 | Attr =	]

(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Modified Date = 08/03/2006 18:35:10 | Attr =	]

(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25725 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34845 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4125 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2241 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86876 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15069 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6365 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98716 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100605 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 13/01/2008 20:45:50 | Attr =	]

(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 17/08/2001 13:52:22 | Attr =	]

(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\w39n51.sys -> Intel® Corporation [Ver = 10, 1, 1, 7 | Size = 1429632 bytes | Modified Date = 26/04/2006 23:13:04 | Attr =	]

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 717952 bytes | Modified Date = 22/07/2005 03:01:00 | Attr =	]

(wsppkt) Wireless Security Protocol [Kernel | Auto | Running] -> %System32%\drivers\wsp_pkt.sys -> SingleClick Systems [Ver = 1, 0, 0, 0 | Size = 13568 bytes | Modified Date = 12/01/2006 22:29:38 | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 02/01/2006 17:41:22 | Attr =	]

AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 09/01/2008 19:57:31 | Attr =	]

Corel Photo Downloader -> %ProgramFiles%\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe -> Corel, Inc. [Ver = 1,0,0,20060808.17 | Size = 462336 bytes | Modified Date = 14/08/2006 14:20:26 | Attr =	]

CTSVolFE.exe -> %ProgramFiles%\Creative\Mixer\CTSVolFE.exe -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 57344 bytes | Modified Date = 23/02/2005 15:57:24 | Attr =	]

Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 12, 0 | Size = 1032192 bytes | Modified Date = 03/08/2006 18:51:42 | Attr =	]

dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 13/01/2008 21:00:08 | Attr =	]

IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Modified Date = 01/05/2006 09:28:26 | Attr =	]

IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 1, 45 | Size = 667718 bytes | Modified Date = 01/05/2006 09:28:06 | Attr =	]

ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 27/07/2004 16:50:42 | Attr =	]

ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 16:50:18 | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 15/11/2007 13:11:04 | Attr =	]

MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 22/09/2005 18:29:08 | Attr =	]

MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Modified Date = 11/01/2006 12:05:42 | Attr =	]

MPFExe -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfTray.exe -> McAfee Security [Ver = 7.1.0.113 | Size = 1005096 bytes | Modified Date = 11/11/2005 17:00:56 | Attr =	]

MPSExe -> %ProgramFiles%\McAfee.com\MPS\mscifapp.exe -> McAfee, Inc. [Ver = 8.1.0.136 | Size = 296488 bytes | Modified Date = 30/03/2006 14:31:24 | Attr =	]

MSKAGENTEXE -> %ProgramFiles%\McAfee\SpamKiller\MSKAgent.exe -> McAfee Inc. [Ver = 7.0.2.0 | Size = 110592 bytes | Modified Date = 26/09/2005 10:26:58 | Attr =	]

MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.2.5 | Size = 1121280 bytes | Modified Date = 07/11/2006 14:49:50 | Attr =	]

OASClnt -> %ProgramFiles%\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Modified Date = 11/08/2005 22:02:44 | Attr =	]

PCMService -> %ProgramFiles%\Dell\MediaDirect\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 22/08/2006 15:32:18 | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 14/11/2007 23:43:10 | Attr =	]

SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.31 | Size = 1065288 bytes | Modified Date = 02/10/2007 16:27:04 | Attr =	]

SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1  nd446 cp1 | Size = 282624 bytes | Modified Date = 24/03/2006 23:30:44 | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 13:03:52 | Attr =	]

SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 08/03/2006 18:48:02 | Attr =	]

VirusScan Online -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Modified Date = 10/08/2005 12:49:20 | Attr =	]

VSOCheckTask -> %ProgramFiles%\McAfee.com\VSO\mcmnhdlr.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Modified Date = 08/07/2005 18:18:22 | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 28/08/2006 21:57:12 | Attr =	]

ModemOnHold -> %ProgramFiles%\NetWaiting\netwaiting.exe ->  [Ver =  | Size = 20480 bytes | Modified Date = 10/09/2003 02:24:00 | Attr =	]

Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 23/10/2007 21:18:15 | Attr =	]

SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 16:46:28 | Attr =	]

swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 09/01/2008 21:04:36 | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 22:05:26 | Attr =	]

%AllUsersStartup%\Dell Network Assistant.lnk -> %SystemRoot%\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ->  [Ver =  | Size = 7168 bytes | Modified Date = 21/11/2006 23:56:16 | Attr = R  ]

%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 02:06:00 | Attr =	]

