Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Trojan-psw.win32.nilage.bvj


  • This topic is locked This topic is locked
20 replies to this topic

#1 iqra

iqra

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 29 January 2008 - 07:37 AM

hey, i tried to get help from the "i am infected" forum area but those guys dircted me to this area....what they are saying is that this virus keeps on showing up even after a complete system cleaning and that people here might know more....i myself did not go thorugh the process cos it might be a waste of time if the virus is not removed.
The only antivirus i have is TrendMicro provided by my university and also i cant uninstall it cos its password protected. here is the report from ur hijackthis. and i also have a scan report from this online scanner i used online ( i will also paste that here). hope u can help...and thanx for ur time


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:08 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\WINDOWS\TEMP\KDF5EF.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mubpr01.rcsi-mub.com:3128
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rcsi-mub.com
O17 - HKLM\Software\..\Telephony: DomainName = rcsi-mub.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rcsi-mub.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rcsi-mub.com
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 15117 bytes














here is the online scan report!!! hope this will be helpful

Tuesday, January 29, 2008 2:05:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/01/2008
Kaspersky Anti-Virus database records: 534986


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 69297
Number of viruses found 6
Number of infected objects 15
Number of suspicious objects 0
Duration of the scan process 00:52:24

Infected Object Name Virus Name Last Action
C:\autorun.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\Documents and Settings\ajohn\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\ajohn\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped

C:\Documents and Settings\helpdesk\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\helpdesk\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Student\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Messenger\lamborghinidiablo2004@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Messenger\lamborghinidiablo2004@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Messenger\lamborghinidiablo2004@hotmail.com\SharingMetadata\Working\database_2068_BBD2_68BB_A546\dfsr.db Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Messenger\lamborghinidiablo2004@hotmail.com\SharingMetadata\Working\database_2068_BBD2_68BB_A546\fsr.log Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Messenger\lamborghinidiablo2004@hotmail.com\SharingMetadata\Working\database_2068_BBD2_68BB_A546\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Messenger\lamborghinidiablo2004@hotmail.com\SharingMetadata\Working\database_2068_BBD2_68BB_A546\tmp.edb Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Windows Live Contacts\lamborghinidiablo2004@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Windows Live Contacts\lamborghinidiablo2004@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Student\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Student\Local Settings\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped

C:\Documents and Settings\Student\Local Settings\History\History.IE5\MSHist012008012820080129\index.dat Object is locked skipped

C:\Documents and Settings\Student\Local Settings\History\History.IE5\MSHist012008012920080130\index.dat Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\s2pg.dll Infected: Worm.Win32.AutoRun.cex skipped

C:\Documents and Settings\Student\Local Settings\Temp\vx4cdqn.dll Infected: Trojan-PSW.Win32.OnLineGames.kdw skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DF32BA.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DF3468.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DF3D20.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DF5783.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DF578E.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DF7C72.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DF801E.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DF8029.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DFA037.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DFD5C9.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temp\~DFDE6F.tmp Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Student\Local Settings\Temporary Internet Files\Content.IE5\9ZNMTO6U\help[1].exe Infected: Trojan-PSW.Win32.OnLineGames.prv skipped

C:\Documents and Settings\Student\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Student\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Student\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\tutor\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\tutor\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP95\A0020624.dll Infected: Trojan-PSW.Win32.Magania.bqo skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP95\A0020627.exe Infected: Trojan-PSW.Win32.Nilage.bvj skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP95\A0020667.dll Infected: Trojan-PSW.Win32.Magania.bqo skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP95\A0020669.exe Infected: Worm.Win32.AutoRun.cex skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP95\A0020670.inf Infected: Trojan-PSW.Win32.OnLineGames.pqm skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP95\A0020694.exe Infected: Worm.Win32.AutoRun.cex skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP95\A0020695.dll Infected: Worm.Win32.AutoRun.cex skipped

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP96\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\amvo.exe Infected: Trojan-PSW.Win32.OnLineGames.prv skipped

C:\WINDOWS\system32\amvo1.dll Infected: Worm.Win32.AutoRun.cex skipped

C:\WINDOWS\system32\amvo2.dll Infected: Trojan-PSW.Win32.OnLineGames.prv skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_e9c.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\xo8wr9.exe Infected: Trojan-PSW.Win32.OnLineGames.prv skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:23 PM

Posted 02 February 2008 - 10:27 AM

Hello iqra and welcome to the BC HijackThis forum. There's a couple of things we need to do.

First, your Java is extremely out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
Note: If there is an Update XX in the name then the "XX" in the version will be whatever the latest version is.
  • Download the latest version of Java Runtime Environment (JRE) 6.0 Update XX (if present).
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_6_0_XX-windowsi586-p.exe to install the newest version.
When the above is complete, let's see what else we can find. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 iqra

iqra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 02 February 2008 - 03:24 PM

hi OT,
thanx for replying
i tried and tried to download the updated java version from that website but at the last step it gives me the message that the website has declined to allow access to the webpage...seriously i even signed up but it still didnt work....so what should i do now?

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:23 PM

Posted 02 February 2008 - 05:06 PM

Hi iqra. There should be no signup required. Are you attempting to download with Sun's Download Manager? Don't use that. Click the file and download it directly.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 iqra

iqra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 02 February 2008 - 05:17 PM

hey OT, like i told u before i tried absoultely everything....i clicked on the link it self and page would open (after 10 mins) saying that the website has declined the access to this webpage...
i did this like 20 times...and no i did not use the SDM ( though i did try it) and i still tried to download even after posting a reply to u...but no luck!!
please isnt there another way!!...

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:23 PM

Posted 03 February 2008 - 11:21 AM

Hi iqra. You could run without java but may websites and functions would not work. Try this direct link instead: http://javadl.sun.com/webapps/download/AutoDL?BundleId=12798

Let me know what happens.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 iqra

iqra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 03 February 2008 - 01:22 PM

hi, the link worked and here is the scan report..

