Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Last Ditch Effort Before Reformatting.


  • Please log in to reply
15 replies to this topic

#1 kaypee

kaypee

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 29 January 2008 - 04:10 PM

Hello and thank you for clicking on my post! I have a Dell Dimension XPS Gen2, 3.4 ghz p4, 2 gigs of sdram, 128 mb ati radeon 9800 pro, sound blaster audigy 2, and 120gig hard drive. I have recently experienced an enormous slowdown in applications, and an increase in the number of processes in the task manager. All this came about after my exgirlfriend decided to install something so she could watch some videos. I managed to remove the pop ups with simple adaware and superantispyware free edition, however, my system doesn't run as fast as it did before all these issues! I would like some great advice on cleaning up my processes so I can focus on one application. Your help is greatly appreciated, and I truly appreciate the hard work you guys and gals do here. Here's my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:49 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: titanshield.lnk = C:\Program Files\TitanShield Antispyware\titanshield.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Samurai Chong\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab51411.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

--
End of file - 10115 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:30 AM

Posted 04 February 2008 - 11:12 AM

Hello kaypee and welcome to the BC HijackThis forum. Let's take a closer look and see what we find.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 kaypee

kaypee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 04 February 2008 - 08:52 PM

WinPFind35 logfile created on: 2/4/2008 5:50:52 PM

WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Samurai Chong\Desktop\WinPFind35u

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

 

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.45% Memory free

3.85 Gb Paging File | 3.52 Gb Available in Paging File | 91.42% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.72 Gb Total Space | 49.14 Gb Free Space | 43.99% Space Free | Partition Type: NTFS

Unable to calculate disk information.

E: Drive not present or media not loaded

F: Drive not present or media not loaded



Computer Name: RACHEL

Current User Name: Samurai Chong

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user





[Processes - Non-Microsoft Only]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 3/22/2005 6:55:00 PM | Attr =	]

lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.14 | Size = 303104 bytes | Modified Date = 2/17/2003 2:00:44 PM | Attr =	]

lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.14 | Size = 174592 bytes | Modified Date = 2/17/2003 2:00:44 PM | Attr =	]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 3/22/2005 6:55:00 PM | Attr =	]

iaanotif.exe -> %ProgramFiles%\Intel\Intel Application Accelerator\IAAnotif.exe -> Intel [Ver = 1, 0, 0, 2653 | Size = 126976 bytes | Modified Date = 9/14/2003 9:00:00 PM | Attr =	]

atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 3/22/2005 8:05:00 PM | Attr =	]

ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 6:18:24 AM | Attr =	]

ctdvddet.exe -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/29/2002 10:00:00 PM | Attr =	]

cthelper.exe -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 0, 11 | Size = 28672 bytes | Modified Date = 2/20/2003 1:45:40 PM | Attr =	]

dsentry.exe -> %System32%\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 7:27:40 AM | Attr =	]

pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826  | Size = 204800 bytes | Modified Date = 8/26/2003 4:47:34 PM | Attr =	]

shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 7.0.0.511 | Size = 90182 bytes | Modified Date = 3/6/2003 6:00:00 AM | Attr =	]

updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.0.0.595 | Size = 139347 bytes | Modified Date = 2/25/2003 2:00:00 AM | Attr =	]

dlbabmgr.exe -> %ProgramFiles%\Dell AIO Printer A940\dlbabmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 86102 bytes | Modified Date = 2/17/2003 2:00:36 PM | Attr =	]

realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 9/10/2004 7:22:54 PM | Attr =	]

dlbabmon.exe -> %ProgramFiles%\Dell AIO Printer A940\dlbabmon.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 73806 bytes | Modified Date = 2/17/2003 2:00:36 PM | Attr =	]

ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 10:01:00 PM | Attr =	]

ewidoctrl.exe -> %ProgramFiles%\ewido anti-malware\ewidoctrl.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 13888 bytes | Modified Date = 11/30/2005 1:47:52 AM | Attr =	]

iaantmon.exe -> %ProgramFiles%\Intel\Intel Application Accelerator\IAANTmon.exe -> Intel [Ver = 1, 0, 0, 2568 | Size = 73838 bytes | Modified Date = 9/14/2003 9:00:00 PM | Attr =	]

frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.0.0.595 | Size = 106586 bytes | Modified Date = 2/25/2003 2:00:00 AM | Attr =	]

mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 7.0.0.237 | Size = 233595 bytes | Modified Date = 3/6/2003 6:00:00 AM | Attr =	]

vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 7.0.0.511 | Size = 127050 bytes | Modified Date = 3/6/2003 6:00:00 AM | Attr =	]

naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> Network Associates, Inc. [Ver = 3.0.0.595 | Size = 127058 bytes | Modified Date = 2/25/2003 2:00:00 AM | Attr =	]

winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 12:38:16 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 3/22/2005 6:55:00 PM | Attr =	]

(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe ->  [Ver = 5.13.0023 | Size = 516096 bytes | Modified Date = 3/22/2005 8:05:00 PM | Attr =	]

(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 10:01:00 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr =	]

