Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dr. Watson's Postmortem Debugger


  • This topic is locked This topic is locked
18 replies to this topic

#1 jormic

jormic

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 25 January 2008 - 08:27 AM

While doing research my wife apparently loaded a virus on to her laptop (HP, Windows XP SP2, Turion64). The initial error message made a reference to Dr. Watson's postmortem debugger. It is now very sluggish will not access the Internet, Restore will not work, and Windows or The Shield Firewalls will not turn on. The Shield Firewall program has been corrupted and shows error message.

I followed prep guide as close as possible taking into account no Net access.

Thank you



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:00 AM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.npr.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {794F296A-83CB-4833-A166-8181A6C907B5} - C:\WINDOWS\system32\colbactp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C4982BAD-3CF5-4998-BCE3-3AA507368816} - c:\windows\system32\dciman32f.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-MVKTS.exe" /REG
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vfwteqyb - C:\WINDOWS\SYSTEM32\dciman32f.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe

--
End of file - 7678 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:56 AM

Posted 30 January 2008 - 04:39 PM

Hello jormic and welcome to the BC HijackThis Fourm. Let's see what else we can find.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 jormic

jormic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 31 January 2008 - 11:10 AM

I hope this helps - Thanks

WinPFind35 logfile created on: 1/31/2008 10:59:59 AM
WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Michele\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
894.48 Mb Total Physical Memory | 502.04 Mb Available Physical Memory | 56.13% Memory free
2.12 Gb Paging File | 1.50 Gb Available in Paging File | 70.99% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 60.86 Gb Free Space | 81.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 124.31 Gb Free Space | 83.42% Space Free | Partition Type: FAT32
Drive F: | 3.76 Gb Total Space | 3.73 Gb Free Space | 99.34% Space Free | Partition Type: FAT32