WinPFind35 logfile created on: 2/3/2008 9:16:07 PM
WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Student\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
502.37 Mb Total Physical Memory | 189.88 Mb Available Physical Memory | 37.80% Memory free
1.20 Gb Paging File | 0.62 Gb Available in Paging File | 51.88% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 51.49 Gb Free Space | 46.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MUBSTU396
Current User Name: Student
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 10/18/2006 6:05:18 PM | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 10/18/2006 5:56:52 PM | Attr =	]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.1.5  | Size = 290816 bytes | Modified Date = 10/18/2006 6:01:34 PM | Attr =	]
incdsrv.exe -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 5, 1, 19 | Size = 924160 bytes | Modified Date = 2/12/2007 12:18:50 PM | Attr =	]
nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 4:57:54 PM | Attr =	]
ntrtscan.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\NTRtScan.exe -> Trend Micro Inc. [Ver = 8.0.0.1004 | Size = 771704 bytes | Modified Date = 5/8/2007 12:45:22 AM | Attr =	]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5   | Size = 327680 bytes | Modified Date = 10/18/2006 5:49:52 PM | Attr =	]
tmlisten.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmListen.exe -> Trend Micro Inc. [Ver = 8.0.0.1004 | Size = 796280 bytes | Modified Date = 5/8/2007 12:45:24 AM | Attr =	]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE ->  [Ver =  | Size = 18944 bytes | Modified Date = 12/19/2005 5:08:42 PM | Attr =	]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1200128 bytes | Modified Date = 12/19/2005 5:08:40 PM | Attr =	]
tmpfw.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmPfw.exe -> Trend Micro Inc. [Ver = 3.3.0.1015 | Size = 943696 bytes | Modified Date = 4/4/2007 10:35:46 PM | Attr =	]
fff00b.exe -> %SystemRoot%\Temp\FFF00B.EXE -> Trend Micro Inc. [Ver = 8.0.0.1004 | Size = 300656 bytes | Modified Date = 5/8/2007 12:43:40 AM | Attr =	]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.155 | Size = 176128 bytes | Modified Date = 10/7/2005 8:13:38 AM | Attr = R  ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/13/2005 11:41:08 AM | Attr =	]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Modified Date = 12/13/2005 11:41:00 AM | Attr =	]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/13/2005 11:45:00 AM | Attr =	]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4898.0  nd380 cp1 | Size = 417792 bytes | Modified Date = 1/9/2006 1:33:24 PM | Attr =	]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 10:29:52 PM | Attr =	]
hidfind.exe -> %ProgramFiles%\Apoint\hidfind.exe -> Alps Electric Co., Ltd. [Ver = 1.1.0.23 | Size = 45056 bytes | Modified Date = 6/28/2004 5:56:12 PM | Attr = R  ]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.22 | Size = 45056 bytes | Modified Date = 7/27/2005 10:41:08 AM | Attr = R  ]
wltray.exe -> %System32%\WLTRAY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 5:08:42 PM | Attr =	]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 8, 0 | Size = 1032192 bytes | Modified Date = 4/6/2006 4:58:52 PM | Attr =	]
dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr =	]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 10/18/2006 6:04:28 PM | Attr =	]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 10/18/2006 5:58:16 PM | Attr =	]
pccntmon.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\PccNTMon.exe -> Trend Micro Inc. [Ver = 8.0.0.1004 | Size = 702072 bytes | Modified Date = 5/8/2007 12:43:06 AM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 2:41:10 AM | Attr =	]
nbhgui.exe -> %ProgramFiles%\Nero\Nero 7\InCD\NBHGui.exe -> Nero AG [Ver = 5, 5, 1, 19 | Size = 1620480 bytes | Modified Date = 2/12/2007 12:23:18 PM | Attr =	]
incd.exe -> %ProgramFiles%\Nero\Nero 7\InCD\InCD.exe -> Nero AG [Ver = 5, 5, 1, 19 | Size = 1050112 bytes | Modified Date = 2/12/2007 12:19:46 PM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 9/28/2007 6:58:53 PM | Attr =	]
lvcoms.exe -> %CommonProgramFiles%\Logitech\QCDriver\LVComS.exe -> Logitech Inc. [Ver = 6.0.0.1208 | Size = 98304 bytes | Modified Date = 9/24/2001 9:39:28 AM | Attr =	]
netwaiting.exe -> %ProgramFiles%\NetWaiting\netwaiting.exe ->  [Ver =  | Size = 20480 bytes | Modified Date = 9/10/2003 4:24:00 AM | Attr =	]
sweetim.exe -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe -> MacroGaming LTD. [Ver = 2, 1, 0, 19 | Size = 103712 bytes | Modified Date = 8/12/2007 11:02:46 AM | Attr = R  ]
searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 5:59:38 PM | Attr =	]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003051500 | Size = 217193 bytes | Modified Date = 5/15/2003 1:19:50 AM | Attr =	]
tosbtmng.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 4.00.5y18.US | Size = 1724416 bytes | Modified Date = 11/18/2005 7:46:00 PM | Attr =	]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 4:06:00 AM | Attr =	]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr =	]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 479232 bytes | Modified Date = 10/18/2006 5:53:24 PM | Attr =	]
tosa2dp.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe -> TOSHIBA CORPORATION. [Ver = 4.00.5817.US | Size = 290816 bytes | Modified Date = 8/17/2005 11:59:34 AM | Attr =	]
tosbthid.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe -> TOSHIBA CORPORATION. [Ver = 4, 0, 804, 0 | Size = 65536 bytes | Modified Date = 8/17/2005 12:11:28 AM | Attr =	]
tosbthsp.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe -> TOSHIBA CORPORATION. [Ver = 4.00.5z03.0 | Size = 217088 bytes | Modified Date = 12/3/2005 4:23:08 AM | Attr =	]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 5:24:52 AM | Attr =	]
cntaosmgr.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\CNTAoSMgr.exe -> Trend Micro Inc. [Ver = 1.0.0.1124 | Size = 415352 bytes | Modified Date = 4/23/2007 8:14:42 PM | Attr =	]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
tosobex.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe -> TOSHIBA CORPORATION. [Ver = 1, 0, 0, 2 | Size = 311296 bytes | Modified Date = 2/6/2006 11:00:20 PM | Attr =	]
tosbtproc.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe -> TOSHIBA CORPORATION. [Ver = 1.02.14.US-ALL | Size = 2134016 bytes | Modified Date = 12/5/2005 1:50:00 AM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 12:38:16 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Bluetooth Hid Switch Service) Bluetooth Hid Switch Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\BlueTooth\HidSwitchService\HidSw.exe -> Cambridge Silicon Radio [Ver = 1.0.0.24 | Size = 188416 bytes | Modified Date = 8/30/2005 7:36:00 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 10/18/2006 6:05:18 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 9/28/2007 6:59:02 PM | Attr =	]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 5, 1, 19 | Size = 924160 bytes | Modified Date = 2/12/2007 12:18:50 PM | Attr =	]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 1 | Size = 774144 bytes | Modified Date = 1/5/2007 1:41:10 PM | Attr =	]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 4:57:54 PM | Attr =	]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 12/23/2006 5:54:04 PM | Attr =	]
(ntrtscan) OfficeScanNT RealTime Scan [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\NTRtScan.exe -> Trend Micro Inc. [Ver = 8.0.0.1004 | Size = 771704 bytes | Modified Date = 5/8/2007 12:45:22 AM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] ->  -> File not found
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5   | Size = 327680 bytes | Modified Date = 10/18/2006 5:49:52 PM | Attr =	]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 10/18/2006 5:56:52 PM | Attr =	]
(tmlisten) OfficeScan NT Listener [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmListen.exe -> Trend Micro Inc. [Ver = 8.0.0.1004 | Size = 796280 bytes | Modified Date = 5/8/2007 12:45:24 AM | Attr =	]
(TmPfw) OfficeScanNT Personal Firewall [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmPfw.exe -> Trend Micro Inc. [Ver = 3.3.0.1015 | Size = 943696 bytes | Modified Date = 4/4/2007 10:35:46 PM | Attr =	]