%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 09/01/2008 21:04:31 | Attr =	]

< Jennifer Startup Folder > -> C:\Documents and Settings\Jennifer\Start Menu\Programs\Startup -> 

%UserStartup%\360Share On Startup.lnk -> %ProgramFiles%\360Share\Gui\360Share.exe ->  [Ver =  | Size = 131072 bytes | Modified Date = 11/04/2005 19:45:32 | Attr =	]

< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 

C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.706.29690 | Size = 145408 bytes | Modified Date = 13/01/2008 21:00:09 | Attr =	]

*MultiFile Done* -> -> 

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4133 | Size = 61440 bytes | Modified Date = 23/05/2006 14:00:44 | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

< HOSTS File > (220289 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Default_Page_URL -> www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=4061121 -> 

HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.ie/ig -> 

HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie -> 

HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. -> 

33 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. -> 

32 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 04:16:42 | Attr =	]

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee.com\MPS\McBrHlpr.dll [McBrwHelper Class] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 147456 bytes | Modified Date = 28/10/2005 10:30:34 | Attr =	]

{3EC8255F-E043-4cae-8B3B-B191550C2A22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee.com\MPS\PopupKiller.dll [McAfee Privacy Service Popup Blocker] -> McAfee, Inc. [Ver = 8.1.0.120 | Size = 132648 bytes | Modified Date = 28/10/2005 10:30:36 | Attr =	]

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\SpamKiller\McApfBHO.dll [McAfee AntiPhishing Filter] -> McAfee, Inc. [Ver = 7.0.2.3 | Size = 348160 bytes | Modified Date = 03/11/2005 14:10:32 | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr =	]

{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 31/05/2005 05:33:00 | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 13:22:12 | Attr =	]

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 09/01/2008 21:04:59 | Attr = R  ]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 09/01/2008 21:04:36 | Attr =	]

{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.2.0.2 | Size = 98304 bytes | Modified Date = 11/10/2006 14:05:44 | Attr =	]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 09/01/2008 21:04:59 | Attr = R  ]

{BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee.com\VSO\mcvsshl.dll [McAfee VirusScan] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 01/07/2005 20:44:30 | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 09/01/2008 21:04:59 | Attr = R  ]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 13:22:12 | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 13:22:12 | Attr =	]

{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}:{7DD73374-7187-4103-8F29-622AA25E7C40} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\SpamKiller\McApfBHO.dll [McAfee AntiPhishing Filter] -> McAfee, Inc. [Ver = 7.0.2.3 | Size = 348160 bytes | Modified Date = 03/11/2005 14:10:32 | Attr =	]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 13:22:12 | Attr =	]

CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\SpamKiller\McApfBHO.dll [McAfee AntiPhishing Filter] -> McAfee, Inc. [Ver = 7.0.2.3 | Size = 348160 bytes | Modified Date = 03/11/2005 14:10:32 | Attr =	]

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr =	]

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{524ED522-3D09-4864-ABDE-B36FB04F1732} ->	(1394 Net Adapter) -> 

{B16E162A-78EB-4345-9541-753DD035EF08} ->	(Broadcom 440x 10/100 Integrated Controller) -> 

{D91DCDC2-86A7-4542-AB06-890F5D0A235C} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000020 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000021 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000022 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000023 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000024 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000025 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000026 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000027 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000028 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000029 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000030 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000031 -> %System32%\mclsp.dll -> McAfee, Inc. [Ver = 8.1.0.133 | Size = 131072 bytes | Modified Date = 01/03/2006 11:34:02 | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 24/09/2007 13:11:50 | Attr = R  ]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[McAfee.com Operating System Class] -> 

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab[MSN Photo Upload Tool] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5201/mcfscan.cab[McFreeScan Class] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 17:49:30 | Attr =	]

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 14:21:15 | Attr =	]

wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 948 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 10048 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Dell Network Assistant\ezi_hnm2.exe -> C:\Program Files\Dell Network Assistant\ezi_hnm2.exe [C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant] -> SingleClick Systems [Ver = 1, 0, 0, 0 | Size = 991232 bytes | Modified Date = 12/06/2006 23:25:52 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Dell\MediaDirect\PCMService.exe -> C:\Program Files\Dell\MediaDirect\PCMService.exe [C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program] -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 184320 bytes | Modified Date = 22/08/2006 15:32:18 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\java.exe -> C:\WINDOWS\system32\java.exe [C:\WINDOWS\system32\java.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49248 bytes | Modified Date = 10/11/2005 11:27:06 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\Veoh\VeohClient.exe -> C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 13/10/2004 16:24:37 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 15/11/2007 13:10:56 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 09/01/2008 19:57:32 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 07/01/2008 23:27:43 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 09/01/2008 19:57:31 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10421:UDP -> 10421:UDP:*:Enabled:SingleClick Discovery Protocol -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10426:UDP -> 10426:UDP:*:Enabled:SingleClick ICC -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 04:39:49 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 04:39:49 | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> (binary data) -> 

< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 

0 -> [Key] -> 

0 -> FriendlyName = My Current Home Page -> 

0 -> Source = About:Home -> 

0 -> SubscribedURL = About:Home -> 

< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> 

BootExecute -> autocheck autochk *;lsdelete; -> 

ExcludeFromKnownDlls ->  -> 

*PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations -> 

\??\C:\Documents and Settings\Jennifer\Local Settings\Temp\$61231EFC.t$m [\??\C:\Documents and Settings\Jennifer\Local Settings\Temp\$61231EFC.t$m]  -> %LocalSettings%\Temp\$61231EFC.t$m [%LocalSettings%\Temp\$61231EFC.t$m] -> File not found

*MultiFile Done* -> -> 

< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> 

ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

TEMP -> %SystemRoot%\TEMP -> 

TMP -> %SystemRoot%\TEMP -> 

windir -> %SystemRoot% -> 

*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> 

%SystemRoot%\system32 -> %System32% ->  [Folder | Modified Date = 16/01/2008 20:36:27 | Attr =	]

%SystemRoot% -> %SystemRoot% ->  [Folder | Modified Date = 28/01/2008 19:37:28 | Attr =	]

%SystemRoot%\System32\Wbem -> %System32%\wbem ->  [Folder | Modified Date = 15/01/2008 01:00:09 | Attr =	]

C:\Program Files\ATI Technologies\ATI.ACE\ -> %ProgramFiles%\ATI Technologies\ATI.ACE ->  [Folder | Modified Date = 15/01/2008 00:40:56 | Attr =	]

C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem ->  [Folder | Modified Date = 15/01/2008 00:49:36 | Attr =	]

*MultiFile Done* -> -> 

*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> 

.COM -> .COM -> File not found

.EXE -> .EXE -> File not found

.BAT -> .BAT -> File not found

.CMD -> .CMD -> File not found

.VBS -> .VBS -> File not found

.VBE -> .VBE -> File not found

.JS -> .JS -> File not found

.JSE -> .JSE -> File not found

.WSF -> .WSF -> File not found

.WSH -> .WSH -> File not found

*MultiFile Done* -> -> 

< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\NetCache\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> 

*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> 

ADE ->  -> File not found

ADP ->  -> File not found

BAS ->  -> File not found

BAT ->  -> File not found

CHM ->  -> File not found

CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

COM ->  -> File not found

CPL ->  -> File not found

CRT ->  -> File not found

EXE ->  -> File not found

HLP ->  -> File not found

HTA ->  -> File not found

INF ->  -> File not found

INS ->  -> File not found

ISP ->  -> File not found

LNK ->  -> File not found

MDB ->  -> File not found

MDE ->  -> File not found

MSC ->  -> File not found

MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 18/04/2007 16:12:23 | Attr =	]

MSP ->  -> File not found

MST ->  -> File not found

OCX ->  -> File not found

PCD ->  -> File not found

PIF ->  -> File not found

REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

SCR ->  -> File not found

SHS ->  -> File not found

URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 10/08/2004 05:00:00 | Attr =	]

VB ->  -> File not found

WSC ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified ->  -> 

*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> 

̋ ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified ->  -> 

*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> 

ȅ ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified ->  -> 

*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> 

Ζ ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified ->  -> 

*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> 

ĺ ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified ->  -> 

*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> 

Ų ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\Shutdown\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\Shutdown\\HibernateAsDefault -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\System\Shutdown\\ShowHibernateButton -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> 

< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> 

HKEY_CURRENT_USER\Software\Policies\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> 





[Files/Folders - Created Within 30 days]

avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 07/01/2008 23:27:51 | Attr =	]

avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 07/01/2008 23:27:54 | Attr =	]

avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 07/01/2008 23:27:55 | Attr =	]

avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 07/01/2008 23:27:56 | Attr =	]

avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 07/01/2008 23:27:56 | Attr =	]

ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Created Date = 13/01/2008 21:02:18 | Attr =	]

iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 62280 bytes | Created Date = 13/01/2008 21:02:17 | Attr =	]

iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 79688 bytes | Created Date = 13/01/2008 21:02:18 | Attr =	]

kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 13/01/2008 21:02:18 | Attr =	]

tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 13/01/2008 20:49:24 | Attr =	]

ActiveScan -> %System32%\ActiveScan ->  [Folder | Created Date = 14/01/2008 23:46:12 | Attr =	]

1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 14/01/2008 23:47:05 | Attr =	]

Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 14/01/2008 23:46:17 | Attr =	]

pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 14/01/2008 23:46:15 | Attr =	]

Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 14/01/2008 23:46:17 | Attr =	]

ZPORT4AS.dll -> %System32%\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 14/01/2008 23:47:05 | Attr =	]

McAfee.com -> %SystemRoot%\McAfee.com ->  [Folder | Created Date = 07/01/2008 23:06:54 | Attr =	]

Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job ->  [Ver =  | Size = 414 bytes | Created Date = 13/01/2008 21:00:43 | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

avg7 -> %AllUsersAppData%\avg7 ->  [Folder | Created Date = 07/01/2008 23:27:41 | Attr =	]

Google Updater -> %AllUsersAppData%\Google Updater ->  [Folder | Created Date = 09/01/2008 21:04:35 | Attr =	]

Grisoft -> %AllUsersAppData%\Grisoft ->  [Folder | Created Date = 07/01/2008 23:27:41 | Attr =	]

Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 15/01/2008 19:38:50 | Attr =	]

Skype -> %AllUsersAppData%\Skype ->  [Folder | Created Date = 13/01/2008 21:42:18 | Attr =	]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 14/01/2008 21:56:48 | Attr =	]

TEMP -> %AllUsersAppData%\TEMP ->  [Folder | Created Date = 13/01/2008 21:02:52 | Attr =	]

@Alternate Data Stream - 129 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2

AVG7 -> %UserAppData%\AVG7 ->  [Folder | Created Date = 07/01/2008 23:28:04 | Attr =	]

HouseCall 6.6 -> %UserAppData%\HouseCall 6.6 ->  [Folder | Created Date = 14/01/2008 22:56:00 | Attr =	]

PC Tools -> %UserAppData%\PC Tools ->  [Folder | Created Date = 13/01/2008 21:02:09 | Attr =	]

Skype -> %UserAppData%\Skype ->  [Folder | Created Date = 14/01/2008 21:00:51 | Attr =	]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 15/01/2008 19:38:54 | Attr =	]

AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk ->  [Ver =  | Size = 1532 bytes | Created Date = 07/01/2008 23:27:56 | Attr =	]

Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 09/01/2008 20:47:21 | Attr =	]

Exercise Plan.doc -> %UserDesktop%\Exercise Plan.doc ->  [Ver =  | Size = 145920 bytes | Created Date = 28/01/2008 20:56:25 | Attr =	]

HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 16/01/2008 20:46:18 | Attr =	]

Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 14/01/2008 21:56:59 | Attr =	]

stinger3.exe -> %UserDesktop%\stinger3.exe -> McAfee Inc. [Ver = 3.0.2 | Size = 1147911 bytes | Created Date = 15/01/2008 23:23:28 | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\stinger3.exe:Zone.Identifier

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 28/01/2008 21:35:30 | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478982 bytes | Created Date = 28/01/2008 21:35:06 | Attr =	]

Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk ->  [Ver =  | Size = 920 bytes | Created Date = 09/01/2008 21:04:35 | Attr =	]

Skype -> %CommonProgramFiles%\Skype ->  [Folder | Created Date = 13/01/2008 21:46:16 | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 15/01/2008 19:38:26 | Attr =	]



[Files/Folders - Modified Within 30 days]

b30bfc45ac275381983b39dd -> %SystemDrive%\b30bfc45ac275381983b39dd ->  [Folder | Modified Date = 15/01/2008 00:11:47 | Attr =	]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1072103424 bytes | Modified Date = 28/01/2008 19:34:41 | Attr =  HS]

MDT -> %SystemDrive%\MDT ->  [Folder | Modified Date = 28/01/2008 19:37:34 | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 16/01/2008 20:46:17 | Attr = R  ]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 28/01/2008 19:37:28 | Attr =	]

avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 07/01/2008 23:27:51 | Attr =	]

avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 07/01/2008 23:27:54 | Attr =	]

avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 07/01/2008 23:27:55 | Attr =	]

avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 09/01/2008 19:57:34 | Attr =	]

avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 09/01/2008 19:57:19 | Attr =	]

etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 15/01/2008 22:57:33 | Attr =	]

hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 220289 bytes | Modified Date = 15/01/2008 22:57:33 | Attr =	]

hosts.bak -> %System32%\drivers\etc\hosts.bak ->  [Ver =  | Size = 222979 bytes | Modified Date = 14/01/2008 22:07:06 | Attr = R  ]

tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 13/01/2008 20:45:50 | Attr =	]