Computer Name: MES
Current User Name: Michele
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 8:31:26 AM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 8:31:26 AM | Attr =	]
lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/19/2007 11:40:48 PM | Attr =	]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 4/11/2005 10:00:00 AM | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2/18/2007 3:05:17 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 3:23:27 AM | Attr =	]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 2 | Size = 794624 bytes | Modified Date = 4/1/2005 3:11:14 PM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 4:50:18 PM | Attr =	]
vrmonnt.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonnt.exe -> HAURI [Ver = 2004, 9, 6, 1 | Size = 249916 bytes | Modified Date = 6/27/2005 6:19:24 PM | Attr =	]
quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ->  [Ver =  | Size = 2027792 bytes | Modified Date = 7/25/2007 3:06:30 PM | Attr =	]
communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ->  [Ver =  | Size = 563984 bytes | Modified Date = 7/25/2007 3:02:54 PM | Attr =	]
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12/3/2004 1:24:20 PM | Attr =	]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.2.0.148 | Size = 23395880 bytes | Modified Date = 5/10/2007 3:09:14 PM | Attr = R  ]
easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 1.2.0.255 | Size = 1920968 bytes | Modified Date = 5/10/2007 3:09:16 PM | Attr = R  ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/19/2007 11:38:54 PM | Attr =	]
wrsssdk.exe -> %ProgramFiles%\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,8,483 | Size = 2159104 bytes | Modified Date = 12/14/2005 6:28:56 PM | Attr =	]
vrmonsvc.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/5/2006 12:00:00 PM | Attr =	]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/19/2007 11:38:54 PM | Attr =	]
hpqwmi.exe -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 3/4/2005 12:16:18 PM | Attr = R  ]
cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.1.0.2030 | Size = 403728 bytes | Modified Date = 7/25/2007 3:02:32 PM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 3:23:16 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 8:31:26 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/21/2007 3:54:59 PM | Attr =	]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Running] -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 3/4/2005 12:16:18 PM | Attr = R  ]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/19/2007 11:38:54 PM | Attr =	]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/19/2007 11:40:48 PM | Attr =	]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 141848 bytes | Modified Date = 7/19/2007 11:42:30 PM | Attr =	]
(sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.23 | Size = 708176 bytes | Modified Date = 5/17/2007 11:02:22 AM | Attr =	]
(sdCoreService) Spyware Doctor Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.60 | Size = 1302272 bytes | Modified Date = 7/16/2007 11:38:23 AM | Attr =	]
(svcWRSSSDK) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,8,483 | Size = 2159104 bytes | Modified Date = 12/14/2005 6:28:56 PM | Attr =	]
(vrmonsvc) ViRobot Expert Monitoring [Win32_Own | Auto | Running] -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/5/2006 12:00:00 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %System32%\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.1.0 built by: dnsrv(wmbla) | Size = 39424 bytes | Modified Date = 8/11/2004 4:30:00 PM | Attr =	]
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6539 | Size = 1035264 bytes | Modified Date = 4/11/2005 8:33:52 AM | Attr =	]
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.100.64.0 built by: WinDDK | Size = 371712 bytes | Modified Date = 3/10/2005 4:41:52 AM | Attr =	]
(CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Running] -> %System32%\drivers\camc6aud.sys -> Conexant Systems Inc. [Ver = 6.14.10.0535 | Size = 38016 bytes | Modified Date = 2/18/2005 10:41:18 AM | Attr = R  ]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %System32%\drivers\camc6hal.sys -> Conexant Systems Inc. [Ver = 6.14.10.0535 | Size = 349696 bytes | Modified Date = 2/18/2005 10:42:02 AM | Attr = R  ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.07a | Size = 88016 bytes | Modified Date = 1/27/2005 2:22:00 AM | Attr =	]
(eabfiltr) eabfiltr [Kernel | System | Running] -> %System32%\drivers\eabfiltr.sys -> Hewlett-Packard Company [Ver = 4.20.01.03 | Size = 7432 bytes | Modified Date = 4/14/2004 7:36:50 AM | Attr =	]
(eabusb) eabusb [Kernel | On_Demand | Stopped] -> %System32%\drivers\EabUsb.sys -> Hewlett-Packard Company [Ver = 4.10.02.02 | Size = 5220 bytes | Modified Date = 6/6/2003 11:46:16 AM | Attr =	]
(ebufvplj) ebufvplj [Kernel | Boot | Running] -> %System32%\drivers\pzowhvuy.dat ->  [Ver =  | Size = 19584 bytes | Modified Date = 1/23/2008 9:46:40 PM | Attr =	]
(FarStoneFireWallDrive) FarStoneFireWallDrive [Kernel | On_Demand | Stopped] -> %System32%\drivers\FarDrive.sys ->  [Ver =  | Size = 142169 bytes | Modified Date = 5/19/2004 11:53:06 PM | Attr =	]
(FilterService) UVC Filter Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvuvcflt.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 22296 bytes | Modified Date = 7/18/2007 7:44:22 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSFHWATI) HSFHWATI [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWATI.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 200192 bytes | Modified Date = 12/15/2004 10:18:30 AM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 1038208 bytes | Modified Date = 12/15/2004 10:18:26 AM | Attr =	]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(IKFileFlt) File Filter Driver [File_System | On_Demand | Stopped] -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1016 | Size = 39248 bytes | Modified Date = 4/19/2007 2:18:08 PM | Attr =	]
(IKFileSec) File Security Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025 | Size = 52304 bytes | Modified Date = 4/19/2007 2:18:12 PM | Attr =	]
(IkSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 59984 bytes | Modified Date = 4/19/2007 2:18:16 PM | Attr =	]
(IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 83536 bytes | Modified Date = 4/19/2007 2:18:20 PM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\Lvckap.sys -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 2109592 bytes | Modified Date = 7/19/2007 11:37:56 PM | Attr =	]
(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> %System32%\drivers\LVMVdrv.sys -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 2142488 bytes | Modified Date = 7/19/2007 11:39:50 PM | Attr =	]
(lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvpopflt.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 1920920 bytes | Modified Date = 7/18/2007 7:42:28 PM | Attr =	]
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LVPr2Mon.sys ->  [Ver =  | Size = 25624 bytes | Modified Date = 7/18/2007 4:42:42 PM | Attr =	]
(lvselsus) Logitech Selective Suspend Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvselsus.sys -> Logitech Inc. [Ver = 10.0.0.1438 | Size = 55984 bytes | Modified Date = 6/22/2006 5:29:43 PM | Attr = R  ]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 41752 bytes | Modified Date = 7/18/2007 7:44:00 PM | Attr =	]
(LVUVC) Logitech QuickCam Fusion(UVC) [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvuvc.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 3599000 bytes | Modified Date = 7/18/2007 7:44:22 PM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 6:04:14 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/29/2007 2:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.621.0304.2005 built by: WinDDK | Size = 74496 bytes | Modified Date = 3/3/2005 2:10:26 PM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 5:31:34 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(ser2plms) Microsoft USB GPS driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ser2plms.sys -> Prolific Technology Inc. [Ver = 1.5.0.1 | Size = 42240 bytes | Modified Date = 9/2/2005 4:06:35 PM | Attr = R  ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(SSI) SSI [Kernel | Boot | Running] -> %System32%\drivers\ssi.sys -> Webroot Software (www.webroot.com) [Ver = 1.02 | Size = 78336 bytes | Modified Date = 12/14/2005 6:06:46 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 191456 bytes | Modified Date = 2/2/2005 6:58:58 AM | Attr =	]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %System32%\drivers\tifm21.sys -> Texas Instruments [Ver = 1.0.3.2 | Size = 159488 bytes | Modified Date = 3/16/2005 7:43:06 AM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(VRcore) VRcore [Kernel | On_Demand | Running] -> %System32%\drivers\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2008,01,18,71 | Size = 4464416 bytes | Modified Date = 1/18/2008 7:53:48 AM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 703232 bytes | Modified Date = 12/15/2004 10:18:28 AM | Attr =	]
(VRFIL) VRFIL [Kernel | On_Demand | Running] -> %System32%\drivers\vrfil.sys -> HAURI [Ver = 2006,9,7,1 | Size = 40025 bytes | Modified Date = 2/20/2007 11:28:57 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 4/11/2005 10:00:00 AM | Attr =	]
Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe ->  [Ver =  | Size = 233534 bytes | Modified Date = 2/17/2005 2:01:20 PM | Attr =	]
dwStart -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FireWall.exe -> NextAisle [Ver = 2, 1, 0, 0 | Size = 405504 bytes | Modified Date = 8/6/2004 12:40:46 AM | Attr =	]
HP Software Update -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr =	]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 2 | Size = 794624 bytes | Modified Date = 4/1/2005 3:11:14 PM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 4:50:42 PM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 4:50:18 PM | Attr =	]
LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ->  [Ver =  | Size = 563984 bytes | Modified Date = 7/25/2007 3:02:54 PM | Attr =	]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ->  [Ver =  | Size = 2027792 bytes | Modified Date = 7/25/2007 3:06:30 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2/18/2007 3:05:17 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 3:23:27 AM | Attr =	]
Vrmon -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonnt.exe -> HAURI [Ver = 2004, 9, 6, 1 | Size = 249916 bytes | Modified Date = 6/27/2005 6:19:24 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12/3/2004 1:24:20 PM | Attr =	]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.2.0.148 | Size = 23395880 bytes | Modified Date = 5/10/2007 3:09:14 PM | Attr = R  ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]
< Michele Startup Folder > -> C:\Documents and Settings\Michele\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 46080 bytes | Modified Date = 4/11/2005 8:31:30 AM | Attr =	]
vfwteqyb -> %System32%\dciman32f.dll ->  [Ver =  | Size = 83968 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
WRNotifier -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 2,0,8,483 | Size = 492544 bytes | Modified Date = 12/14/2005 6:29:02 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 
< HOSTS File > (224690 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.npr.org/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4195 domain(s) found. -> 
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6406 domain(s) found. -> 
turbotax.com .[https] -> Trusted sites -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 2:17:44 PM | Attr =	]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 78 | Size = 722472 bytes | Modified Date = 5/10/2007 3:09:16 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 3:23:24 AM | Attr =	]
{794F296A-83CB-4833-A166-8181A6C907B5} [HKEY_LOCAL_MACHINE] -> %System32%\colbactp.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 83968 bytes | Modified Date = 7/25/2005 11:39:43 PM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/21/2007 3:54:58 PM | Attr = R  ]
{C4982BAD-3CF5-4998-BCE3-3AA507368816} [HKEY_LOCAL_MACHINE] -> %System32%\dciman32f.dll [] ->  [Ver =  | Size = 83968 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/21/2007 3:54:58 PM | Attr = R  ]
ID [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/21/2007 3:54:58 PM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_11\bin\NPJPI150_11.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 3:23:25 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 3:23:24 AM | Attr =	]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}:{A1EDC4A1-940F-48E0-8DFD-E38F1D501021} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Spyware Doctor] -> File not found
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 78 | Size = 722472 bytes | Modified Date = 5/10/2007 3:09:16 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_11\bin\NPJPI150_11.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 3:23:25 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1FF2B150-C657-4901-8D21-53AAD2DDB3E7} ->	(1394 Net Adapter) -> 
{6B5A827B-B461-42AC-8381-743C5E025D43} ->	() -> 
{B0A4CCE2-0CC5-4F3C-AA31-70DE38395208} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{FBD49F73-E486-4F61-A810-B683756B927A} ->	(Broadcom 802.11b/g WLAN) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 5/10/2007 3:09:14 PM | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 432 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 5273 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\TurboTax Deluxe 2006\32bit\ttax.exe -> E:\TurboTax Deluxe 2006\32bit\ttax.exe [E:\TurboTax Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> Intuit, Inc. [Ver = wPer.2006.07.07.03 | Size = 9950760 bytes | Modified Date = 3/8/2007 1:25:56 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\TurboTax Deluxe 2006\32bit\updatemgr.exe -> E:\TurboTax Deluxe 2006\32bit\updatemgr.exe [E:\TurboTax Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> Intuit, Inc. [Ver = wPer.2006.07.01.03 | Size = 3679784 bytes | Modified Date = 3/5/2007 4:00:12 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.2.0.148 | Size = 23395880 bytes | Modified Date = 5/10/2007 3:09:14 PM | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\vag5gw7.exe -> C:\WINDOWS\system32\vag5gw7.exe [C:\WINDOWS\system32\vag5gw7.exe:*:Disabled:vag5gw7] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
clreg BU.reg -> %SystemDrive%\clreg BU.reg ->  [Ver =  | Size = 60844 bytes | Created Date = 1/24/2008 3:36:00 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Created Date = 1/24/2008 9:10:37 PM | Attr =  HS]
RegBU -> %SystemDrive%\RegBU ->  [Folder | Created Date = 1/24/2008 3:19:37 PM | Attr =	]
pzowhvuy.dat -> %System32%\drivers\pzowhvuy.dat ->  [Ver =  | Size = 19584 bytes | Created Date = 1/23/2008 9:46:40 PM | Attr =	]
AppCert -> %System32%\AppCert ->  [Folder | Created Date = 1/23/2008 9:44:44 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
colbactp.dll -> %System32%\colbactp.dll ->  [Ver =  | Size = 83968 bytes | Created Date = 1/23/2008 9:44:19 PM | Attr =	]
dciman32f.dll -> %System32%\dciman32f.dll ->  [Ver =  | Size = 83968 bytes | Created Date = 1/23/2008 9:45:02 PM | Attr =	]
FarLsp.dll -> %System32%\FarLsp.dll ->  [Ver =  | Size = 250056 bytes | Created Date = 1/24/2008 2:12:07 PM | Attr =	]
jfnyplxc.dat -> %System32%\jfnyplxc.dat ->  [Ver =  | Size = 120576 bytes | Created Date = 1/23/2008 9:51:54 PM | Attr =	]
At1.job -> %SystemRoot%\tasks\At1.job ->  [Ver =  | Size = 438 bytes | Created Date = 1/23/2008 9:46:04 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/24/2008 10:38:42 PM | Attr =	]
wsInspector -> %UserAppData%\wsInspector ->  [Folder | Created Date = 1/24/2008 3:38:09 PM | Attr =	]
357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est -> %UserDocuments%\357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est ->  [Ver =  | Size = 5120 bytes | Created Date = 1/19/2008 11:39:17 AM | Attr =	]
cc_20080124_2116.reg -> %UserDocuments%\cc_20080124_2116.reg ->  [Ver =  | Size = 13328 bytes | Created Date = 1/24/2008 9:17:48 PM | Attr =	]
EC Form.doc -> %UserDocuments%\EC Form.doc ->  [Ver =  | Size = 29184 bytes | Created Date = 1/23/2008 4:33:00 PM | Attr =	]
Grayton Beach Camping.est -> %UserDocuments%\Grayton Beach Camping.est ->  [Ver =  | Size = 5120 bytes | Created Date = 1/18/2008 8:12:15 AM | Attr =	]
Hamburger Paragraph MIN.doc -> %UserDocuments%\Hamburger Paragraph MIN.doc ->  [Ver =  | Size = 67584 bytes | Created Date = 1/22/2008 7:41:00 PM | Attr =	]
January 2008 letter.doc -> %UserDocuments%\January 2008 letter.doc ->  [Ver =  | Size = 25088 bytes | Created Date = 1/7/2008 7:11:19 AM | Attr =	]
Summary Frames  MIN.doc -> %UserDocuments%\Summary Frames  MIN.doc ->  [Ver =  | Size = 32256 bytes | Created Date = 1/22/2008 7:41:00 PM | Attr =	]
wsInspector -> %UserDocuments%\wsInspector ->  [Folder | Created Date = 1/24/2008 3:37:38 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/24/2008 10:38:46 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/24/2008 10:38:47 PM | Attr =	]
The Shield Firewall.lnk -> %AllUsersDesktop%\The Shield Firewall.lnk ->  [Ver =  | Size = 816 bytes | Created Date = 1/24/2008 2:09:33 PM | Attr =	]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Created Date = 1/24/2008 3:17:20 PM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 1/25/2008 7:58:52 AM | Attr =	]
hijackthis_v2.0.2.zip -> %UserDesktop%\hijackthis_v2.0.2.zip ->  [Ver =  | Size = 499568 bytes | Created Date = 1/25/2008 7:57:32 AM | Attr =	]
HJACK FILE -> %UserDesktop%\HJACK FILE ->  [Folder | Created Date = 1/25/2008 8:02:37 AM | Attr =	]
Michele's Virus -> %UserDesktop%\Michele's Virus ->  [Folder | Created Date = 1/24/2008 10:37:51 PM | Attr =	]
RegScrubXP.lnk -> %UserDesktop%\RegScrubXP.lnk ->  [Ver =  | Size = 650 bytes | Created Date = 1/24/2008 9:42:42 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 1/25/2008 7:03:24 AM | Attr =	]
Startup Inspector for Windows.lnk -> %UserDesktop%\Startup Inspector for Windows.lnk ->  [Ver =  | Size = 750 bytes | Created Date = 1/24/2008 3:17:36 PM | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 1/24/2008 10:37:56 PM | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 60 bytes | Created Date = 1/24/2008 11:24:32 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 1/31/2008 10:50:11 AM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478367 bytes | Created Date = 1/31/2008 10:47:06 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 1/24/2008 10:38:06 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
clreg BU.reg -> %SystemDrive%\clreg BU.reg ->  [Ver =  | Size = 60844 bytes | Modified Date = 1/24/2008 3:36:07 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 1/24/2008 6:38:16 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Modified Date = 1/31/2008 10:43:07 AM | Attr =  HS]
logfile -> %SystemDrive%\logfile ->  [Ver =  | Size = 182126 bytes | Modified Date = 1/31/2008 10:44:07 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/25/2008 7:58:51 AM | Attr = R  ]
RegBU -> %SystemDrive%\RegBU ->  [Folder | Modified Date = 1/24/2008 3:19:50 PM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/31/2008 10:46:10 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/26/2008 12:01:43 PM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 1/25/2008 7:14:32 AM | Attr =	]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 224690 bytes | Modified Date = 1/25/2008 7:14:32 AM | Attr = R  ]
hosts.20080125-070725.backup -> %System32%\drivers\etc\hosts.20080125-070725.backup ->  [Ver =  | Size = 736 bytes | Modified Date = 1/24/2008 3:18:07 PM | Attr =	]
hosts.20080125-071432.backup -> %System32%\drivers\etc\hosts.20080125-071432.backup ->  [Ver =  | Size = 65806 bytes | Modified Date = 1/25/2008 7:07:25 AM | Attr = R  ]
lvuvc.hs -> %System32%\drivers\lvuvc.hs ->  [Ver =  | Size = 0 bytes | Modified Date = 1/17/2008 4:22:42 PM | Attr =	]
pzowhvuy.dat -> %System32%\drivers\pzowhvuy.dat ->  [Ver =  | Size = 19584 bytes | Modified Date = 1/23/2008 9:46:40 PM | Attr =	]
vrcore.sys -> %System32%\drivers\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2008,01,18,71 | Size = 4464416 bytes | Modified Date = 1/18/2008 7:53:48 AM | Attr =	]
AppCert -> %System32%\AppCert ->  [Folder | Modified Date = 1/23/2008 9:44:44 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/26/2008 12:01:47 PM | Attr =	]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/24/2008 10:38:42 PM | Attr =	]
jfnyplxc.dat -> %System32%\jfnyplxc.dat ->  [Ver =  | Size = 120576 bytes | Modified Date = 1/23/2008 9:51:54 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/30/2008 4:16:01 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/30/2008 1:38:52 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/31/2008 10:43:14 AM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 1/25/2008 7:51:49 AM | Attr =	]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/25/2008 7:50:08 AM | Attr =   S]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/25/2008 8:50:31 PM | Attr =  HS]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 1/24/2008 1:44:15 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/31/2008 10:56:35 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 1/23/2008 9:43:52 PM | Attr =  H ]
system32 -> %System32% ->  [Folder | Modified Date = 1/24/2008 10:38:42 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/23/2008 9:46:04 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 1/31/2008 10:46:10 AM | Attr =	]
At1.job -> %SystemRoot%\tasks\At1.job ->  [Ver =  | Size = 438 bytes | Modified Date = 1/31/2008 10:43:24 AM | Attr =	]
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job ->  [Ver =  | Size = 440 bytes | Modified Date = 1/3/2008 4:15:03 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/31/2008 10:43:24 AM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 46311 bytes | Modified Date = 1/31/2008 10:46:51 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 46270 bytes | Modified Date = 1/31/2008 10:46:51 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 2/18/2007 5:14:43 PM | Attr =	]
coblydqj.dll -> C:\Documents and Settings\Michele\Local Settings\Temp\coblydqj.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 1/31/2008 10:56:18 AM | Attr =	]
5 C:\Documents and Settings\Michele\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Michele\Local Settings\Temp\*.tmp -> 
Perflib_Perfdata_a24.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a24.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/24/2008 6:34:35 PM | Attr =	]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/24/2008 6:20:05 PM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/24/2008 6:20:05 PM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 1/24/2008 6:20:05 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 145 bytes | Modified Date = 1/24/2008 6:20:05 PM | Attr =	]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 1/24/2008 6:20:05 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\31Q3UDWP\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 1/24/2008 6:20:05 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DR2IJMBJ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 1/24/2008 6:20:05 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PSPTBBLU\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 1/24/2008 6:20:05 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\X6WUNUC2\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 1/24/2008 6:20:05 PM | Attr =  HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/24/2008 10:39:36 PM | Attr =	]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Modified Date = 1/24/2008 10:39:10 PM | Attr =   S]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 1/25/2008 7:51:50 AM | Attr =	]
AdobeUM -> %UserAppData%\AdobeUM ->  [Folder | Modified Date = 1/13/2008 3:03:59 PM | Attr =	]
Lavasoft -> %UserAppData%\Lavasoft ->  [Folder | Modified Date = 1/24/2008 10:39:10 PM | Attr =	]
Skype -> %UserAppData%\Skype ->  [Folder | Modified Date = 1/30/2008 7:39:27 PM | Attr =	]
wsInspector -> %UserAppData%\wsInspector ->  [Folder | Modified Date = 1/24/2008 3:38:09 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 95232 bytes | Modified Date = 1/15/2008 3:26:54 PM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 15490252 bytes | Modified Date = 1/26/2008 12:03:16 PM | Attr =  H ]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 126 bytes | Modified Date = 1/24/2008 3:08:03 PM | Attr =  HS]
ESBK.mb -> %AllUsersDocuments%\ESBK.mb ->  [Ver =  | Size = 2376704 bytes | Modified Date = 1/7/2008 5:28:47 PM | Attr = R  ]
ESBK.mbb -> %AllUsersDocuments%\ESBK.mbb ->  [Ver =  | Size = 5366784 bytes | Modified Date = 1/7/2008 5:28:46 PM | Attr = R  ]
357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est -> %UserDocuments%\357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est ->  [Ver =  | Size = 5120 bytes | Modified Date = 1/19/2008 11:39:17 AM | Attr =	]
cc_20080124_2116.reg -> %UserDocuments%\cc_20080124_2116.reg ->  [Ver =  | Size = 13328 bytes | Modified Date = 1/24/2008 9:17:56 PM | Attr =	]
EC Form.doc -> %UserDocuments%\EC Form.doc ->  [Ver =  | Size = 29184 bytes | Modified Date = 1/23/2008 4:33:00 PM | Attr =	]
Grayton Beach Camping.est -> %UserDocuments%\Grayton Beach Camping.est ->  [Ver =  | Size = 5120 bytes | Modified Date = 1/18/2008 8:12:16 AM | Attr =	]
Hamburger Paragraph MIN.doc -> %UserDocuments%\Hamburger Paragraph MIN.doc ->  [Ver =  | Size = 67584 bytes | Modified Date = 1/22/2008 7:41:00 PM | Attr =	]
January 2008 letter.doc -> %UserDocuments%\January 2008 letter.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 1/7/2008 7:13:53 AM | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/15/2008 10:51:00 PM | Attr = R  ]
Preschool -> %UserDocuments%\Preschool ->  [Folder | Modified Date = 1/14/2008 10:01:48 PM | Attr =	]
Quicken -> %UserDocuments%\Quicken ->  [Folder | Modified Date = 1/30/2008 8:23:19 PM | Attr =	]
Scouts -> %UserDocuments%\Scouts ->  [Folder | Modified Date = 1/15/2008 3:50:39 PM | Attr =	]
SFCC -> %UserDocuments%\SFCC ->  [Folder | Modified Date = 1/22/2008 8:37:11 PM | Attr =	]
Summary Frames  MIN.doc -> %UserDocuments%\Summary Frames  MIN.doc ->  [Ver =  | Size = 32256 bytes | Modified Date = 1/22/2008 7:41:00 PM | Attr =	]
wsInspector -> %UserDocuments%\wsInspector ->  [Folder | Modified Date = 1/24/2008 3:37:38 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/24/2008 10:38:46 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/24/2008 10:38:47 PM | Attr =	]
Skype.lnk -> %AllUsersDesktop%\Skype.lnk ->  [Ver =  | Size = 2387 bytes | Modified Date = 1/25/2008 8:50:29 PM | Attr =	]
The Shield Firewall.lnk -> %AllUsersDesktop%\The Shield Firewall.lnk ->  [Ver =  | Size = 816 bytes | Modified Date = 1/24/2008 2:09:33 PM | Attr =	]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Modified Date = 1/24/2008 9:14:29 PM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 1/25/2008 7:58:52 AM | Attr =	]
hijackthis_v2.0.2.zip -> %UserDesktop%\hijackthis_v2.0.2.zip ->  [Ver =  | Size = 499568 bytes | Modified Date = 1/24/2008 8:46:36 PM | Attr =	]
HJACK FILE -> %UserDesktop%\HJACK FILE ->  [Folder | Modified Date = 1/25/2008 8:04:46 AM | Attr =	]
Michele's Virus -> %UserDesktop%\Michele's Virus ->  [Folder | Modified Date = 1/25/2008 10:55:06 AM | Attr =	]
Microsoft Word.lnk -> %UserDesktop%\Microsoft Word.lnk ->  [Ver =  | Size = 2483 bytes | Modified Date = 1/25/2008 8:52:54 PM | Attr =	]
RegScrubXP.lnk -> %UserDesktop%\RegScrubXP.lnk ->  [Ver =  | Size = 650 bytes | Modified Date = 1/24/2008 9:42:42 PM | Attr =	]
Smartparts Pictures -> %UserDesktop%\Smartparts Pictures ->  [Folder | Modified Date = 1/1/2008 8:24:26 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 1/25/2008 7:03:24 AM | Attr =	]
Startup Inspector for Windows.lnk -> %UserDesktop%\Startup Inspector for Windows.lnk ->  [Ver =  | Size = 750 bytes | Modified Date = 1/24/2008 3:17:36 PM | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 1/24/2008 10:33:26 PM | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 60 bytes | Modified Date = 1/24/2008 11:24:32 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 1/31/2008 10:50:11 AM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478367 bytes | Modified Date = 1/31/2008 10:35:14 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 1/24/2008 10:38:06 PM | Attr =	]