(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.1.5  | Size = 290816 bytes | Modified Date = 10/18/2006 6:01:34 PM | Attr =	]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %System32%\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.6.0.0 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.6.0.0 | Size = 21425 bytes | Modified Date = 8/8/2007 12:09:24 PM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 3:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 1:07:44 AM | Attr =	]
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %System32%\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.5.1.297 | Size = 113847 bytes | Modified Date = 9/28/2005 2:57:18 PM | Attr = R  ]
(APPDRV) APPDRV [Kernel | System | Running] -> %System32%\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 8/12/2005 7:50:46 PM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 3:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 3:51:58 PM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.10.40.0 | Size = 424320 bytes | Modified Date = 11/2/2005 9:24:34 PM | Attr =	]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.37.0.0 built by: WinDDK | Size = 45312 bytes | Modified Date = 8/5/2005 5:32:16 AM | Attr = R  ]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 3:51:54 PM | Attr =	]
(CSRBC) CSRBC.Sys CSR test driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\csrbcxp.sys -> CSR, plc [Ver = 1.0.0.378 built by: WinDDK | Size = 31744 bytes | Modified Date = 1/16/2007 10:22:00 AM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 3:52:16 PM | Attr =	]
(DCamUSBDXGTech) Dual-Mode DSC (Video Camera) [Kernel | On_Demand | Stopped] -> %System32%\drivers\gt891x1.sys -> Grandtech Semiconductor Corp. [Ver = 5.00.2031.1 | Size = 314792 bytes | Modified Date = 12/11/2001 9:27:58 PM | Attr =	]
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %System32%\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 25628 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =	]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %System32%\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 8/25/2005 2:16:52 PM | Attr =	]
(DLADResN) DLADResN [File_System | Auto | Running] -> %System32%\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 2496 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =	]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %System32%\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 86524 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =	]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %System32%\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 14684 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =	]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %System32%\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 6364 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =	]
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %System32%\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 8/25/2005 2:16:16 PM | Attr =	]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %System32%\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 94332 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =	]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %System32%\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 87036 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 5:30:00 AM | Attr =	]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %System32%\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 7:20:00 AM | Attr =	]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 2:12:10 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 8/12/2004 7:45:54 PM | Attr =	]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 2 | Size = 49664 bytes | Modified Date = 4/13/2006 4:04:39 AM | Attr =	]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 16496 bytes | Modified Date = 4/13/2006 4:04:39 AM | Attr =	]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZius12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 21568 bytes | Modified Date = 4/13/2006 4:04:39 AM | Attr =	]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %System32%\drivers\HSX_DPV.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 936960 bytes | Modified Date = 12/1/2005 9:40:56 AM | Attr =	]
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %System32%\drivers\HSXHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 192512 bytes | Modified Date = 12/1/2005 9:40:12 AM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4446 | Size = 1364574 bytes | Modified Date = 12/13/2005 12:09:34 PM | Attr =	]
(InCDfs) InCD File System [File_System | Disabled | Running] -> %System32%\drivers\InCDfs.sys -> Nero AG [Ver = 5, 5, 1, 19 | Size = 112384 bytes | Modified Date = 2/12/2007 12:14:42 PM | Attr =	]
(InCDPass) InCDPass [Kernel | System | Running] -> %System32%\drivers\InCDPass.sys -> Nero AG [Ver = 5, 5, 1, 19 | Size = 31360 bytes | Modified Date = 2/12/2007 12:17:24 PM | Attr =	]
(incdrm) InCD Reader [Kernel | System | Running] -> %System32%\drivers\InCDRm.sys -> Nero AG [Ver = 5, 5, 1, 19 | Size = 33792 bytes | Modified Date = 2/12/2007 12:17:40 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(lusbaudio) Logitech USB Microphone [Kernel | System | Stopped] -> %System32%\drivers\LVSound2.sys -> Logitech Inc. [Ver = 6.0.0.1208 | Size = 33280 bytes | Modified Date = 9/24/2001 9:38:26 AM | Attr =	]
(LVBulk) LVBulk Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\LVBulk.sys -> Logitech Inc. [Ver = 6.0.0.1208 | Size = 10261 bytes | Modified Date = 9/24/2001 9:39:18 AM | Attr =	]
(LVVI500A) LVVI500A Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\lvvi500a.sys -> Tekom Technologies, Inc. [Ver = 5, 0, 2200, 157 | Size = 193574 bytes | Modified Date = 9/20/2001 3:39:44 AM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/5/2005 6:57:08 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 3:52:12 PM | Attr =	]
(NETw3x32) Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %System32%\drivers\NETw3x32.sys -> Intel® Corporation [Ver = 10, 5, 1, 72 | Size = 1711104 bytes | Modified Date = 10/17/2006 11:55:28 AM | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:56 AM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.27a | Size = 20576 bytes | Modified Date = 1/26/2005 4:03:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 3:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 3:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 3:52:18 PM | Attr =	]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 10.5.1.0   | Size = 12544 bytes | Modified Date = 10/19/2006 9:29:22 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 1:07:44 AM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 4:07:44 PM | Attr =	]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4898.0  nd380 cp1 | Size = 1099304 bytes | Modified Date = 1/9/2006 1:39:56 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 4:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 4:07:36 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 4:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 4:07:42 PM | Attr =	]
(tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> %System32%\drivers\TM_CFW.sys -> Trend Micro Inc. [Ver = 3.3.0.1018 | Size = 307984 bytes | Modified Date = 4/20/2007 6:44:58 PM | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 8/1/2007 4:47:26 PM | Attr =	]
(TmFilter) Trend Micro Filter [Kernel | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 202768 bytes | Modified Date = 9/17/2007 2:40:48 PM | Attr =	]
(TmPreFilter) Trend Micro PreFilter [Kernel | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 35856 bytes | Modified Date = 9/17/2007 2:40:44 PM | Attr =	]
(tosporte) Bluetooth Port Driver from Toshiba [Kernel | On_Demand | Running] -> %System32%\drivers\tosporte.sys -> TOSHIBA Corporation [Ver = 4.00.1813.0 | Size = 47488 bytes | Modified Date = 6/13/2006 12:29:28 PM | Attr =	]
(Tosrfbd) Bluetooth RFBUS from TOSHIBA [Kernel | On_Demand | Running] -> %System32%\drivers\TosRfbd.sys -> TOSHIBA CORPORATION [Ver = 4.0.1813.0 built by: WinDDK | Size = 111232 bytes | Modified Date = 6/13/2006 11:22:58 AM | Attr =	]