50A588CC04.sys -> %System32%\50A588CC04.sys ->  [Ver =  | Size = 168 bytes | Modified Date = 18/01/2008 21:57:36 | Attr = RHS]

ActiveScan -> %System32%\ActiveScan ->  [Folder | Modified Date = 15/01/2008 00:57:34 | Attr =	]

1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 22/01/2008 19:59:56 | Attr =	]

config -> %System32%\config ->  [Folder | Modified Date = 15/01/2008 00:57:59 | Attr =	]

dla -> %System32%\dla ->  [Folder | Modified Date = 15/01/2008 00:58:12 | Attr =	]

dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 22/01/2008 20:00:12 | Attr =	]

drivers -> %System32%\drivers ->  [Folder | Modified Date = 28/01/2008 19:35:09 | Attr =	]

DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Modified Date = 07/01/2008 21:38:18 | Attr =	]

FxsTmp -> %System32%\FxsTmp ->  [Folder | Modified Date = 28/01/2008 20:25:34 | Attr =	]

Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 14/01/2008 23:46:17 | Attr =	]

KGyGaAvL.sys -> %System32%\KGyGaAvL.sys ->  [Ver =  | Size = 5642 bytes | Modified Date = 18/01/2008 21:59:19 | Attr =  HS]

mclsphlr -> %System32%\mclsphlr ->  [Folder | Modified Date = 15/01/2008 00:59:05 | Attr =	]

pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 14/01/2008 23:46:17 | Attr =	]

perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 54288 bytes | Modified Date = 14/01/2008 21:05:09 | Attr =	]

perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 382902 bytes | Modified Date = 14/01/2008 21:05:10 | Attr =	]

PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 441626 bytes | Modified Date = 14/01/2008 21:05:09 | Attr =	]

Status.MPF -> %System32%\Status.MPF ->  [Ver =  | Size = 97696 bytes | Modified Date = 28/01/2008 19:37:41 | Attr =	]

Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 14/01/2008 23:46:17 | Attr =	]

wbem -> %System32%\wbem ->  [Folder | Modified Date = 15/01/2008 01:00:09 | Attr =	]

wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 28/01/2008 19:37:15 | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 09/01/2008 19:59:02 | Attr =  H ]

AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 15/01/2008 00:52:52 | Attr =	]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 28/01/2008 19:34:44 | Attr =   S]

CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 20/01/2008 18:44:28 | Attr =  HS]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 15/01/2008 00:53:25 | Attr =   S]

ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 15/01/2008 00:53:58 | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Modified Date = 09/01/2008 21:57:26 | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 18/01/2008 21:43:24 | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 28/01/2008 20:23:51 | Attr =  HS]

McAfee.com -> %SystemRoot%\McAfee.com ->  [Folder | Modified Date = 07/01/2008 23:06:54 | Attr =	]

pchealth -> %SystemRoot%\pchealth ->  [Folder | Modified Date = 07/01/2008 21:38:15 | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 28/01/2008 21:33:26 | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 28/01/2008 19:37:42 | Attr =  H ]

Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 28/01/2008 19:35:18 | Attr =	]

SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 15/01/2008 00:57:28 | Attr =	]

system -> %SystemRoot%\system ->  [Folder | Modified Date = 07/01/2008 23:27:19 | Attr =	]

system32 -> %System32% ->  [Folder | Modified Date = 16/01/2008 20:36:27 | Attr =	]

Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 28/01/2008 19:37:23 | Attr =   S]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 28/01/2008 21:29:06 | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 632 bytes | Modified Date = 15/01/2008 00:07:39 | Attr =	]

WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 07/01/2008 21:38:23 | Attr =	]

McAfee.com Scan for Viruses - My Computer (D9M5TL2J-Jennifer).job -> %SystemRoot%\tasks\McAfee.com Scan for Viruses - My Computer (D9M5TL2J-Jennifer).job ->  [Ver =  | Size = 356 bytes | Modified Date = 28/01/2008 19:37:23 | Attr =	]

Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job ->  [Ver =  | Size = 414 bytes | Modified Date = 13/01/2008 21:00:43 | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 28/01/2008 19:34:50 | Attr =  H ]

eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 16/08/2005 04:50:18 | Attr =  H ]

eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 16/08/2005 04:50:42 | Attr =  H ]

eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 16/08/2005 04:52:08 | Attr =  H ]

eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 16/08/2005 21:05:58 | Attr =  H ]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 13/01/2008 21:40:16 | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5526 bytes | Modified Date = 13/01/2008 21:40:15 | Attr =	]

data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 25/11/2006 16:05:17 | Attr =	]

wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 25/11/2006 09:33:24 | Attr =	]

wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 162475 bytes | Modified Date = 25/11/2006 09:33:29 | Attr =	]

McAppIns.exe -> C:\WINDOWS\Temp\mcu11.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 23/01/2006 17:55:06 | Attr =	]

McAppIns.exe -> C:\WINDOWS\Temp\mcu16.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 23/01/2006 17:55:06 | Attr =	]

McAppIns.exe -> C:\WINDOWS\Temp\mcu1C.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 23/01/2006 17:55:06 | Attr =	]

McAppIns.exe -> C:\WINDOWS\Temp\mcu1E.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 23/01/2006 17:55:06 | Attr =	]

McAppIns.exe -> C:\WINDOWS\Temp\mcu29.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 23/01/2006 17:55:06 | Attr =	]

McAppIns.exe -> C:\WINDOWS\Temp\mcu30.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 23/01/2006 17:55:06 | Attr =	]

McAppIns.exe -> C:\WINDOWS\Temp\mcu33.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 23/01/2006 17:55:06 | Attr =	]

McAppIns.exe -> C:\WINDOWS\Temp\mcu36.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 23/01/2006 17:55:06 | Attr =	]

McAppIns.exe -> C:\WINDOWS\Temp\mcu3B.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 23/01/2006 17:55:06 | Attr =	]

McAppIns.exe -> C:\WINDOWS\Temp\mcu3E.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 23/01/2006 17:55:06 | Attr =	]

mcinsres.dll -> C:\WINDOWS\Temp\mcu11.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 23/01/2006 17:54:54 | Attr =	]

mcinsres.dll -> C:\WINDOWS\Temp\mcu16.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 23/01/2006 17:54:54 | Attr =	]

mcinsres.dll -> C:\WINDOWS\Temp\mcu1C.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 23/01/2006 17:54:54 | Attr =	]

mcinsres.dll -> C:\WINDOWS\Temp\mcu1E.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 23/01/2006 17:54:54 | Attr =	]

mcinsres.dll -> C:\WINDOWS\Temp\mcu29.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 23/01/2006 17:54:54 | Attr =	]

mcinsres.dll -> C:\WINDOWS\Temp\mcu30.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 23/01/2006 17:54:54 | Attr =	]

mcinsres.dll -> C:\WINDOWS\Temp\mcu33.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 23/01/2006 17:54:54 | Attr =	]

mcinsres.dll -> C:\WINDOWS\Temp\mcu36.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 23/01/2006 17:54:54 | Attr =	]

mcinsres.dll -> C:\WINDOWS\Temp\mcu3B.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 23/01/2006 17:54:54 | Attr =	]

mcinsres.dll -> C:\WINDOWS\Temp\mcu3E.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 23/01/2006 17:54:54 | Attr =	]

index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 28/01/2008 19:40:02 | Attr =	]

index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 28/01/2008 19:40:02 | Attr =	]

desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 24/11/2006 17:12:50 | Attr =  HS]

mcdelta.ini -> C:\WINDOWS\Temp\mcu10.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 10/12/2006 21:49:10 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu12.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 999 bytes | Modified Date = 13/12/2006 12:19:24 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu13.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 16/12/2006 14:09:33 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu14.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 15/12/2006 09:50:36 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu15.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 19/12/2006 09:28:14 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu17.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 06/12/2006 22:02:25 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu18.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 11/12/2006 22:39:50 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu19.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 999 bytes | Modified Date = 14/12/2006 10:16:07 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu1A.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 20/12/2006 09:12:13 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu1B.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 23/12/2006 11:12:00 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu1D.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 30/12/2006 02:04:19 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu1F.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 29/12/2006 20:59:24 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu20.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 05/01/2007 11:06:14 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu21.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 994 bytes | Modified Date = 06/01/2007 15:22:13 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu22.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 05/12/2006 22:02:59 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu23.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 21/12/2006 15:14:06 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu24.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 10/01/2007 09:36:35 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu25.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 11/01/2007 10:38:10 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu26.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 12/01/2007 15:12:20 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu27.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 13/01/2007 01:07:13 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu28.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 15/01/2007 21:06:51 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu2A.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 17/01/2007 10:40:36 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu2B.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 27/12/2006 20:25:23 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu2C.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 17/01/2007 22:43:20 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu2D.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 19/01/2007 12:50:49 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu2E.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 03/01/2007 20:31:46 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu2F.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 22/01/2007 11:01:42 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu31.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 23/01/2007 22:57:53 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu32.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 24/01/2007 23:20:07 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu34.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 23/01/2007 10:12:30 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu35.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 03/02/2007 12:33:49 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu37.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 08/02/2007 18:05:22 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu38.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 10/02/2007 10:34:24 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu39.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 06/02/2007 09:30:34 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu3A.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 12/02/2007 22:14:52 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu3C.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 02/02/2007 10:01:02 | Attr =	]