< End of report >


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:56 AM

Posted 31 January 2008 - 02:04 PM

Hi jormic. Ok, let's see if we can't get rid of this thing. First, copy these directions into Notepad and save them on your desktop. We will be booting to Safe Mode and you will need this information and the ability to copy/paste some of it during the fix.

Now please follow these steps in order:

Step #1

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #2

Now we will need to disable the driver for this thing. Please do the following:
  • Click Start, click Control Panel, click Performance and Maintenance, and then click System.
  • On the Hardware tab, click Device Manager.
  • Click the View menu and if there is no checkmark in front of Show hidden devices then click on it to activate it.
  • Scroll down the list of devices and double-click Non-Plug and Play Drivers.
  • Locate the ebufvplj device and right click it and then click the Properties option.
  • Click the Driver tab.
  • In the Startup section select Disable from the drop-down list.
  • Click General tab.
  • In the Device Usage drop-down list select Do not use this device (disable).
  • Click the Ok button and you should be prompted to reboot. Yoiu can reboot normally.
Step #3

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (ebufvplj) ebufvplj [Kernel | Boot | Running] -> %System32%\drivers\pzowhvuy.dat
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> vfwteqyb -> %System32%\dciman32f.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {794F296A-83CB-4833-A166-8181A6C907B5} [HKEY_LOCAL_MACHINE] -> %System32%\colbactp.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {C4982BAD-3CF5-4998-BCE3-3AA507368816} [HKEY_LOCAL_MACHINE] -> %System32%\dciman32f.dll []
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> ID [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}:{A1EDC4A1-940F-48E0-8DFD-E38F1D501021} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Spyware Doctor]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\vag5gw7.exe -> C:\WINDOWS\system32\vag5gw7.exe [C:\WINDOWS\system32\vag5gw7.exe:*:Disabled:vag5gw7]
[Files/Folders - Created Within 30 days]
NY -> pzowhvuy.dat -> %System32%\drivers\pzowhvuy.dat
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> colbactp.dll -> %System32%\colbactp.dll
NY -> dciman32f.dll -> %System32%\dciman32f.dll
NY -> jfnyplxc.dat -> %System32%\jfnyplxc.dat
NY -> At1.job -> %SystemRoot%\tasks\At1.job
[Files/Folders - Modified Within 30 days]
NY -> lvuvc.hs -> %System32%\drivers\lvuvc.hs
NY -> pzowhvuy.dat -> %System32%\drivers\pzowhvuy.dat
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> jfnyplxc.dat -> %System32%\jfnyplxc.dat
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> coblydqj.dll -> C:\Documents and Settings\Michele\Local Settings\Temp\coblydqj.dll
NY -> 5 C:\Documents and Settings\Michele\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Michele\Local Settings\Temp\*.tmp
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally. If you are not asked to reboot, cLick the Ok button on the finished message and Notepad will open with a log of actions taken during the fix.

Post that information back here:
  • the fix information from the WPF35 fix
  • a new WPF35 scan with the following options:
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:File - Additional Folder Scans
[/list]I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 jormic

jormic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 31 January 2008 - 06:02 PM

OT,

Here I have included the new wpf35 scan and a folder that was labeled movedfiles, this included the notepad file below and some sort of Trojan (coblydqj ?) that my virus protection deleted. I'm using my desktop for these messages (infected laptop internet access not available.)