(Tosrfbnp) Bluetooth RFBNEP from TOSHIBA [Kernel | On_Demand | Running] -> %System32%\drivers\tosrfbnp.sys -> TOSHIBA Corporation [Ver = 4.0.1516.00 | Size = 37632 bytes | Modified Date = 3/16/2006 10:45:12 AM | Attr =	]
(Tosrfcom) Bluetooth RFCOMM from TOSHIBA [Kernel | System | Running] -> %System32%\drivers\tosrfcom.sys -> TOSHIBA Corporation [Ver = 1.02 | Size = 64896 bytes | Modified Date = 8/1/2005 11:45:08 PM | Attr =	]
(Tosrfhid) Bluetooth RFHID from TOSHIBA [Kernel | On_Demand | Running] -> %System32%\drivers\TosRfhid.sys -> TOSHIBA Corporation. [Ver = Version 4.00.1726.0 built by: WinDDK | Size = 60672 bytes | Modified Date = 5/29/2006 1:11:20 PM | Attr =	]
(tosrfnds) Bluetooth Personal Area Network from TOSHIBA [Kernel | On_Demand | Running] -> %System32%\drivers\tosrfnds.sys -> TOSHIBA Corporation. [Ver = Version 1.00.03 | Size = 18612 bytes | Modified Date = 1/6/2005 9:42:42 PM | Attr =	]
(Tosrfusb) Bluetooth USB Controller [Kernel | On_Demand | Running] -> %System32%\drivers\tosrfusb.sys -> TOSHIBA CORPORATION [Ver = 4, 0, 1809, 0 | Size = 40192 bytes | Modified Date = 6/9/2006 9:40:00 PM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 3:52:22 PM | Attr =	]
(VSApiNt) Trend Micro VSAPI NT [Kernel | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\vsapint.sys -> Trend Micro Inc. [Ver = 8.550-1001 | Size = 1126072 bytes | Modified Date = 9/17/2007 2:31:22 PM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 669696 bytes | Modified Date = 12/1/2005 9:40:08 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.155 | Size = 176128 bytes | Modified Date = 10/7/2005 8:13:38 AM | Attr = R  ]
Broadcom Wireless Manager UI -> %System32%\WLTRAY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 5:08:42 PM | Attr =	]
Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 8, 0 | Size = 1032192 bytes | Modified Date = 4/6/2006 4:58:52 PM | Attr =	]
DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =	]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 10:29:52 PM | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 2:41:10 AM | Attr =	]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/13/2005 11:41:08 AM | Attr =	]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/13/2005 11:45:00 AM | Attr =	]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Modified Date = 12/13/2005 11:44:18 AM | Attr =	]
InCD -> %ProgramFiles%\Nero\Nero 7\InCD\InCD.exe -> Nero AG [Ver = 5, 5, 1, 19 | Size = 1050112 bytes | Modified Date = 2/12/2007 12:19:46 PM | Attr =	]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 10/18/2006 5:58:16 PM | Attr =	]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 10/18/2006 6:04:28 PM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 6:50:42 PM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr =	]
LVCOMS -> %CommonProgramFiles%\Logitech\QCDriver\LVComS.exe -> Logitech Inc. [Ver = 6.0.0.1208 | Size = 98304 bytes | Modified Date = 9/24/2001 9:39:28 AM | Attr =	]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 3:40:44 PM | Attr =	]
OfficeScanNT Monitor -> %ProgramFiles%\Trend Micro\OfficeScan Client\PccNTMon.exe -> Trend Micro Inc. [Ver = 8.0.0.1004 | Size = 702072 bytes | Modified Date = 5/8/2007 12:43:06 AM | Attr =	]
SecurDisc -> %ProgramFiles%\Nero\Nero 7\InCD\NBHGui.exe -> Nero AG [Ver = 5, 5, 1, 19 | Size = 1620480 bytes | Modified Date = 2/12/2007 12:23:18 PM | Attr =	]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4898.0  nd380 cp1 | Size = 417792 bytes | Modified Date = 1/9/2006 1:33:24 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
SweetIM -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe -> MacroGaming LTD. [Ver = 2, 1, 0, 19 | Size = 103712 bytes | Modified Date = 8/12/2007 11:02:46 AM | Attr = R  ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 9/28/2007 6:58:53 PM | Attr =	]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 5:59:38 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ModemOnHold -> %ProgramFiles%\NetWaiting\netwaiting.exe ->  [Ver =  | Size = 20480 bytes | Modified Date = 9/10/2003 4:24:00 AM | Attr =	]
MsnMsgr -> ~"%ProgramFiles%\MSN Messenger\MsnMsgr.Exe -> File not found
SweetIM -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe -> MacroGaming LTD. [Ver = 2, 1, 0, 19 | Size = 103712 bytes | Modified Date = 8/12/2007 11:02:46 AM | Attr = R  ]
Yahoo! Pager -> ~"%ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> File not found
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 5:59:38 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003051500 | Size = 217193 bytes | Modified Date = 5/15/2003 1:19:50 AM | Attr =	]
%AllUsersStartup%\Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 4.00.5y18.US | Size = 1724416 bytes | Modified Date = 11/18/2005 7:46:00 PM | Attr =	]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 4:06:00 AM | Attr =	]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr =	]
< Student Startup Folder > -> C:\Documents and Settings\Student\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Modified Date = 12/13/2005 11:40:12 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [SweetIM For Internet Explorer] -> Macrogaming [Ver = 3, 0, 0, 21 | Size = 548992 bytes | Modified Date = 11/5/2006 4:44:46 PM | Attr = R  ]
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/6/2007 12:48:58 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> <local> -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/6/2007 12:48:58 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 5/15/2003 12:47:54 AM | Attr =	]
{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [SWEETIE Class] -> Macrogaming [Ver = 3, 0, 0, 21 | Size = 548992 bytes | Modified Date = 11/5/2006 4:44:46 PM | Attr = R  ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 11:33:52 PM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 9/28/2007 6:59:01 PM | Attr = R  ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] ->  [Ver =  | Size = 147456 bytes | Modified Date = 5/15/2003 1:03:46 AM | Attr =	]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 10/1/2007 12:34:04 PM | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] ->  [Ver =  | Size = 147456 bytes | Modified Date = 5/15/2003 1:03:46 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 9/28/2007 6:59:01 PM | Attr = R  ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] ->  [Ver =  | Size = 147456 bytes | Modified Date = 5/15/2003 1:03:46 AM | Attr =	]
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [SweetIM For Internet Explorer] -> Macrogaming [Ver = 3, 0, 0, 21 | Size = 548992 bytes | Modified Date = 11/5/2006 4:44:46 PM | Attr = R  ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/6/2007 12:48:58 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 9/28/2007 6:59:01 PM | Attr = R  ]
WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [SweetIM For Internet Explorer] -> Macrogaming [Ver = 3, 0, 0, 21 | Size = 548992 bytes | Modified Date = 11/5/2006 4:44:46 PM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 11:33:52 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
Extension\.csm -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.csml -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.cub -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.cube -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.dx -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.emb -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.embl -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.gau -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.jdx -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.mol -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.mop -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.pdb -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.rxn -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.scr -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.skc -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.spt -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.tgf -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
Extension\.xyz -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 1:24:58 PM | Attr =	]