mcdelta.ini -> C:\WINDOWS\Temp\mcu3D.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 16/02/2007 17:45:09 | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

avg7 -> %AllUsersAppData%\avg7 ->  [Folder | Modified Date = 07/01/2008 23:30:57 | Attr =	]

Dell -> %AllUsersAppData%\Dell ->  [Folder | Modified Date = 24/01/2008 17:28:18 | Attr =	]

Google -> %AllUsersAppData%\Google ->  [Folder | Modified Date = 09/01/2008 21:04:59 | Attr =	]

Google Updater -> %AllUsersAppData%\Google Updater ->  [Folder | Modified Date = 28/01/2008 19:48:13 | Attr =	]

Grisoft -> %AllUsersAppData%\Grisoft ->  [Folder | Modified Date = 07/01/2008 23:27:41 | Attr =	]

Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 15/01/2008 19:39:21 | Attr =	]

Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Modified Date = 13/01/2008 20:57:16 | Attr =   S]

Skype -> %AllUsersAppData%\Skype ->  [Folder | Modified Date = 13/01/2008 21:46:24 | Attr =	]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 14/01/2008 22:53:50 | Attr =	]

TEMP -> %AllUsersAppData%\TEMP ->  [Folder | Modified Date = 28/01/2008 19:37:39 | Attr =	]

@Alternate Data Stream - 129 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2

AVG7 -> %UserAppData%\AVG7 ->  [Folder | Modified Date = 28/01/2008 19:38:37 | Attr =	]

Corel -> %UserAppData%\Corel ->  [Folder | Modified Date = 18/01/2008 21:59:15 | Attr =	]

HouseCall 6.6 -> %UserAppData%\HouseCall 6.6 ->  [Folder | Modified Date = 14/01/2008 23:42:45 | Attr =	]

LimeWire -> %UserAppData%\LimeWire ->  [Folder | Modified Date = 19/01/2008 11:09:04 | Attr =	]

PC Tools -> %UserAppData%\PC Tools ->  [Folder | Modified Date = 13/01/2008 21:02:09 | Attr =	]

Skype -> %UserAppData%\Skype ->  [Folder | Modified Date = 14/01/2008 22:00:52 | Attr =	]

WholeSecurity -> %UserAppData%\WholeSecurity ->  [Folder | Modified Date = 07/01/2008 21:11:03 | Attr =	]

ApplicationHistory -> %LocalAppData%\ApplicationHistory ->  [Folder | Modified Date = 28/01/2008 19:37:52 | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 25600 bytes | Modified Date = 13/01/2008 22:24:59 | Attr =	]

My Documents -> %UserDocuments%\My Documents ->  [Folder | Modified Date = 16/01/2008 22:53:49 | Attr =	]

My Google Gadgets -> %UserDocuments%\My Google Gadgets ->  [Folder | Modified Date = 13/01/2008 21:00:18 | Attr =	]

My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 18/01/2008 22:22:45 | Attr = R  ]

My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 06/01/2008 11:56:15 | Attr = R  ]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 15/01/2008 19:38:54 | Attr =	]

AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk ->  [Ver =  | Size = 1532 bytes | Modified Date = 07/01/2008 23:27:56 | Attr =	]

iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 28/01/2008 20:10:52 | Attr =	]

Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 09/01/2008 20:47:21 | Attr =	]

Exercise Plan.doc -> %UserDesktop%\Exercise Plan.doc ->  [Ver =  | Size = 145920 bytes | Modified Date = 28/01/2008 21:37:25 | Attr =	]

HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 16/01/2008 20:46:18 | Attr =	]

Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 14/01/2008 21:56:59 | Attr =	]

stinger3.exe -> %UserDesktop%\stinger3.exe -> McAfee Inc. [Ver = 3.0.2 | Size = 1147911 bytes | Modified Date = 15/01/2008 23:23:35 | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\stinger3.exe:Zone.Identifier

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 28/01/2008 21:35:31 | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478982 bytes | Modified Date = 28/01/2008 21:35:05 | Attr =	]

Dell Network Assistant.lnk -> %AllUsersStartup%\Dell Network Assistant.lnk ->  [Ver =  | Size = 2333 bytes | Modified Date = 28/01/2008 19:37:53 | Attr =	]

Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk ->  [Ver =  | Size = 920 bytes | Modified Date = 09/01/2008 21:04:35 | Attr =	]

Skype -> %CommonProgramFiles%\Skype ->  [Folder | Modified Date = 13/01/2008 21:46:19 | Attr =	]

System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 15/01/2008 00:43:12 | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 15/01/2008 19:38:26 | Attr =	]



< End of report >


#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:12 AM

Posted 28 January 2008 - 04:54 PM

Hi jennifero_hanlon. I only see one file that I would question in there. Let's have it scanned and see what they say.

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan:
c:\windows\System32\50A588CC04.sys
Several scanning engines will be used to check the file for any threats. Please post the results of the scans back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 jennifero_hanlon

jennifero_hanlon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 28 January 2008 - 05:07 PM

Statistics
Last file scanned at least one scanner reported something about: Corel_Thumber_1.zip (MD5: 45b98d87569376e3b0809f68455c21a6, size: 492874 bytes), detected by:

Scanner Malware name
A-Squared Trojan-Downloader.Win32.Bagle.gy
AntiVir TR/Dldr..Bagle.gy
ArcaVir Trojan.Downloader.Beagle.Gy
Avast Win32:Beagle-ZA
AVG Antivirus IRC/BackDoor.SdBot3.XQP
BitDefender Trojan.Downloader.Bagle.ER
ClamAV PUA.Packed.Themida
CPsecure X
Dr.Web Win32.HLLM.Beagle
F-Prot Antivirus X
F-Secure Anti-Virus Trojan-Downloader.Win32.Bagle.gy
Fortinet W32/Bagle.GY!tr.dldr
Ikarus Trojan-Downloader.Win32.Bagle.gy
Kaspersky Anti-Virus Trojan-Downloader.Win32.Bagle.gy
NOD32 Win32/Bagle.LJ
Norman Virus Control SDBot.gen8
Panda Antivirus W32/Bagle.RC.worm
Rising Antivirus X
Sophos Antivirus X
VirusBuster Trojan.DL.Bagle.RA
VBA32 Trojan-Downloader.Win32.Bagle.gy

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:12 AM

Posted 28 January 2008 - 05:16 PM

Hi jennifero_hanlon. That looks icky. Let's get rid of it.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Extra Files]
c:\windows\System32\50A588CC04.sys

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 jennifero_hanlon

jennifero_hanlon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 28 January 2008 - 05:59 PM

Notepad Results:
[Extra Files]
< c:\windows\System32\50A588CC04.sys >
File/Folder c:\windows\System32\50A588CC04.sys not found.
< End of fix log >
WinPFind35U Version Beta39 fix logfile created on 01282008_225219

ONGOING PROBLEMS:
1. Unhandled Exception
- As per attached file. Occurs on StartUp.

2. sdtrayapp: SDTrayApp.exe - Application Error
- Occurs on StartUp.
'The instruction at "0x7c72ae22" referenced at "0x77206576". The memory could not be "read". Click on OK to terminate the program.'
- Another PopUp detailing a RunTime Error appears each time OK is clicked.

3. Application Error
- Occurs on StartUp
'Exception EAccessViolation in module ntdll.dll at 0002AE22. Access violation at address 7C92AE22 in module "ntdl.dll". Read of address 77206576.

4. Google Desktop did not install properly.
- Occurs on StartUp.

Attached Files



#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:12 AM

Posted 28 January 2008 - 06:30 PM

Hi jennifero_hanlon. All of those errors are related to Spyware Doctor. It is a known bug. The recommendation from PC Tools (the maker) for users that are having that problem is to disable Spyware Doctor from Starting at system startup and running it manually when you want it to run.My recommendation would be to simply uninstall it or try PC Tools' support forum and see if they have a fix for it.

Other than that I'd say you re good to go unless there are any other issues.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users