I hope I followed your directions correctly. Thanks


Notepad from Movedfile:

[Driver Services - Non-Microsoft Only]
Service ebufvplj stopped successfully.
Service ebufvplj deleted successfully.
File move failed. C:\WINDOWS\System32\drivers\pzowhvuy.dat scheduled to be moved on reboot.
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vfwteqyb\ deleted successfully.
C:\WINDOWS\System32\dciman32f.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{794F296A-83CB-4833-A166-8181A6C907B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{794F296A-83CB-4833-A166-8181A6C907B5}\ deleted successfully.
C:\WINDOWS\System32\colbactp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4982BAD-3CF5-4998-BCE3-3AA507368816}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4982BAD-3CF5-4998-BCE3-3AA507368816}\ deleted successfully.
File move failed. C:\WINDOWS\System32\dciman32f.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\ID deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\vag5gw7.exe deleted successfully.
[Files/Folders - Created Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\pzowhvuy.dat scheduled to be moved on reboot.
File C:\WINDOWS\System32\colbactp.dll not found!
File move failed. C:\WINDOWS\System32\dciman32f.dll scheduled to be moved on reboot.
C:\WINDOWS\System32\jfnyplxc.dat moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\System32\drivers\lvuvc.hs moved successfully.
File move failed. C:\WINDOWS\System32\drivers\pzowhvuy.dat scheduled to be moved on reboot.
File C:\WINDOWS\System32\jfnyplxc.dat not found!
C:\Documents and Settings\Michele\Local Settings\Temp\coblydqj.dll moved successfully.
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta42 fix logfile created on 01312008_172709

New wpf35:

WinPFind35 logfile created on: 1/31/2008 5:35:19 PM
WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Michele\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
894.48 Mb Total Physical Memory | 518.33 Mb Available Physical Memory | 57.95% Memory free
2.12 Gb Paging File | 1.82 Gb Available in Paging File | 85.86% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 60.86 Gb Free Space | 81.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 124.31 Gb Free Space | 83.42% Space Free | Partition Type: FAT32
Drive F: | 3.76 Gb Total Space | 3.73 Gb Free Space | 99.33% Space Free | Partition Type: FAT32

Computer Name: MES
Current User Name: Michele
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 8:31:26 AM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 8:31:26 AM | Attr =	]
lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/19/2007 11:40:48 PM | Attr =	]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 4/11/2005 10:00:00 AM | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2/18/2007 3:05:17 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 3:23:27 AM | Attr =	]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 2 | Size = 794624 bytes | Modified Date = 4/1/2005 3:11:14 PM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 4:50:18 PM | Attr =	]
vrmonnt.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonnt.exe -> HAURI [Ver = 2004, 9, 6, 1 | Size = 249916 bytes | Modified Date = 6/27/2005 6:19:24 PM | Attr =	]
quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ->  [Ver =  | Size = 2027792 bytes | Modified Date = 7/25/2007 3:06:30 PM | Attr =	]
communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ->  [Ver =  | Size = 563984 bytes | Modified Date = 7/25/2007 3:02:54 PM | Attr =	]
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12/3/2004 1:24:20 PM | Attr =	]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.2.0.148 | Size = 23395880 bytes | Modified Date = 5/10/2007 3:09:14 PM | Attr = R  ]
easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 1.2.0.255 | Size = 1920968 bytes | Modified Date = 5/10/2007 3:09:16 PM | Attr = R  ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/19/2007 11:38:54 PM | Attr =	]
wrsssdk.exe -> %ProgramFiles%\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,8,483 | Size = 2159104 bytes | Modified Date = 12/14/2005 6:28:56 PM | Attr =	]
vrmonsvc.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/5/2006 12:00:00 PM | Attr =	]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/19/2007 11:38:54 PM | Attr =	]
hpqwmi.exe -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 3/4/2005 12:16:18 PM | Attr = R  ]
cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.1.0.2030 | Size = 403728 bytes | Modified Date = 7/25/2007 3:02:32 PM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 3:23:16 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 8:31:26 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/21/2007 3:54:59 PM | Attr =	]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Running] -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 3/4/2005 12:16:18 PM | Attr = R  ]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/19/2007 11:38:54 PM | Attr =	]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/19/2007 11:40:48 PM | Attr =	]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 141848 bytes | Modified Date = 7/19/2007 11:42:30 PM | Attr =	]
(sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.23 | Size = 708176 bytes | Modified Date = 5/17/2007 11:02:22 AM | Attr =	]
(sdCoreService) Spyware Doctor Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.60 | Size = 1302272 bytes | Modified Date = 7/16/2007 11:38:23 AM | Attr =	]
(svcWRSSSDK) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,8,483 | Size = 2159104 bytes | Modified Date = 12/14/2005 6:28:56 PM | Attr =	]
(vrmonsvc) ViRobot Expert Monitoring [Win32_Own | Auto | Running] -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/5/2006 12:00:00 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %System32%\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.1.0 built by: dnsrv(wmbla) | Size = 39424 bytes | Modified Date = 8/11/2004 4:30:00 PM | Attr =	]
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6539 | Size = 1035264 bytes | Modified Date = 4/11/2005 8:33:52 AM | Attr =	]
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.100.64.0 built by: WinDDK | Size = 371712 bytes | Modified Date = 3/10/2005 4:41:52 AM | Attr =	]
(CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Running] -> %System32%\drivers\camc6aud.sys -> Conexant Systems Inc. [Ver = 6.14.10.0535 | Size = 38016 bytes | Modified Date = 2/18/2005 10:41:18 AM | Attr = R  ]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %System32%\drivers\camc6hal.sys -> Conexant Systems Inc. [Ver = 6.14.10.0535 | Size = 349696 bytes | Modified Date = 2/18/2005 10:42:02 AM | Attr = R  ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.07a | Size = 88016 bytes | Modified Date = 1/27/2005 2:22:00 AM | Attr =	]
(eabfiltr) eabfiltr [Kernel | System | Running] -> %System32%\drivers\eabfiltr.sys -> Hewlett-Packard Company [Ver = 4.20.01.03 | Size = 7432 bytes | Modified Date = 4/14/2004 7:36:50 AM | Attr =	]
(eabusb) eabusb [Kernel | On_Demand | Stopped] -> %System32%\drivers\EabUsb.sys -> Hewlett-Packard Company [Ver = 4.10.02.02 | Size = 5220 bytes | Modified Date = 6/6/2003 11:46:16 AM | Attr =	]
(FarStoneFireWallDrive) FarStoneFireWallDrive [Kernel | On_Demand | Stopped] -> %System32%\drivers\FarDrive.sys ->  [Ver =  | Size = 142169 bytes | Modified Date = 5/19/2004 11:53:06 PM | Attr =	]
(FilterService) UVC Filter Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvuvcflt.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 22296 bytes | Modified Date = 7/18/2007 7:44:22 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSFHWATI) HSFHWATI [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWATI.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 200192 bytes | Modified Date = 12/15/2004 10:18:30 AM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 1038208 bytes | Modified Date = 12/15/2004 10:18:26 AM | Attr =	]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(IKFileFlt) File Filter Driver [File_System | On_Demand | Stopped] -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1016 | Size = 39248 bytes | Modified Date = 4/19/2007 2:18:08 PM | Attr =	]
(IKFileSec) File Security Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025 | Size = 52304 bytes | Modified Date = 4/19/2007 2:18:12 PM | Attr =	]
(IkSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 59984 bytes | Modified Date = 4/19/2007 2:18:16 PM | Attr =	]
(IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 83536 bytes | Modified Date = 4/19/2007 2:18:20 PM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\Lvckap.sys -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 2109592 bytes | Modified Date = 7/19/2007 11:37:56 PM | Attr =	]
(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> %System32%\drivers\LVMVdrv.sys -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 2142488 bytes | Modified Date = 7/19/2007 11:39:50 PM | Attr =	]
(lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvpopflt.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 1920920 bytes | Modified Date = 7/18/2007 7:42:28 PM | Attr =	]
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LVPr2Mon.sys ->  [Ver =  | Size = 25624 bytes | Modified Date = 7/18/2007 4:42:42 PM | Attr =	]
(lvselsus) Logitech Selective Suspend Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvselsus.sys -> Logitech Inc. [Ver = 10.0.0.1438 | Size = 55984 bytes | Modified Date = 6/22/2006 5:29:43 PM | Attr = R  ]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 41752 bytes | Modified Date = 7/18/2007 7:44:00 PM | Attr =	]
(LVUVC) Logitech QuickCam Fusion(UVC) [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvuvc.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 3599000 bytes | Modified Date = 7/18/2007 7:44:22 PM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 6:04:14 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/29/2007 2:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.621.0304.2005 built by: WinDDK | Size = 74496 bytes | Modified Date = 3/3/2005 2:10:26 PM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 5:31:34 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(ser2plms) Microsoft USB GPS driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ser2plms.sys -> Prolific Technology Inc. [Ver = 1.5.0.1 | Size = 42240 bytes | Modified Date = 9/2/2005 4:06:35 PM | Attr = R  ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(SSI) SSI [Kernel | Boot | Running] -> %System32%\drivers\ssi.sys -> Webroot Software (www.webroot.com) [Ver = 1.02 | Size = 78336 bytes | Modified Date = 12/14/2005 6:06:46 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 191456 bytes | Modified Date = 2/2/2005 6:58:58 AM | Attr =	]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %System32%\drivers\tifm21.sys -> Texas Instruments [Ver = 1.0.3.2 | Size = 159488 bytes | Modified Date = 3/16/2005 7:43:06 AM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(VRcore) VRcore [Kernel | On_Demand | Running] -> %System32%\drivers\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2008,01,18,71 | Size = 4464416 bytes | Modified Date = 1/18/2008 7:53:48 AM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 703232 bytes | Modified Date = 12/15/2004 10:18:28 AM | Attr =	]
(VRFIL) VRFIL [Kernel | On_Demand | Running] -> %System32%\drivers\vrfil.sys -> HAURI [Ver = 2006,9,7,1 | Size = 40025 bytes | Modified Date = 2/20/2007 11:28:57 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 4/11/2005 10:00:00 AM | Attr =	]
Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe ->  [Ver =  | Size = 233534 bytes | Modified Date = 2/17/2005 2:01:20 PM | Attr =	]
dwStart -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FireWall.exe -> NextAisle [Ver = 2, 1, 0, 0 | Size = 405504 bytes | Modified Date = 8/6/2004 12:40:46 AM | Attr =	]
HP Software Update -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr =	]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 2 | Size = 794624 bytes | Modified Date = 4/1/2005 3:11:14 PM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 4:50:42 PM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 4:50:18 PM | Attr =	]
LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ->  [Ver =  | Size = 563984 bytes | Modified Date = 7/25/2007 3:02:54 PM | Attr =	]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ->  [Ver =  | Size = 2027792 bytes | Modified Date = 7/25/2007 3:06:30 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2/18/2007 3:05:17 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 3:23:27 AM | Attr =	]
Vrmon -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonnt.exe -> HAURI [Ver = 2004, 9, 6, 1 | Size = 249916 bytes | Modified Date = 6/27/2005 6:19:24 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12/3/2004 1:24:20 PM | Attr =	]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.2.0.148 | Size = 23395880 bytes | Modified Date = 5/10/2007 3:09:14 PM | Attr = R  ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]
< Michele Startup Folder > -> C:\Documents and Settings\Michele\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 46080 bytes | Modified Date = 4/11/2005 8:31:30 AM | Attr =	]
vfwteqyb -> %System32%\dciman32f.dll ->  [Ver =  | Size = 83968 bytes | Modified Date = 1/31/2008 5:27:09 PM | Attr =	]
WRNotifier -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 2,0,8,483 | Size = 492544 bytes | Modified Date = 12/14/2005 6:29:02 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 
< HOSTS File > (224690 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.npr.org/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4195 domain(s) found. -> 
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6406 domain(s) found. -> 
turbotax.com .[https] -> Trusted sites -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 2:17:44 PM | Attr =	]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 78 | Size = 722472 bytes | Modified Date = 5/10/2007 3:09:16 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 3:23:24 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/21/2007 3:54:58 PM | Attr = R  ]
{C4982BAD-3CF5-4998-BCE3-3AA507368816} [HKEY_LOCAL_MACHINE] -> %System32%\dciman32f.dll [] ->  [Ver =  | Size = 83968 bytes | Modified Date = 1/31/2008 5:27:09 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/21/2007 3:54:58 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/21/2007 3:54:58 PM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_11\bin\NPJPI150_11.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 3:23:25 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 3:23:24 AM | Attr =	]
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 78 | Size = 722472 bytes | Modified Date = 5/10/2007 3:09:16 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_11\bin\NPJPI150_11.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 3:23:25 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1FF2B150-C657-4901-8D21-53AAD2DDB3E7} ->	(1394 Net Adapter) -> 
{6B5A827B-B461-42AC-8381-743C5E025D43} ->	() -> 
{B0A4CCE2-0CC5-4F3C-AA31-70DE38395208} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{FBD49F73-E486-4F61-A810-B683756B927A} ->	(Broadcom 802.11b/g WLAN) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 5/10/2007 3:09:14 PM | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 