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SIMBAR={DBF38B94-9AEB-46EA-8DE3-21F88AB7EE9C} ->  -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{027120A3-B9F5-43CC-BF01-52CDC8669F16} ->	() -> 
{22384B9F-11A8-406D-9E17-5D2A570C0C49} ->	(1394 Net Adapter) -> 
{2A6CD70B-E705-455C-A714-BC44B0476F42} ->	(1394 Net Adapter) -> 
{382D7133-0D9A-4520-A62B-E94EA11C93C3} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{5A330D1B-2A4E-40E5-ABA0-A5CE4215D839} ->	(1394 Net Adapter) -> 
{6DE8CF2B-2674-4E7C-9040-44151A7B1148} ->	() -> 
{787E1D5F-9244-4588-B079-F64A9F0DFA64} ->	() -> 
{7FBBAF7C-2472-4D10-82F3-7FBEE99371BA} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{B9B41720-787E-44FF-A75A-DC97935BA8C6} ->	(1394 Net Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUServer -> http://mubdc01 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUStatusServer -> http://mubdc01 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 4 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallDay -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallTime -> 16 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\UseWUServer -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RescheduleWaitTimeEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RescheduleWaitTime -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\DetectionFrequencyEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\DetectionFrequency -> 10 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AutoInstallMinorUpdates -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 294400 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1820 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\\MachineSid -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 3611 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\GPopAccount\GPopAccount.exe -> C:\GPopAccount\GPopAccount.exe [C:\GPopAccount\GPopAccount.exe:*:Enabled:GPopAccount] -> cmf [Ver = 3.02.0002 | Size = 98304 bytes | Modified Date = 6/1/2005 9:51:10 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 5:24:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 231000 bytes | Modified Date = 4/21/2006 12:13:30 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 40960 bytes | Modified Date = 4/20/2006 9:28:12 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 87640 bytes | Modified Date = 4/20/2006 11:43:46 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] ->  [Ver = 7.0.0.177 | Size = 192512 bytes | Modified Date = 2/17/2006 12:19:34 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 7.0.0.177 | Size = 1085440 bytes | Modified Date = 2/16/2006 10:49:52 PM | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 181848 bytes | Modified Date = 4/21/2006 12:06:26 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 7.0.0.175 | Size = 147511 bytes | Modified Date = 2/15/2006 10:37:26 AM | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 456280 bytes | Modified Date = 4/21/2006 12:13:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> Hewlett-Packard [Ver = 7.0.0.229 | Size = 110592 bytes | Modified Date = 2/9/2006 4:43:36 PM | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] ->   [Ver = 7.0.0.229 | Size = 573440 bytes | Modified Date = 2/9/2006 4:41:28 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.219.000 | Size = 63064 bytes | Modified Date = 4/20/2006 11:42:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 139264 bytes | Modified Date = 2/19/2006 5:29:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\STHIW\stInstall.exe -> D:\STHIW\stInstall.exe [D:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SIPSoft\SIPSoft.exe -> C:\Program Files\SIPSoft\SIPSoft.exe [C:\Program Files\SIPSoft\SIPSoft.exe:*:Enabled:SIPSoft] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 7:24:37 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iConnectHere Dialer\iCH.exe -> C:\Program Files\iConnectHere Dialer\iCH.exe [C:\Program Files\iConnectHere Dialer\iCH.exe:*:Enabled:VOIP Dialer] ->  [Ver = 7, 5, 0, 0 | Size = 1126400 bytes | Modified Date = 10/2/2007 3:38:50 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
autorun.inf -> %SystemDrive%\autorun.inf ->  [Ver =  | Size = 454 bytes | Created Date = 1/26/2008 3:05:41 PM | Attr = RHS]
autorun.PNF -> %SystemDrive%\autorun.PNF ->  [Ver =  | Size = 2584 bytes | Created Date = 2/1/2008 3:19:30 PM | Attr =	]
xo8wr9.exe -> %SystemDrive%\xo8wr9.exe ->  [Ver =  | Size = 105293 bytes | Created Date = 1/26/2008 3:05:41 PM | Attr = RHS]
ylr.exe -> %SystemDrive%\ylr.exe ->  [Ver =  | Size = 104734 bytes | Created Date = 1/29/2008 2:53:39 AM | Attr = RHS]
amvo2.dll -> %System32%\amvo2.dll ->  [Ver =  | Size = 54784 bytes | Created Date = 1/28/2008 5:00:54 PM | Attr = RHS]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/3/2008 9:03:50 PM | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 2/3/2008 9:03:50 PM | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/3/2008 9:03:50 PM | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 2/3/2008 9:03:50 PM | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Created Date = 1/28/2008 11:44:35 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 1/15/2008 3:28:39 PM | Attr =  H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Created Date = 1/28/2008 11:44:37 PM | Attr =	]
bleeping.xls -> %UserDocuments%\bleeping.xls ->  [Ver =  | Size = 13824 bytes | Created Date = 1/30/2008 5:17:12 AM | Attr =	]
My Documents.lnk -> %UserDocuments%\My Documents.lnk ->  [Ver =  | Size = 313 bytes | Created Date = 1/16/2008 12:39:41 PM | Attr =	]
MyProject.sonic -> %UserDocuments%\MyProject.sonic ->  [Ver =  | Size = 119 bytes | Created Date = 1/23/2008 3:58:14 PM | Attr =	]
tania;s problmem.doc -> %UserDocuments%\tania;s problmem.doc ->  [Ver =  | Size = 20480 bytes | Created Date = 1/23/2008 12:31:14 PM | Attr =	]
VIDEO_TS -> %UserDocuments%\VIDEO_TS ->  [Folder | Created Date = 1/8/2008 11:23:52 PM | Attr =	]
بببببببببببببببببببببببببببببببببببببببب.doc -> %UserDocuments%\بببببببببببببببببببببببببببببببببببببببب.doc ->  [Ver =  | Size = 19968 bytes | Created Date = 1/28/2008 1:04:20 AM | Attr =	]
59 - Kabhi (Apniisp.Com).mp3 -> %UserDesktop%\59 - Kabhi (Apniisp.Com).mp3 ->  [Ver =  | Size = 3520640 bytes | Created Date = 1/28/2008 7:30:35 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\59 - Kabhi (Apniisp.Com).mp3:Zone.Identifier
FINAL COMPUTER SCAN REPORT.html -> %UserDesktop%\FINAL COMPUTER SCAN REPORT.html ->  [Ver =  | Size = 58540 bytes | Created Date = 1/29/2008 2:05:43 AM | Attr =	]
Flash_Disinfector.exe -> %UserDesktop%\Flash_Disinfector.exe ->  [Ver =  | Size = 103641 bytes | Created Date = 1/29/2008 3:05:51 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Flash_Disinfector.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 1/29/2008 3:22:32 PM | Attr =	]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/29/2008 3:21:29 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
jre-6u3-windows-i586-p-s.exe -> %UserDesktop%\jre-6u3-windows-i586-p-s.exe ->  [Ver =  | Size = 14603672 bytes | Created Date = 2/3/2008 8:54:07 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u3-windows-i586-p-s.exe:Zone.Identifier
report 1 for criticle areas.html -> %UserDesktop%\report 1 for criticle areas.html ->  [Ver =  | Size = 22704 bytes | Created Date = 1/29/2008 12:19:26 AM | Attr =	]
report 2 my computer.html -> %UserDesktop%\report 2 my computer.html ->  [Ver =  | Size = 10546 bytes | Created Date = 1/29/2008 12:23:50 AM | Attr =	]
school stuff -> %UserDesktop%\school stuff ->  [Folder | Created Date = 1/23/2008 3:32:08 PM | Attr =	]
Season 1 -> %UserDesktop%\Season 1 ->  [Folder | Created Date = 1/23/2008 4:24:18 PM | Attr =	]
Season 2 -> %UserDesktop%\Season 2 ->  [Folder | Created Date = 1/29/2008 12:59:59 AM | Attr =	]
Serendipity.(2001t).avi -> %UserDesktop%\Serendipity.(2001t).avi ->  [Ver =  | Size = 723664896 bytes | Created Date = 1/24/2008 10:27:33 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2/3/2008 9:12:44 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478495 bytes | Created Date = 2/3/2008 9:10:04 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