[Files/Folders - Created Within 30 days]
clreg BU.reg -> %SystemDrive%\clreg BU.reg ->  [Ver =  | Size = 60844 bytes | Created Date = 1/24/2008 3:36:00 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Created Date = 1/31/2008 5:11:47 PM | Attr =  HS]
RegBU -> %SystemDrive%\RegBU ->  [Folder | Created Date = 1/24/2008 3:19:37 PM | Attr =	]
pzowhvuy.dat -> %System32%\drivers\pzowhvuy.dat ->  [Ver =  | Size = 19584 bytes | Created Date = 1/23/2008 9:46:40 PM | Attr =	]
AppCert -> %System32%\AppCert ->  [Folder | Created Date = 1/23/2008 9:44:44 PM | Attr =	]
dciman32f.dll -> %System32%\dciman32f.dll ->  [Ver =  | Size = 83968 bytes | Created Date = 1/23/2008 9:45:02 PM | Attr =	]
FarLsp.dll -> %System32%\FarLsp.dll ->  [Ver =  | Size = 250056 bytes | Created Date = 1/24/2008 2:12:07 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/24/2008 10:38:42 PM | Attr =	]
wsInspector -> %UserAppData%\wsInspector ->  [Folder | Created Date = 1/24/2008 3:38:09 PM | Attr =	]
357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est -> %UserDocuments%\357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est ->  [Ver =  | Size = 5120 bytes | Created Date = 1/19/2008 11:39:17 AM | Attr =	]
cc_20080124_2116.reg -> %UserDocuments%\cc_20080124_2116.reg ->  [Ver =  | Size = 13328 bytes | Created Date = 1/24/2008 9:17:48 PM | Attr =	]
EC Form.doc -> %UserDocuments%\EC Form.doc ->  [Ver =  | Size = 29184 bytes | Created Date = 1/23/2008 4:33:00 PM | Attr =	]
Grayton Beach Camping.est -> %UserDocuments%\Grayton Beach Camping.est ->  [Ver =  | Size = 5120 bytes | Created Date = 1/18/2008 8:12:15 AM | Attr =	]
Hamburger Paragraph MIN.doc -> %UserDocuments%\Hamburger Paragraph MIN.doc ->  [Ver =  | Size = 67584 bytes | Created Date = 1/22/2008 7:41:00 PM | Attr =	]
January 2008 letter.doc -> %UserDocuments%\January 2008 letter.doc ->  [Ver =  | Size = 25088 bytes | Created Date = 1/7/2008 7:11:19 AM | Attr =	]
Summary Frames  MIN.doc -> %UserDocuments%\Summary Frames  MIN.doc ->  [Ver =  | Size = 32256 bytes | Created Date = 1/22/2008 7:41:00 PM | Attr =	]
wsInspector -> %UserDocuments%\wsInspector ->  [Folder | Created Date = 1/24/2008 3:37:38 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/24/2008 10:38:46 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/24/2008 10:38:47 PM | Attr =	]
The Shield Firewall.lnk -> %AllUsersDesktop%\The Shield Firewall.lnk ->  [Ver =  | Size = 816 bytes | Created Date = 1/24/2008 2:09:33 PM | Attr =	]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Created Date = 1/24/2008 3:17:20 PM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 1/25/2008 7:58:52 AM | Attr =	]
hijackthis_v2.0.2.zip -> %UserDesktop%\hijackthis_v2.0.2.zip ->  [Ver =  | Size = 499568 bytes | Created Date = 1/25/2008 7:57:32 AM | Attr =	]
HJACK FILE -> %UserDesktop%\HJACK FILE ->  [Folder | Created Date = 1/25/2008 8:02:37 AM | Attr =	]
Michele's Virus -> %UserDesktop%\Michele's Virus ->  [Folder | Created Date = 1/24/2008 10:37:51 PM | Attr =	]
RegScrubXP.lnk -> %UserDesktop%\RegScrubXP.lnk ->  [Ver =  | Size = 650 bytes | Created Date = 1/24/2008 9:42:42 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 1/25/2008 7:03:24 AM | Attr =	]
Startup Inspector for Windows.lnk -> %UserDesktop%\Startup Inspector for Windows.lnk ->  [Ver =  | Size = 750 bytes | Created Date = 1/24/2008 3:17:36 PM | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 1/24/2008 10:37:56 PM | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 60 bytes | Created Date = 1/24/2008 11:24:32 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 1/31/2008 10:50:11 AM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478367 bytes | Created Date = 1/31/2008 10:47:06 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 1/24/2008 10:38:06 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
clreg BU.reg -> %SystemDrive%\clreg BU.reg ->  [Ver =  | Size = 60844 bytes | Modified Date = 1/24/2008 3:36:07 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 1/24/2008 6:38:16 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Modified Date = 1/31/2008 5:29:00 PM | Attr =  HS]
logfile -> %SystemDrive%\logfile ->  [Ver =  | Size = 182582 bytes | Modified Date = 1/31/2008 5:29:45 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/25/2008 7:58:51 AM | Attr = R  ]
RegBU -> %SystemDrive%\RegBU ->  [Folder | Modified Date = 1/24/2008 3:19:50 PM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/31/2008 5:32:04 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/31/2008 5:27:09 PM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 1/25/2008 7:14:32 AM | Attr =	]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 224690 bytes | Modified Date = 1/25/2008 7:14:32 AM | Attr = R  ]
hosts.20080125-070725.backup -> %System32%\drivers\etc\hosts.20080125-070725.backup ->  [Ver =  | Size = 736 bytes | Modified Date = 1/24/2008 3:18:07 PM | Attr =	]
hosts.20080125-071432.backup -> %System32%\drivers\etc\hosts.20080125-071432.backup ->  [Ver =  | Size = 65806 bytes | Modified Date = 1/25/2008 7:07:25 AM | Attr = R  ]
pzowhvuy.dat -> %System32%\drivers\pzowhvuy.dat ->  [Ver =  | Size = 19584 bytes | Modified Date = 1/23/2008 9:46:40 PM | Attr =	]
vrcore.sys -> %System32%\drivers\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2008,01,18,71 | Size = 4464416 bytes | Modified Date = 1/18/2008 7:53:48 AM | Attr =	]
AppCert -> %System32%\AppCert ->  [Folder | Modified Date = 1/23/2008 9:44:44 PM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/26/2008 12:01:47 PM | Attr =	]
dciman32f.dll -> %System32%\dciman32f.dll ->  [Ver =  | Size = 83968 bytes | Modified Date = 1/31/2008 5:27:09 PM | Attr =	]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/31/2008 5:27:09 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/31/2008 5:27:16 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/30/2008 1:38:52 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/31/2008 5:29:07 PM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 1/25/2008 7:51:49 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/25/2008 7:50:08 AM | Attr =   S]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/25/2008 8:50:31 PM | Attr =  HS]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 1/24/2008 1:44:15 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/31/2008 5:33:31 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 1/23/2008 9:43:52 PM | Attr =  H ]
system32 -> %System32% ->  [Folder | Modified Date = 1/31/2008 5:27:09 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/31/2008 5:27:09 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 1/31/2008 5:32:04 PM | Attr =	]
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job ->  [Ver =  | Size = 440 bytes | Modified Date = 1/31/2008 4:15:03 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/31/2008 5:29:16 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 46311 bytes | Modified Date = 1/31/2008 5:32:38 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 46270 bytes | Modified Date = 1/31/2008 5:32:38 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 2/18/2007 5:14:43 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/24/2008 10:39:36 PM | Attr =	]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Modified Date = 1/24/2008 10:39:10 PM | Attr =   S]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 1/25/2008 7:51:50 AM | Attr =	]
AdobeUM -> %UserAppData%\AdobeUM ->  [Folder | Modified Date = 1/13/2008 3:03:59 PM | Attr =	]
Lavasoft -> %UserAppData%\Lavasoft ->  [Folder | Modified Date = 1/24/2008 10:39:10 PM | Attr =	]
Skype -> %UserAppData%\Skype ->  [Folder | Modified Date = 1/31/2008 4:43:53 PM | Attr =	]
wsInspector -> %UserAppData%\wsInspector ->  [Folder | Modified Date = 1/24/2008 3:38:09 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 95232 bytes | Modified Date = 1/15/2008 3:26:54 PM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 15490902 bytes | Modified Date = 1/31/2008 4:57:39 PM | Attr =  H ]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 126 bytes | Modified Date = 1/24/2008 3:08:03 PM | Attr =  HS]
ESBK.mb -> %AllUsersDocuments%\ESBK.mb ->  [Ver =  | Size = 2376704 bytes | Modified Date = 1/7/2008 5:28:47 PM | Attr = R  ]
ESBK.mbb -> %AllUsersDocuments%\ESBK.mbb ->  [Ver =  | Size = 5366784 bytes | Modified Date = 1/7/2008 5:28:46 PM | Attr = R  ]
357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est -> %UserDocuments%\357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est ->  [Ver =  | Size = 5120 bytes | Modified Date = 1/19/2008 11:39:17 AM | Attr =	]
cc_20080124_2116.reg -> %UserDocuments%\cc_20080124_2116.reg ->  [Ver =  | Size = 13328 bytes | Modified Date = 1/24/2008 9:17:56 PM | Attr =	]
EC Form.doc -> %UserDocuments%\EC Form.doc ->  [Ver =  | Size = 29184 bytes | Modified Date = 1/23/2008 4:33:00 PM | Attr =	]
Grayton Beach Camping.est -> %UserDocuments%\Grayton Beach Camping.est ->  [Ver =  | Size = 5120 bytes | Modified Date = 1/18/2008 8:12:16 AM | Attr =	]
Hamburger Paragraph MIN.doc -> %UserDocuments%\Hamburger Paragraph MIN.doc ->  [Ver =  | Size = 67584 bytes | Modified Date = 1/22/2008 7:41:00 PM | Attr =	]
January 2008 letter.doc -> %UserDocuments%\January 2008 letter.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 1/7/2008 7:13:53 AM | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/15/2008 10:51:00 PM | Attr = R  ]
Preschool -> %UserDocuments%\Preschool ->  [Folder | Modified Date = 1/14/2008 10:01:48 PM | Attr =	]
Quicken -> %UserDocuments%\Quicken ->  [Folder | Modified Date = 1/30/2008 8:23:19 PM | Attr =	]
Scouts -> %UserDocuments%\Scouts ->  [Folder | Modified Date = 1/15/2008 3:50:39 PM | Attr =	]
SFCC -> %UserDocuments%\SFCC ->  [Folder | Modified Date = 1/22/2008 8:37:11 PM | Attr =	]
Summary Frames  MIN.doc -> %UserDocuments%\Summary Frames  MIN.doc ->  [Ver =  | Size = 32256 bytes | Modified Date = 1/22/2008 7:41:00 PM | Attr =	]
wsInspector -> %UserDocuments%\wsInspector ->  [Folder | Modified Date = 1/24/2008 3:37:38 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/24/2008 10:38:46 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/24/2008 10:38:47 PM | Attr =	]
Skype.lnk -> %AllUsersDesktop%\Skype.lnk ->  [Ver =  | Size = 2387 bytes | Modified Date = 1/25/2008 8:50:29 PM | Attr =	]
The Shield Firewall.lnk -> %AllUsersDesktop%\The Shield Firewall.lnk ->  [Ver =  | Size = 816 bytes | Modified Date = 1/24/2008 2:09:33 PM | Attr =	]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Modified Date = 1/24/2008 9:14:29 PM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 1/25/2008 7:58:52 AM | Attr =	]
hijackthis_v2.0.2.zip -> %UserDesktop%\hijackthis_v2.0.2.zip ->  [Ver =  | Size = 499568 bytes | Modified Date = 1/24/2008 8:46:36 PM | Attr =	]
HJACK FILE -> %UserDesktop%\HJACK FILE ->  [Folder | Modified Date = 1/25/2008 8:04:46 AM | Attr =	]
Michele's Virus -> %UserDesktop%\Michele's Virus ->  [Folder | Modified Date = 1/25/2008 10:55:06 AM | Attr =	]
Microsoft Word.lnk -> %UserDesktop%\Microsoft Word.lnk ->  [Ver =  | Size = 2483 bytes | Modified Date = 1/25/2008 8:52:54 PM | Attr =	]
RegScrubXP.lnk -> %UserDesktop%\RegScrubXP.lnk ->  [Ver =  | Size = 650 bytes | Modified Date = 1/24/2008 9:42:42 PM | Attr =	]
Smartparts Pictures -> %UserDesktop%\Smartparts Pictures ->  [Folder | Modified Date = 1/1/2008 8:24:26 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 1/25/2008 7:03:24 AM | Attr =	]
Startup Inspector for Windows.lnk -> %UserDesktop%\Startup Inspector for Windows.lnk ->  [Ver =  | Size = 750 bytes | Modified Date = 1/24/2008 3:17:36 PM | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 1/24/2008 10:33:26 PM | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 60 bytes | Modified Date = 1/24/2008 11:24:32 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 1/31/2008 5:27:10 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478367 bytes | Modified Date = 1/31/2008 10:35:14 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 1/24/2008 10:38:06 PM | Attr =	]