[Files/Folders - Modified Within 30 days]
autorun.inf -> %SystemDrive%\autorun.inf ->  [Ver =  | Size = 454 bytes | Modified Date = 1/29/2008 3:07:52 AM | Attr = RHS]
autorun.PNF -> %SystemDrive%\autorun.PNF ->  [Ver =  | Size = 2584 bytes | Modified Date = 2/1/2008 3:19:32 PM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/3/2008 9:03:52 PM | Attr =  H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 526843904 bytes | Modified Date = 2/2/2008 10:04:13 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/3/2008 9:03:10 PM | Attr = R  ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/6/2008 12:59:11 PM | Attr =  H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/9/2008 6:27:09 AM | Attr =  H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/9/2008 9:42:59 AM | Attr =  H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/6/2008 12:59:11 PM | Attr =  H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/9/2008 6:27:09 AM | Attr =  H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/9/2008 9:42:59 AM | Attr =  H ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/2/2008 10:04:19 PM | Attr =	]
amvo2.dll -> %System32%\amvo2.dll ->  [Ver =  | Size = 54784 bytes | Modified Date = 1/29/2008 2:53:12 AM | Attr = RHS]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/2/2008 10:18:14 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Modified Date = 1/28/2008 11:44:35 PM | Attr =	]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 54614 bytes | Modified Date = 2/2/2008 10:09:09 PM | Attr =	]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 384930 bytes | Modified Date = 2/2/2008 10:09:09 PM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 445630 bytes | Modified Date = 2/2/2008 10:09:07 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/11/2008 4:52:50 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/2/2008 10:04:14 PM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2/2/2008 10:04:18 PM | Attr =  HS]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/28/2008 11:44:37 PM | Attr =   S]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/28/2008 11:44:35 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/3/2008 9:03:52 PM | Attr =  HS]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 1/24/2008 7:30:14 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 2/3/2008 5:58:55 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 1/15/2008 3:28:39 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/3/2008 9:14:06 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 1/26/2008 3:00:23 PM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2/3/2008 9:03:50 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/2/2008 11:50:32 PM | Attr =	]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job ->  [Ver =  | Size = 360 bytes | Modified Date = 2/3/2008 8:49:02 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/2/2008 10:04:18 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 114164 bytes | Modified Date = 2/2/2008 10:07:01 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 114164 bytes | Modified Date = 2/2/2008 10:07:01 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 9/18/2007 12:18:10 PM | Attr =	]
DivXInstaller.exe -> C:\Documents and Settings\Student\Local Settings\Temp\DivXInstaller.exe -> DivX, Inc. [Ver = 6.7.0.26 | Size = 6596712 bytes | Modified Date = 12/10/2007 9:13:20 PM | Attr =	]
jre-6u3-windows-i586-p-iftw_2cd32978.exe -> C:\Documents and Settings\Student\Local Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 382352 bytes | Modified Date = 9/26/2007 1:42:01 AM | Attr =	]
nircmd.exe -> C:\Documents and Settings\Student\Local Settings\Temp\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 26112 bytes | Modified Date = 7/24/2006 1:38:26 AM | Attr =	]
rbSolnUpdateENU.2.1.1.exe -> C:\Documents and Settings\Student\Local Settings\Temp\rbSolnUpdateENU.2.1.1.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 149504 bytes | Modified Date = 9/27/2007 8:48:05 PM | Attr =	]
rbSolnUpdateENU.2.5.0.exe -> C:\Documents and Settings\Student\Local Settings\Temp\rbSolnUpdateENU.2.5.0.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 201728 bytes | Modified Date = 1/25/2008 3:15:58 PM | Attr =	]
692 C:\Documents and Settings\Student\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Student\Local Settings\Temp\*.tmp -> 
5.dll -> C:\Documents and Settings\Student\Local Settings\Temp\5.dll ->  [Ver =  | Size = 30099 bytes | Modified Date = 1/29/2008 2:59:20 AM | Attr =  H ]
InfoWindow.dll -> C:\Documents and Settings\Student\Local Settings\Temp\InfoWindow.dll -> RealNetworks, Inc. [Ver = 6.0.0.11 | Size = 75080 bytes | Modified Date = 9/28/2007 6:39:30 PM | Attr =	]
qt-mt332.dll -> C:\Documents and Settings\Student\Local Settings\Temp\qt-mt332.dll ->  [Ver =  | Size = 4222976 bytes | Modified Date = 10/13/2004 7:09:24 PM | Attr =	]
rr.dll -> C:\Documents and Settings\Student\Local Settings\Temp\rr.dll ->  [Ver =  | Size = 30559 bytes | Modified Date = 1/29/2008 2:53:11 AM | Attr =  H ]
s2pg.dll -> C:\Documents and Settings\Student\Local Settings\Temp\s2pg.dll ->  [Ver =  | Size = 30331 bytes | Modified Date = 1/28/2008 5:00:31 PM | Attr =  H ]
vx4cdqn.dll -> C:\Documents and Settings\Student\Local Settings\Temp\vx4cdqn.dll ->  [Ver =  | Size = 31226 bytes | Modified Date = 1/26/2008 3:04:34 PM | Attr =	]
692 C:\Documents and Settings\Student\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Student\Local Settings\Temp\*.tmp -> 
ZDataI51.dll -> C:\Documents and Settings\Student\Local Settings\Temp\_ISTMP1.DIR\ZDataI51.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 12/21/2007 9:09:23 AM | Attr =	]
_WUTL951.DLL -> C:\Documents and Settings\Student\Local Settings\Temp\_ISTMP1.DIR\_WUTL951.DLL -> InstallShield Software Corporation [Ver = 5, 50, 132, 0 | Size = 46592 bytes | Modified Date = 12/21/2007 9:09:23 AM | Attr =	]
ywiseext.dll -> C:\Documents and Settings\Student\Local Settings\Temp\7521199\ywiseext.dll -> Yahoo! Inc. [Ver = 2007, 9, 17, 1 | Size = 106496 bytes | Modified Date = 9/17/2007 9:13:28 AM | Attr =	]
js3250.dll -> C:\Documents and Settings\Student\Local Settings\Temp\ff_temp\xpcom.ns\bin\js3250.dll -> Netscape Communications Corporation [Ver = 4.0 | Size = 413789 bytes | Modified Date = 8/8/2007 9:29:59 AM | Attr =	]
nspr4.dll -> C:\Documents and Settings\Student\Local Settings\Temp\ff_temp\xpcom.ns\bin\nspr4.dll -> Netscape Communications Corporation [Ver = 4.6.1 | Size = 155748 bytes | Modified Date = 8/8/2007 9:29:59 AM | Attr =	]
plc4.dll -> C:\Documents and Settings\Student\Local Settings\Temp\ff_temp\xpcom.ns\bin\plc4.dll -> Netscape Communications Corporation [Ver = 4.6.1 | Size = 28777 bytes | Modified Date = 8/8/2007 9:29:59 AM | Attr =	]
plds4.dll -> C:\Documents and Settings\Student\Local Settings\Temp\ff_temp\xpcom.ns\bin\plds4.dll -> Netscape Communications Corporation [Ver = 4.6.1 | Size = 24676 bytes | Modified Date = 8/8/2007 9:29:59 AM | Attr =	]
xpcom_compat.dll -> C:\Documents and Settings\Student\Local Settings\Temp\ff_temp\xpcom.ns\bin\xpcom_compat.dll -> Mozilla Foundation [Ver = 1.8: 2005111116 | Size = 68203 bytes | Modified Date = 8/8/2007 9:29:59 AM | Attr =	]
xpcom_core.dll -> C:\Documents and Settings\Student\Local Settings\Temp\ff_temp\xpcom.ns\bin\xpcom_core.dll -> Mozilla Foundation [Ver = 1.8: 2005111116 | Size = 401510 bytes | Modified Date = 8/8/2007 9:29:59 AM | Attr =	]
jar50.dll -> C:\Documents and Settings\Student\Local Settings\Temp\ff_temp\xpcom.ns\bin\components\jar50.dll -> Mozilla Foundation [Ver = 1.8: 2005111116 | Size = 60516 bytes | Modified Date = 8/8/2007 9:29:59 AM | Attr =	]
xpinstal.dll -> C:\Documents and Settings\Student\Local Settings\Temp\ff_temp\xpcom.ns\bin\components\xpinstal.dll -> Mozilla Foundation [Ver = 1.8: 2005111116 | Size = 165990 bytes | Modified Date = 8/8/2007 9:29:59 AM | Attr =	]
index.dat -> C:\Documents and Settings\Student\Local Settings\Temp\Cookies\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 12/3/2007 11:33:53 AM | Attr =  HS]
index.dat -> C:\Documents and Settings\Student\Local Settings\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 65536 bytes | Modified Date = 12/3/2007 11:28:50 AM | Attr =  HS]
index.dat -> C:\Documents and Settings\Student\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 376832 bytes | Modified Date = 12/3/2007 12:35:43 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Student\Local Settings\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 145 bytes | Modified Date = 12/2/2007 7:30:35 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Student\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/2/2007 7:30:35 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Student\Local Settings\Temp\Temporary Internet Files\Content.IE5\1GIYCJMC\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/2/2007 7:30:35 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Student\Local Settings\Temp\Temporary Internet Files\Content.IE5\BOGVBSCV\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/2/2007 7:30:35 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Student\Local Settings\Temp\Temporary Internet Files\Content.IE5\BTNZJZ77\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/2/2007 7:30:35 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Student\Local Settings\Temp\Temporary Internet Files\Content.IE5\SKF3R0YA\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/2/2007 7:30:35 PM | Attr =  HS]
FFF00B.EXE -> C:\WINDOWS\Temp\FFF00B.EXE -> Trend Micro Inc. [Ver = 8.0.0.1004 | Size = 300656 bytes | Modified Date = 5/8/2007 12:43:40 AM | Attr =	]
InstHelper.dll -> C:\WINDOWS\Temp\InstHelper.dll -> Logitech Inc. [Ver = 1.0.0.0 | Size = 49152 bytes | Modified Date = 12/21/2007 9:07:03 AM | Attr =	]
Perflib_Perfdata_1028.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1028.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/23/2008 4:07:28 PM | Attr =	]
Perflib_Perfdata_1178.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1178.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/21/2007 9:14:49 AM | Attr =	]
Perflib_Perfdata_1428.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1428.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/2/2008 10:15:23 AM | Attr =	]
Perflib_Perfdata_158.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_158.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/4/2007 9:07:31 AM | Attr =	]
Perflib_Perfdata_450.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_450.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/2/2008 10:06:58 PM | Attr =	]
Perflib_Perfdata_4f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4f4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/12/2007 10:34:26 AM | Attr =	]
Perflib_Perfdata_818.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_818.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/4/2008 1:00:21 PM | Attr =	]
Perflib_Perfdata_b28.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b28.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/29/2008 3:04:59 PM | Attr =	]
Perflib_Perfdata_b94.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b94.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/12/2008 6:47:28 AM | Attr =	]
Perflib_Perfdata_bec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bec.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/29/2007 4:14:41 PM | Attr =	]
Perflib_Perfdata_e9c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_e9c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/27/2008 8:00:59 PM | Attr =	]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/31/2007 3:50:57 PM | Attr =	]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/31/2007 3:50:57 PM | Attr =	]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/31/2007 3:50:57 PM | Attr =	]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 7/31/2007 3:50:57 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/31/2007 3:50:57 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6DDNR6TN\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/31/2007 3:50:57 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\F2S9KLO6\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/31/2007 3:50:57 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ILW7QRYF\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/31/2007 3:50:57 PM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\XQEMVGP9\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 7/31/2007 3:50:57 PM | Attr =  HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Modified Date = 1/28/2008 11:44:37 PM | Attr =	]
AdobeUM -> %UserAppData%\AdobeUM ->  [Folder | Modified Date = 1/23/2008 2:35:54 PM | Attr =	]
U3 -> %UserAppData%\U3 ->  [Folder | Modified Date = 1/29/2008 3:24:20 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/3/2008 3:00:04 AM | Attr =	]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 2/1/2008 3:33:17 PM | Attr =	]
bleeping.xls -> %UserDocuments%\bleeping.xls ->  [Ver =  | Size = 13824 bytes | Modified Date = 1/30/2008 5:17:12 AM | Attr =	]
Book1.xls -> %UserDocuments%\Book1.xls ->  [Ver =  | Size = 13824 bytes | Modified Date = 1/19/2008 3:07:19 AM | Attr =	]
My Documents.lnk -> %UserDocuments%\My Documents.lnk ->  [Ver =  | Size = 313 bytes | Modified Date = 1/16/2008 12:39:41 PM | Attr =	]
My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Modified Date = 2/3/2008 1:07:39 AM | Attr =	]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk ->  [Ver =  | Size = 612 bytes | Modified Date = 2/3/2008 6:34:18 PM | Attr =	]
MyProject.sonic -> %UserDocuments%\MyProject.sonic ->  [Ver =  | Size = 119 bytes | Modified Date = 1/23/2008 3:58:14 PM | Attr =	]
tania;s problmem.doc -> %UserDocuments%\tania;s problmem.doc ->  [Ver =  | Size = 20480 bytes | Modified Date = 1/23/2008 12:31:15 PM | Attr =	]
VIDEO_TS -> %UserDocuments%\VIDEO_TS ->  [Folder | Modified Date = 1/8/2008 11:23:56 PM | Attr =	]
بببببببببببببببببببببببببببببببببببببببب.doc -> %UserDocuments%\بببببببببببببببببببببببببببببببببببببببب.doc ->  [Ver =  | Size = 19968 bytes | Modified Date = 1/28/2008 1:04:21 AM | Attr =	]
59 - Kabhi (Apniisp.Com).mp3 -> %UserDesktop%\59 - Kabhi (Apniisp.Com).mp3 ->  [Ver =  | Size = 3520640 bytes | Modified Date = 1/28/2008 7:30:35 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\59 - Kabhi (Apniisp.Com).mp3:Zone.Identifier
FINAL COMPUTER SCAN REPORT.html -> %UserDesktop%\FINAL COMPUTER SCAN REPORT.html ->  [Ver =  | Size = 58540 bytes | Modified Date = 1/29/2008 2:05:46 AM | Attr =	]
Flash_Disinfector.exe -> %UserDesktop%\Flash_Disinfector.exe ->  [Ver =  | Size = 103641 bytes | Modified Date = 1/29/2008 3:05:53 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Flash_Disinfector.exe:Zone.Identifier
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 1/29/2008 3:22:32 PM | Attr =	]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/29/2008 3:21:29 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
jre-6u3-windows-i586-p-s.exe -> %UserDesktop%\jre-6u3-windows-i586-p-s.exe ->  [Ver =  | Size = 14603672 bytes | Modified Date = 2/3/2008 8:54:09 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u3-windows-i586-p-s.exe:Zone.Identifier
Microsoft Office Excel 2003 (2).lnk -> %UserDesktop%\Microsoft Office Excel 2003 (2).lnk ->  [Ver =  | Size = 2495 bytes | Modified Date = 1/30/2008 5:16:55 AM | Attr =	]
picz chozen -> %UserDesktop%\picz chozen ->  [Folder | Modified Date = 1/23/2008 3:36:51 PM | Attr =	]
report 1 for criticle areas.html -> %UserDesktop%\report 1 for criticle areas.html ->  [Ver =  | Size = 22704 bytes | Modified Date = 1/29/2008 12:19:27 AM | Attr =	]
report 2 my computer.html -> %UserDesktop%\report 2 my computer.html ->  [Ver =  | Size = 10546 bytes | Modified Date = 1/29/2008 12:23:50 AM | Attr =	]
school stuff -> %UserDesktop%\school stuff ->  [Folder | Modified Date = 1/23/2008 3:43:56 PM | Attr =	]
Season 1 -> %UserDesktop%\Season 1 ->  [Folder | Modified Date = 1/23/2008 4:33:07 PM | Attr =	]
Season 2 -> %UserDesktop%\Season 2 ->  [Folder | Modified Date = 1/29/2008 1:09:16 AM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2/3/2008 9:12:44 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478495 bytes | Modified Date = 2/3/2008 9:10:04 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