< End of report >


#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:56 AM

Posted 31 January 2008 - 06:42 PM

Hi jormic. Some of the files are still present so we will need a different tool to take care of them. Follow the steps below in order.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

files to delete:
c:\windows\System32\drivers\pzowhvuy.dat
c:\windows\System32\dciman32f.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> vfwteqyb -> %System32%\dciman32f.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {C4982BAD-3CF5-4998-BCE3-3AA507368816} [HKEY_LOCAL_MACHINE] -> %System32%\dciman32f.dll []
[Files/Folders - Created Within 30 days]
NY -> pzowhvuy.dat -> %System32%\drivers\pzowhvuy.dat
NY -> dciman32f.dll -> %System32%\dciman32f.dll
[Files/Folders - Modified Within 30 days]
NY -> pzowhvuy.dat -> %System32%\drivers\pzowhvuy.dat
NY -> dciman32f.dll -> %System32%\dciman32f.dll
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #4

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (in the WinPFind35u folder)
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 jormic

jormic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 01 February 2008 - 08:41 AM

OT,

Using link provided downloaded Avenger to my desktop then on to my Thumb Drive to transport to infected laptop. When opening the zip file the following occurs:

C:\DOCUME~1\Michele\LOCALS~1\Temp\Temporary Directory 2 for avenger.zip\avenger.exe
---------------------------
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.
---------------------------
OK
---------------------------
Then when I click OK the virus program picks this up:

Trojan.Win32.Agent.130048

What have I done wrong? Thanks for your patiance.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:56 AM

Posted 01 February 2008 - 10:54 AM

Hi jormic. The program cannot be run from inside the zip. It must be extracted to the desktop. If the AV is putting up a warning tell it to ignore the program.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 jormic

jormic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 01 February 2008 - 02:41 PM

Ok OT,

I've got too many file transfers and scans on the brain, hopefully I didn't delete or copy the incorrect file, fix, or scan.


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gurpifxf

*******************

Script file located at: \??\C:\WINDOWS\system32\nocuqocd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File c:\windows\System32\drivers\pzowhvuy.dat deleted successfully.
File c:\windows\System32\dciman32f.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


windfind35 fix:


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vfwteqyb\ deleted successfully.
File C:\WINDOWS\System32\dciman32f.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4982BAD-3CF5-4998-BCE3-3AA507368816}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4982BAD-3CF5-4998-BCE3-3AA507368816}\ deleted successfully.
File C:\WINDOWS\System32\dciman32f.dll not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\drivers\pzowhvuy.dat not found!
File C:\WINDOWS\System32\dciman32f.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\drivers\pzowhvuy.dat not found!
File C:\WINDOWS\System32\dciman32f.dll not found!
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta42 fix logfile created on 02012008_140641



winpfind35 scan log:

WinPFind35 logfile created on: 2/1/2008 2:08:53 PM
WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Michele\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
894.48 Mb Total Physical Memory | 532.36 Mb Available Physical Memory | 59.52% Memory free
2.12 Gb Paging File | 1.83 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 60.85 Gb Free Space | 81.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 124.31 Gb Free Space | 83.42% Space Free | Partition Type: FAT32
Drive F: | 3.76 Gb Total Space | 3.73 Gb Free Space | 99.36% Space Free | Partition Type: FAT32

Computer Name: MES
Current User Name: Michele
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 8:31:26 AM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 8:31:26 AM | Attr =	]
lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/19/2007 11:40:48 PM | Attr =	]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 4/11/2005 10:00:00 AM | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2/18/2007 3:05:17 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 3:23:27 AM | Attr =	]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 2 | Size = 794624 bytes | Modified Date = 4/1/2005 3:11:14 PM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 4:50:18 PM | Attr =	]
vrmonnt.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonnt.exe -> HAURI [Ver = 2004, 9, 6, 1 | Size = 249916 bytes | Modified Date = 6/27/2005 6:19:24 PM | Attr =	]
quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ->  [Ver =  | Size = 2027792 bytes | Modified Date = 7/25/2007 3:06:30 PM | Attr =	]
communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ->  [Ver =  | Size = 563984 bytes | Modified Date = 7/25/2007 3:02:54 PM | Attr =	]
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12/3/2004 1:24:20 PM | Attr =	]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.2.0.148 | Size = 23395880 bytes | Modified Date = 5/10/2007 3:09:14 PM | Attr = R  ]
easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 1.2.0.255 | Size = 1920968 bytes | Modified Date = 5/10/2007 3:09:16 PM | Attr = R  ]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/19/2007 11:38:54 PM | Attr =	]
wrsssdk.exe -> %ProgramFiles%\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,8,483 | Size = 2159104 bytes | Modified Date = 12/14/2005 6:28:56 PM | Attr =	]
vrmonsvc.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/5/2006 12:00:00 PM | Attr =	]
lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/19/2007 11:38:54 PM | Attr =	]
cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.1.0.2030 | Size = 403728 bytes | Modified Date = 7/25/2007 3:02:32 PM | Attr =	]
hpqwmi.exe -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 3/4/2005 12:16:18 PM | Attr = R  ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 3:23:16 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 4/11/2005 8:31:26 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/21/2007 3:54:59 PM | Attr =	]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Running] -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 3/4/2005 12:16:18 PM | Attr = R  ]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/19/2007 11:38:54 PM | Attr =	]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/19/2007 11:40:48 PM | Attr =	]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 141848 bytes | Modified Date = 7/19/2007 11:42:30 PM | Attr =	]
(sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.23 | Size = 708176 bytes | Modified Date = 5/17/2007 11:02:22 AM | Attr =	]
(sdCoreService) Spyware Doctor Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.60 | Size = 1302272 bytes | Modified Date = 7/16/2007 11:38:23 AM | Attr =	]
(svcWRSSSDK) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\WRSSSDK.exe -> Webroot Software, Inc. [Ver = 2,0,8,483 | Size = 2159104 bytes | Modified Date = 12/14/2005 6:28:56 PM | Attr =	]
(vrmonsvc) ViRobot Expert Monitoring [Win32_Own | Auto | Running] -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/5/2006 12:00:00 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %System32%\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.1.0 built by: dnsrv(wmbla) | Size = 39424 bytes | Modified Date = 8/11/2004 4:30:00 PM | Attr =	]
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6539 | Size = 1035264 bytes | Modified Date = 4/11/2005 8:33:52 AM | Attr =	]
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.100.64.0 built by: WinDDK | Size = 371712 bytes | Modified Date = 3/10/2005 4:41:52 AM | Attr =	]
(CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Running] -> %System32%\drivers\camc6aud.sys -> Conexant Systems Inc. [Ver = 6.14.10.0535 | Size = 38016 bytes | Modified Date = 2/18/2005 10:41:18 AM | Attr = R  ]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %System32%\drivers\camc6hal.sys -> Conexant Systems Inc. [Ver = 6.14.10.0535 | Size = 349696 bytes | Modified Date = 2/18/2005 10:42:02 AM | Attr = R  ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.07a | Size = 88016 bytes | Modified Date = 1/27/2005 2:22:00 AM | Attr =	]
(eabfiltr) eabfiltr [Kernel | System | Running] -> %System32%\drivers\eabfiltr.sys -> Hewlett-Packard Company [Ver = 4.20.01.03 | Size = 7432 bytes | Modified Date = 4/14/2004 7:36:50 AM | Attr =	]
(eabusb) eabusb [Kernel | On_Demand | Stopped] -> %System32%\drivers\EabUsb.sys -> Hewlett-Packard Company [Ver = 4.10.02.02 | Size = 5220 bytes | Modified Date = 6/6/2003 11:46:16 AM | Attr =	]
(FarStoneFireWallDrive) FarStoneFireWallDrive [Kernel | On_Demand | Stopped] -> %System32%\drivers\FarDrive.sys ->  [Ver =  | Size = 142169 bytes | Modified Date = 5/19/2004 11:53:06 PM | Attr =	]
(FilterService) UVC Filter Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvuvcflt.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 22296 bytes | Modified Date = 7/18/2007 7:44:22 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSFHWATI) HSFHWATI [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWATI.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 200192 bytes | Modified Date = 12/15/2004 10:18:30 AM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 1038208 bytes | Modified Date = 12/15/2004 10:18:26 AM | Attr =	]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(IKFileFlt) File Filter Driver [File_System | On_Demand | Stopped] -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1016 | Size = 39248 bytes | Modified Date = 4/19/2007 2:18:08 PM | Attr =	]
(IKFileSec) File Security Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025 | Size = 52304 bytes | Modified Date = 4/19/2007 2:18:12 PM | Attr =	]
(IkSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 59984 bytes | Modified Date = 4/19/2007 2:18:16 PM | Attr =	]
(IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 83536 bytes | Modified Date = 4/19/2007 2:18:20 PM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\Lvckap.sys -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 2109592 bytes | Modified Date = 7/19/2007 11:37:56 PM | Attr =	]
(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> %System32%\drivers\LVMVdrv.sys -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 2142488 bytes | Modified Date = 7/19/2007 11:39:50 PM | Attr =	]
(lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvpopflt.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 1920920 bytes | Modified Date = 7/18/2007 7:42:28 PM | Attr =	]
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LVPr2Mon.sys ->  [Ver =  | Size = 25624 bytes | Modified Date = 7/18/2007 4:42:42 PM | Attr =	]
(lvselsus) Logitech Selective Suspend Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvselsus.sys -> Logitech Inc. [Ver = 10.0.0.1438 | Size = 55984 bytes | Modified Date = 6/22/2006 5:29:43 PM | Attr = R  ]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 41752 bytes | Modified Date = 7/18/2007 7:44:00 PM | Attr =	]
(LVUVC) Logitech QuickCam Fusion(UVC) [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvuvc.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 3599000 bytes | Modified Date = 7/18/2007 7:44:22 PM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 6:04:14 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/29/2007 2:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.621.0304.2005 built by: WinDDK | Size = 74496 bytes | Modified Date = 3/3/2005 2:10:26 PM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 5:31:34 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(ser2plms) Microsoft USB GPS driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ser2plms.sys -> Prolific Technology Inc. [Ver = 1.5.0.1 | Size = 42240 bytes | Modified Date = 9/2/2005 4:06:35 PM | Attr = R  ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(SSI) SSI [Kernel | Boot | Running] -> %System32%\drivers\ssi.sys -> Webroot Software (www.webroot.com) [Ver = 1.02 | Size = 78336 bytes | Modified Date = 12/14/2005 6:06:46 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 191456 bytes | Modified Date = 2/2/2005 6:58:58 AM | Attr =	]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %System32%\drivers\tifm21.sys -> Texas Instruments [Ver = 1.0.3.2 | Size = 159488 bytes | Modified Date = 3/16/2005 7:43:06 AM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(VRcore) VRcore [Kernel | On_Demand | Running] -> %System32%\drivers\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2008,01,18,71 | Size = 4464416 bytes | Modified Date = 1/18/2008 7:53:48 AM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 703232 bytes | Modified Date = 12/15/2004 10:18:28 AM | Attr =	]
(VRFIL) VRFIL [Kernel | On_Demand | Running] -> %System32%\drivers\vrfil.sys -> HAURI [Ver = 2006,9,7,1 | Size = 40025 bytes | Modified Date = 2/20/2007 11:28:57 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 4/11/2005 10:00:00 AM | Attr =	]
Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe ->  [Ver =  | Size = 233534 bytes | Modified Date = 2/17/2005 2:01:20 PM | Attr =	]
dwStart -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FireWall.exe -> NextAisle [Ver = 2, 1, 0, 0 | Size = 405504 bytes | Modified Date = 8/6/2004 12:40:46 AM | Attr =	]
HP Software Update -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr =	]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 2 | Size = 794624 bytes | Modified Date = 4/1/2005 3:11:14 PM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 4:50:42 PM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 4:50:18 PM | Attr =	]
LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ->  [Ver =  | Size = 563984 bytes | Modified Date = 7/25/2007 3:02:54 PM | Attr =	]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe ->  [Ver =  | Size = 2027792 bytes | Modified Date = 7/25/2007 3:06:30 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2/18/2007 3:05:17 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 3:23:27 AM | Attr =	]
Vrmon -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonnt.exe -> HAURI [Ver = 2004, 9, 6, 1 | Size = 249916 bytes | Modified Date = 6/27/2005 6:19:24 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12/3/2004 1:24:20 PM | Attr =	]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.2.0.148 | Size = 23395880 bytes | Modified Date = 5/10/2007 3:09:14 PM | Attr = R  ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]
< Michele Startup Folder > -> C:\Documents and Settings\Michele\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 46080 bytes | Modified Date = 4/11/2005 8:31:30 AM | Attr =	]
WRNotifier -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 2,0,8,483 | Size = 492544 bytes | Modified Date = 12/14/2005 6:29:02 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 
< HOSTS File > (224690 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.npr.org/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4195 domain(s) found. -> 
35 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6406 domain(s) found. -> 
turbotax.com .[https] -> Trusted sites -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 2:17:44 PM | Attr =	]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 78 | Size = 722472 bytes | Modified Date = 5/10/2007 3:09:16 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 3:23:24 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/21/2007 3:54:58 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/21/2007 3:54:58 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/21/2007 3:54:58 PM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_11\bin\NPJPI150_11.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 3:23:25 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 3:23:24 AM | Attr =	]
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 78 | Size = 722472 bytes | Modified Date = 5/10/2007 3:09:16 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_11\bin\NPJPI150_11.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 3:23:25 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1FF2B150-C657-4901-8D21-53AAD2DDB3E7} ->	(1394 Net Adapter) -> 
{6B5A827B-B461-42AC-8381-743C5E025D43} ->	() -> 
{B0A4CCE2-0CC5-4F3C-AA31-70DE38395208} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{FBD49F73-E486-4F61-A810-B683756B927A} ->	(Broadcom 802.11b/g WLAN) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 5/10/2007 3:09:14 PM | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 2/1/2008 1:50:53 PM | Attr =	]
clreg BU.reg -> %SystemDrive%\clreg BU.reg ->  [Ver =  | Size = 60844 bytes | Created Date = 1/24/2008 3:36:00 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Created Date = 1/31/2008 5:11:47 PM | Attr =  HS]
RegBU -> %SystemDrive%\RegBU ->  [Folder | Created Date = 1/24/2008 3:19:37 PM | Attr =	]
AppCert -> %System32%\AppCert ->  [Folder | Created Date = 1/23/2008 9:44:44 PM | Attr =	]
FarLsp.dll -> %System32%\FarLsp.dll ->  [Ver =  | Size = 250056 bytes | Created Date = 1/24/2008 2:12:07 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/24/2008 10:38:42 PM | Attr =	]
wsInspector -> %UserAppData%\wsInspector ->  [Folder | Created Date = 1/24/2008 3:38:09 PM | Attr =	]
357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est -> %UserDocuments%\357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est ->  [Ver =  | Size = 5120 bytes | Created Date = 1/19/2008 11:39:17 AM | Attr =	]
cc_20080124_2116.reg -> %UserDocuments%\cc_20080124_2116.reg ->  [Ver =  | Size = 13328 bytes | Created Date = 1/24/2008 9:17:48 PM | Attr =	]
EC Form.doc -> %UserDocuments%\EC Form.doc ->  [Ver =  | Size = 29184 bytes | Created Date = 1/23/2008 4:33:00 PM | Attr =	]
Grayton Beach Camping.est -> %UserDocuments%\Grayton Beach Camping.est ->  [Ver =  | Size = 5120 bytes | Created Date = 1/18/2008 8:12:15 AM | Attr =	]
Hamburger Paragraph MIN.doc -> %UserDocuments%\Hamburger Paragraph MIN.doc ->  [Ver =  | Size = 67584 bytes | Created Date = 1/22/2008 7:41:00 PM | Attr =	]
January 2008 letter.doc -> %UserDocuments%\January 2008 letter.doc ->  [Ver =  | Size = 25088 bytes | Created Date = 1/7/2008 7:11:19 AM | Attr =	]
Summary Frames  MIN.doc -> %UserDocuments%\Summary Frames  MIN.doc ->  [Ver =  | Size = 32256 bytes | Created Date = 1/22/2008 7:41:00 PM | Attr =	]
wsInspector -> %UserDocuments%\wsInspector ->  [Folder | Created Date = 1/24/2008 3:37:38 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/24/2008 10:38:46 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/24/2008 10:38:47 PM | Attr =	]
The Shield Firewall.lnk -> %AllUsersDesktop%\The Shield Firewall.lnk ->  [Ver =  | Size = 816 bytes | Created Date = 1/24/2008 2:09:33 PM | Attr =	]
avenger.zip -> %UserDesktop%\avenger.zip ->  [Ver =  | Size = 127378 bytes | Created Date = 2/1/2008 8:14:43 AM | Attr =	]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Created Date = 1/24/2008 3:17:20 PM | Attr =	]
Fix for -35.CLP -> %UserDesktop%\Fix for -35.CLP ->  [Ver =  | Size = 8843 bytes | Created Date = 2/1/2008 8:14:40 AM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 1/25/2008 7:58:52 AM | Attr =	]
HJACK FILE -> %UserDesktop%\HJACK FILE ->  [Folder | Created Date = 1/25/2008 8:02:37 AM | Attr =	]
Michele's Virus -> %UserDesktop%\Michele's Virus ->  [Folder | Created Date = 1/24/2008 10:37:51 PM | Attr =	]
RegScrubXP.lnk -> %UserDesktop%\RegScrubXP.lnk ->  [Ver =  | Size = 650 bytes | Created Date = 1/24/2008 9:42:42 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 1/25/2008 7:03:24 AM | Attr =	]
Startup Inspector for Windows.lnk -> %UserDesktop%\Startup Inspector for Windows.lnk ->  [Ver =  | Size = 750 bytes | Created Date = 1/24/2008 3:17:36 PM | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 1/24/2008 10:37:56 PM | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 60 bytes | Created Date = 1/24/2008 11:24:32 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 1/31/2008 10:50:11 AM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478367 bytes | Created Date = 1/31/2008 10:47:06 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 1/24/2008 10:38:06 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 2/1/2008 1:50:53 PM | Attr =	]
clreg BU.reg -> %SystemDrive%\clreg BU.reg ->  [Ver =  | Size = 60844 bytes | Modified Date = 1/24/2008 3:36:07 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 1/24/2008 6:38:16 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Modified Date = 2/1/2008 1:50:28 PM | Attr =  HS]
logfile -> %SystemDrive%\logfile ->  [Ver =  | Size = 182886 bytes | Modified Date = 2/1/2008 1:51:17 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/25/2008 7:58:51 AM | Attr = R  ]
RegBU -> %SystemDrive%\RegBU ->  [Folder | Modified Date = 1/24/2008 3:19:50 PM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/1/2008 8:11:27 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/31/2008 5:27:09 PM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 1/25/2008 7:14:32 AM | Attr =	]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 224690 bytes | Modified Date = 1/25/2008 7:14:32 AM | Attr = R  ]
hosts.20080125-070725.backup -> %System32%\drivers\etc\hosts.20080125-070725.backup ->  [Ver =  | Size = 736 bytes | Modified Date = 1/24/2008 3:18:07 PM | Attr =	]
hosts.20080125-071432.backup -> %System32%\drivers\etc\hosts.20080125-071432.backup ->  [Ver =  | Size = 65806 bytes | Modified Date = 1/25/2008 7:07:25 AM | Attr = R  ]
vrcore.sys -> %System32%\drivers\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2008,01,18,71 | Size = 4464416 bytes | Modified Date = 1/18/2008 7:53:48 AM | Attr =	]
AppCert -> %System32%\AppCert ->  [Folder | Modified Date = 1/23/2008 9:44:44 PM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/26/2008 12:01:47 PM | Attr =	]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2/1/2008 1:50:55 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 2/1/2008 8:11:27 AM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/30/2008 1:38:52 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/1/2008 1:50:34 PM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 1/25/2008 7:51:49 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/25/2008 7:50:08 AM | Attr =   S]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/25/2008 8:50:31 PM | Attr =  HS]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 1/24/2008 1:44:15 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/1/2008 1:29:22 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 1/23/2008 9:43:52 PM | Attr =  H ]
system32 -> %System32% ->  [Folder | Modified Date = 2/1/2008 1:50:09 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/31/2008 5:27:09 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/1/2008 2:06:49 PM | Attr =	]
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job ->  [Ver =  | Size = 440 bytes | Modified Date = 1/31/2008 4:15:03 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/1/2008 1:50:42 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 46311 bytes | Modified Date = 2/1/2008 1:54:02 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 46270 bytes | Modified Date = 2/1/2008 1:54:02 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 2/18/2007 5:14:43 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/24/2008 10:39:36 PM | Attr =	]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Modified Date = 1/24/2008 10:39:10 PM | Attr =   S]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 1/25/2008 7:51:50 AM | Attr =	]
AdobeUM -> %UserAppData%\AdobeUM ->  [Folder | Modified Date = 1/13/2008 3:03:59 PM | Attr =	]
Lavasoft -> %UserAppData%\Lavasoft ->  [Folder | Modified Date = 1/24/2008 10:39:10 PM | Attr =	]
Skype -> %UserAppData%\Skype ->  [Folder | Modified Date = 2/1/2008 1:28:45 PM | Attr =	]
wsInspector -> %UserAppData%\wsInspector ->  [Folder | Modified Date = 1/24/2008 3:38:09 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 95232 bytes | Modified Date = 1/15/2008 3:26:54 PM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 15491366 bytes | Modified Date = 2/1/2008 1:49:35 PM | Attr =  H ]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 126 bytes | Modified Date = 1/24/2008 3:08:03 PM | Attr =  HS]
ESBK.mb -> %AllUsersDocuments%\ESBK.mb ->  [Ver =  | Size = 2376704 bytes | Modified Date = 1/7/2008 5:28:47 PM | Attr = R  ]
ESBK.mbb -> %AllUsersDocuments%\ESBK.mbb ->  [Ver =  | Size = 5366784 bytes | Modified Date = 1/7/2008 5:28:46 PM | Attr = R  ]
357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est -> %UserDocuments%\357 Main Park Rd, Santa Rosa Beach, FL 32459 to 15017 Emerald Coast Pkwy, Destin, FL 32541.est ->  [Ver =  | Size = 5120 bytes | Modified Date = 1/19/2008 11:39:17 AM | Attr =	]
cc_20080124_2116.reg -> %UserDocuments%\cc_20080124_2116.reg ->  [Ver =  | Size = 13328 bytes | Modified Date = 1/24/2008 9:17:56 PM | Attr =	]
EC Form.doc -> %UserDocuments%\EC Form.doc ->  [Ver =  | Size = 29184 bytes | Modified Date = 1/23/2008 4:33:00 PM | Attr =	]
Grayton Beach Camping.est -> %UserDocuments%\Grayton Beach Camping.est ->  [Ver =  | Size = 5120 bytes | Modified Date = 1/18/2008 8:12:16 AM | Attr =	]
Hamburger Paragraph MIN.doc -> %UserDocuments%\Hamburger Paragraph MIN.doc ->  [Ver =  | Size = 67584 bytes | Modified Date = 1/22/2008 7:41:00 PM | Attr =	]
January 2008 letter.doc -> %UserDocuments%\January 2008 letter.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 1/7/2008 7:13:53 AM | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/15/2008 10:51:00 PM | Attr = R  ]
Preschool -> %UserDocuments%\Preschool ->  [Folder | Modified Date = 1/31/2008 8:45:44 PM | Attr =	]
Quicken -> %UserDocuments%\Quicken ->  [Folder | Modified Date = 1/30/2008 8:23:19 PM | Attr =	]
Scouts -> %UserDocuments%\Scouts ->  [Folder | Modified Date = 1/15/2008 3:50:39 PM | Attr =	]
SFCC -> %UserDocuments%\SFCC ->  [Folder | Modified Date = 1/22/2008 8:37:11 PM | Attr =	]
Summary Frames  MIN.doc -> %UserDocuments%\Summary Frames  MIN.doc ->  [Ver =  | Size = 32256 bytes | Modified Date = 1/22/2008 7:41:00 PM | Attr =	]
wsInspector -> %UserDocuments%\wsInspector ->  [Folder | Modified Date = 1/24/2008 3:37:38 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/24/2008 10:38:46 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/24/2008 10:38:47 PM | Attr =	]
Skype.lnk -> %AllUsersDesktop%\Skype.lnk ->  [Ver =  | Size = 2387 bytes | Modified Date = 1/25/2008 8:50:29 PM | Attr =	]
The Shield Firewall.lnk -> %AllUsersDesktop%\The Shield Firewall.lnk ->  [Ver =  | Size = 816 bytes | Modified Date = 1/24/2008 2:09:33 PM | Attr =	]
avenger.zip -> %UserDesktop%\avenger.zip ->  [Ver =  | Size = 127378 bytes | Modified Date = 2/1/2008 8:16:54 AM | Attr =	]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Modified Date = 1/24/2008 9:14:29 PM | Attr =	]
Fix for -35.CLP -> %UserDesktop%\Fix for -35.CLP ->  [Ver =  | Size = 8843 bytes | Modified Date = 2/1/2008 8:04:22 AM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 1/25/2008 7:58:52 AM | Attr =	]
HJACK FILE -> %UserDesktop%\HJACK FILE ->  [Folder | Modified Date = 1/25/2008 8:04:46 AM | Attr =	]
Michele's Virus -> %UserDesktop%\Michele's Virus ->  [Folder | Modified Date = 1/25/2008 10:55:06 AM | Attr =	]
Microsoft Word.lnk -> %UserDesktop%\Microsoft Word.lnk ->  [Ver =  | Size = 2483 bytes | Modified Date = 1/31/2008 6:27:19 PM | Attr =	]
RegScrubXP.lnk -> %UserDesktop%\RegScrubXP.lnk ->  [Ver =  | Size = 650 bytes | Modified Date = 1/24/2008 9:42:42 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 1/25/2008 7:03:24 AM | Attr =	]
Startup Inspector for Windows.lnk -> %UserDesktop%\Startup Inspector for Windows.lnk ->  [Ver =  | Size = 750 bytes | Modified Date = 1/24/2008 3:17:36 PM | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 1/24/2008 10:33:26 PM | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 60 bytes | Modified Date = 1/24/2008 11:24:32 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2/1/2008 2:06:41 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478367 bytes | Modified Date = 1/31/2008 10:35:14 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 1/24/2008 10:38:06 PM | Attr =	]