< End of report >


#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:23 PM

Posted 03 February 2008 - 03:19 PM

Hi iqra. Those files are part of some online game that is being played. Kapersky does not say what they do or why they are flagging them, just that they consider them as bad. They can be removed, the hard drive can even be formatted. They will come back as soon as the game is played again.

Ok, let's get started. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Files/Folders - Created Within 30 days]
NY -> autorun.inf -> %SystemDrive%\autorun.inf
NY -> autorun.PNF -> %SystemDrive%\autorun.PNF
NY -> xo8wr9.exe -> %SystemDrive%\xo8wr9.exe
NY -> ylr.exe -> %SystemDrive%\ylr.exe
NY -> amvo2.dll -> %System32%\amvo2.dll
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> بببببببببببببببببببببببببببببببببببببببب.doc -> %UserDocuments%\بببببببببببببببببببببببببببببببببببببببب.doc
[Files/Folders - Modified Within 30 days]
NY -> autorun.inf -> %SystemDrive%\autorun.inf
NY -> autorun.PNF -> %SystemDrive%\autorun.PNF
NY -> amvo2.dll -> %System32%\amvo2.dll
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> بببببببببببببببببببببببببببببببببببببببب.doc -> %UserDocuments%\بببببببببببببببببببببببببببببببببببببببب.doc
[Empty Temp Folders]
[Start Explorer]

Note: I wasn't sure about this file: %UserDocuments%\بببببببببببببببببببببببببببببببببببببببب.doc. It will be in your My Documents folder. It was created at the same time all the rest of these files were created so it is suspicious. If you know it to be valid then you can remove it from the list before starting the fix. Otherwise, leave it in.

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report (select None for all of the groups except Files Created Within and Files Modified Within).
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 iqra

iqra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 03 February 2008 - 03:39 PM

hey OT,
when i click and try to go to download the superantispyware it gives me an error saying gateway timeout error....and saying that the server is unreachable.... :thumbsup:
is this something to do with the virus?...what should i do then
and also...whatdo u mean when u said there is some online game being played...do u mean like as if i am playing an online game?? cos i am not!!
iqra

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:23 PM

Posted 03 February 2008 - 03:44 PM

Hi iqra. It could be the virus. Try this direct download: http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Yes, it does come from some online game. It could also possiblt be an infected site that includes online games. Kapersky does not offer much information as to where comes from or why it is considered bad. Just that Kapersky does consider it as a threat.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 iqra

iqra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 03 February 2008 - 03:51 PM

hey is it ok if i down the SUPERAntiSpyware Free Edition 3.9.1008 from download.com??

#12 iqra

iqra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 03 February 2008 - 03:57 PM

the direct link is giving me the same error...so can i download using the download.com...
here is the link to that http://www.download.com/SUPERAntiSpyware-F...4-10523889.html

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:23 PM

Posted 03 February 2008 - 06:25 PM

Hi iqra. Sure, give it a try and see what happens.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 iqra

iqra
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 04 February 2008 - 09:17 AM

hi OT,
i did all u asekd for....here it is
I also wanted to tell u that my trend micro office scanner keeps on popping up and saying that i am infected with all these viruses and worms stuff...so next time that happens i will copy and post the names that it picks up..
thankx alot for ur time..

here are the reports..
1)WinPFind35U report

WinPFind35 logfile created on: 2/4/2008 5:02:14 PM
WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Student\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
502.37 Mb Total Physical Memory | 72.74 Mb Available Physical Memory | 14.48% Memory free
1.20 Gb Paging File | 0.67 Gb Available in Paging File | 55.91% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 52.86 Gb Free Space | 47.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MUBSTU396
Current User Name: Student
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user



[Files/Folders - Created Within 30 days]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/3/2008 9:03:50 PM | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 2/3/2008 9:03:50 PM | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/3/2008 9:03:50 PM | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 2/3/2008 9:03:50 PM | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Created Date = 1/28/2008 11:44:35 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 1/15/2008 3:28:39 PM | Attr =  H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/4/2008 3:23:51 PM | Attr =  H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 526843904 bytes | Modified Date = 2/4/2008 4:53:10 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/4/2008 3:23:46 PM | Attr = R  ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/6/2008 12:59:11 PM | Attr =  H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/9/2008 6:27:09 AM | Attr =  H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/9/2008 9:42:59 AM | Attr =  H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/6/2008 12:59:11 PM | Attr =  H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/9/2008 6:27:09 AM | Attr =  H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/9/2008 9:42:59 AM | Attr =  H ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/4/2008 4:53:16 PM | Attr =	]
appmgmt -> %System32%\appmgmt ->  [Folder | Modified Date = 2/3/2008 8:58:36 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/4/2008 3:55:31 PM | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Modified Date = 1/28/2008 11:44:35 PM | Attr =	]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 54614 bytes | Modified Date = 2/4/2008 4:57:20 PM | Attr =	]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 384930 bytes | Modified Date = 2/4/2008 4:57:20 PM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 445630 bytes | Modified Date = 2/4/2008 4:57:20 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/11/2008 4:52:50 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/4/2008 4:53:10 PM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2/2/2008 10:04:18 PM | Attr =  HS]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/28/2008 11:44:37 PM | Attr =   S]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/28/2008 11:44:35 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/4/2008 3:23:51 PM | Attr =  HS]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 1/24/2008 7:30:14 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 2/3/2008 5:58:55 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 1/15/2008 3:28:39 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/4/2008 4:54:25 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 1/26/2008 3:00:23 PM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2/4/2008 4:57:20 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/4/2008 4:55:37 PM | Attr =	]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job ->  [Ver =  | Size = 360 bytes | Modified Date = 2/4/2008 4:49:07 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/4/2008 4:53:14 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 114164 bytes | Modified Date = 2/4/2008 4:55:45 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 114164 bytes | Modified Date = 2/4/2008 4:55:44 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 9/18/2007 12:18:10 PM | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\Student\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr =	]
9 C:\Documents and Settings\Student\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Student\Local Settings\Temp\*.tmp -> 
NOBE2E.EXE -> C:\WINDOWS\Temp\NOBE2E.EXE -> Trend Micro Inc. [Ver = 8.0.0.1004 | Size = 300656 bytes | Modified Date = 5/8/2007 12:43:40 AM | Attr =	]
Perflib_Perfdata_520.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_520.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/4/2008 4:55:37 PM | Attr =	]

< End of report >


2)SUPERAntiSpyware report
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/04/2008 at 04:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 01:02:38

Memory items scanned : 612
Memory threats detected : 0
Registry items scanned : 6352
Registry threats detected : 0
File items scanned : 56605
File threats detected : 32

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@ad.yieldmanager[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@adbrite[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@adrevolver[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@ads.adbrite[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@ads.ak.facebook[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@ads.pointroll[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@advertising[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@atdmt[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@clickbank[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@doubleclick[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@eas.apm.emediate[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@fastclick[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@hitbox[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@imrworldwide[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@linksynergy[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@media.adrevolver[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@media.adrevolver[3].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@msnportal.112.2o7[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@overture[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@pro-market[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@questionmarket[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@revsci[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@rocku.adbureau[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@rotator.adjuggler[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@statcounter[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@tacoda[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@tribalfusion[2].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@usatoday1.112.2o7[1].txt
C:\Documents and Settings\ish070208\Cookies\ish070208@www.googleadservices[1].txt

3)latest .log file


Explorer killed successfully
[Files/Folders - Created Within 30 days]
C:\autorun.inf moved successfully.
C:\autorun.PNF moved successfully.
File C:\xo8wr9.exe not found!
File C:\ylr.exe not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\amvo2.dll
C:\WINDOWS\System32\amvo2.dll NOT unregistered.
C:\WINDOWS\System32\amvo2.dll moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\Student\My Documents\بببببببببببببببببببببببببببببببببببببببب.doc moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\autorun.inf not found!
File C:\autorun.PNF not found!
File C:\WINDOWS\System32\amvo2.dll not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\Student\My Documents\بببببببببببببببببببببببببببببببببببببببب.doc not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Student\Local Settings\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Student\Local Settings\Temp\~DF6A4E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\FFF00B.EXE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_450.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta42 fix logfile created on 02042008_153447

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:23 PM

Posted 04 February 2008 - 09:50 AM

Hi iqra. That all looks fine. As for Trend, run a full scan with it and post to report back here. I'll hve a look.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users