< End of report >


Your instructions are very clear but sometimes I'm not as smart as a 5th grader.

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:56 AM

Posted 01 February 2008 - 06:37 PM

Your instructions are very clear but sometimes I'm not as smart as a 5th grader.

LOL jormic. I think you are smarter than you think :thumbsup:

The new log and the reports from Avenger and the fix look good. Everything is gone. How are things running? Any more issues?

If not, run it for a day or two and see how it goes. Then get back to me and let me know. If things are good, then we can do a final bit of cleanup.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 jormic

jormic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 01 February 2008 - 07:58 PM

OT,

I'm glad to see that you can still laugh through all this virus BS. The laptop is no longer sluggish running normal task but still unable to get on-line (good wifi connection and signal), enable windows firewall (windows cannot start windows firewall/internet connection sharing ics service), or use restore.

Is it time to pull the plug and start from scratch? My wife is afraid to lose all her research data.
What should I do Old Wise One?

Thanks Again - Have a good weekend

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:56 AM

Posted 01 February 2008 - 09:08 PM

Hi jormic. You can start from scratch if you want to, but you will lose anything that is not backed up. Anyway, there is no reason for it.

Go here and follow the steps outlined. Try Method 1 first and if that doesn't fix things then try Method 2.

Let me know what happens.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 jormic

jormic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 05 February 2008 - 01:00 PM

OT,

We tried the last fix and no joy the problem remained. We have purchased an external hard drive and are preparing to backup all our files before we reload windows. Any last words of wisdom ? Is there anything in the archives that will talk us through the reinstall procedure?

Thanks

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:56 AM

Posted 05 February 2008 - 03:36 PM

Hi jormic. I wouldn't worry about Windows Firewall or ICS. Windows Firewall is basically useless and you are not going to use ICS through a wireless connection anyway. I would recommend one of the good free firewalls from Kerio or Comodo instead of the one in Windows.

For System Restore, it can be reset by going to the c:\windows\inf folder, right-clicking on sr.inf and selecting Install. It will ask for yor XP CD, reinstall the System Restore function and then reboot.

For the wireless connection I'd just delete it and then reinstall it and see what happens.

For some useful guides on installing/reinstalling XP, this site has some very good tutorials: http://www.windowsreinstall.com/

A repair install should retain what is currently on the system, a new isntall will of course remove everything and start fresh.

Let me know if you have any questions.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 jormic

jormic
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 05 February 2008 - 07:05 PM

OT,

Gotter all fixed up! You know I'll have to take all the credit so my wife will think I'm the hero.

Thanks again for all your help I put a little something in your account, its not much but Trump I'm not.

Later (hopefully much later)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users