(ewido security suite control) ewido security suite control [Win32_Own | Auto | Running] -> %ProgramFiles%\ewido anti-malware\ewidoctrl.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 13888 bytes | Modified Date = 11/30/2005 1:47:52 AM | Attr =	]

(ewido security suite guard) ewido security suite guard [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\ewido anti-malware\ewidoguard.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 151616 bytes | Modified Date = 12/18/2005 9:41:34 AM | Attr =	]

(IAANTMon) IAA Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Application Accelerator\IAANTmon.exe -> Intel [Ver = 1, 0, 0, 2568 | Size = 73838 bytes | Modified Date = 9/14/2003 9:00:00 PM | Attr =	]

(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.14 | Size = 303104 bytes | Modified Date = 2/17/2003 2:00:44 PM | Attr =	]

(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.0.0.595 | Size = 106586 bytes | Modified Date = 2/25/2003 2:00:00 AM | Attr =	]

(McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 7.0.0.237 | Size = 233595 bytes | Modified Date = 3/6/2003 6:00:00 AM | Attr =	]

(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 7.0.0.511 | Size = 127050 bytes | Modified Date = 3/6/2003 6:00:00 AM | Attr =	]

(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 10:33:40 AM | Attr =	]

(npkcsvc) npkcsvc [Win32_Own | Auto | Stopped] -> %System32%\npkcsvc.exe -> INCA Internet Co., Ltd. [Ver = 2004.1.10.1 | Size = 172544 bytes | Modified Date = 3/31/2004 5:55:24 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 10:51:56 AM | Attr =	]

(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 10:07:42 PM | Attr =	]

(asc) asc [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 10:52:00 AM | Attr =	]

(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 10:51:58 AM | Attr =	]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6525 | Size = 1034752 bytes | Modified Date = 3/22/2005 7:00:57 PM | Attr =	]

(ATITool) ATITool Overclocking Utility [Kernel | System | Running] -> %System32%\DRIVERS\ATITool.sys ->  [Ver = 1.30 | Size = 24064 bytes | Modified Date = 11/10/2006 5:08:50 AM | Attr =	]

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 10:51:54 AM | Attr =	]

(ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.0324-1.50.1020 | Size = 135040 bytes | Modified Date = 2/20/2003 1:22:38 PM | Attr =	]

(ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0328-1.50.1050 | Size = 498688 bytes | Modified Date = 3/26/2003 12:33:58 PM | Attr =	]

(ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ctdvda2k.sys -> Creative Technology Ltd [Ver = 5.13.01.0351-1.56.0010 | Size = 287920 bytes | Modified Date = 3/27/2003 7:58:56 AM | Attr =	]

(ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0323-1.50.1020 | Size = 6144 bytes | Modified Date = 2/20/2003 1:24:18 PM | Attr =	]

(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0324-1.50.1020 | Size = 135248 bytes | Modified Date = 2/20/2003 1:24:34 PM | Attr =	]

(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 10:52:16 AM | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 10:07:17 PM | Attr =	]

(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 10:07:16 PM | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 2:00:00 AM | Attr =	]

(E1000) Intel(R) PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\e1000325.sys -> Intel Corporation [Ver = 7.0.34.2 built by: WinDDK | Size = 121856 bytes | Modified Date = 7/11/2003 7:58:42 AM | Attr =	]

(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 9:11:06 AM | Attr =	]

(emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0324-1.50.1020 | Size = 116000 bytes | Modified Date = 2/20/2003 1:24:46 PM | Attr =	]

(ewido security suite driver) ewido security suite driver [Kernel | System | Running] -> %ProgramFiles%\ewido anti-malware\guard.sys ->  [Ver =  | Size = 3072 bytes | Modified Date = 12/30/2005 3:12:18 AM | Attr =	]

(ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ha10kx2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0329-1.50.1040 | Size = 823616 bytes | Modified Date = 3/26/2003 12:31:40 PM | Attr =	]

(hap16v2k) Creative P16V HAL Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\hap16v2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0328-1.50.1030 | Size = 141536 bytes | Modified Date = 3/26/2003 12:32:02 PM | Attr =	]

(i81x) i81x [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 161020 bytes | Modified Date = 8/3/2004 9:29:36 PM | Attr =	]

(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12415 bytes | Modified Date = 8/3/2004 9:29:37 PM | Attr =	]

(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12127 bytes | Modified Date = 8/3/2004 9:29:37 PM | Attr =	]

(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11775 bytes | Modified Date = 8/3/2004 9:29:37 PM | Attr =	]

(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12063 bytes | Modified Date = 8/3/2004 9:29:47 PM | Attr =	]

(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19455 bytes | Modified Date = 8/3/2004 9:29:49 PM | Attr =	]

(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 29311 bytes | Modified Date = 8/3/2004 9:29:41 PM | Attr =	]

(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19551 bytes | Modified Date = 8/3/2004 9:29:42 PM | Attr =	]

(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found

(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 33599 bytes | Modified Date = 8/3/2004 9:29:43 PM | Attr =	]

(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 23615 bytes | Modified Date = 8/3/2004 9:29:45 PM | Attr =	]

(iaStor) Intel Integrated RAID [Kernel | Boot | Running] -> %System32%\DRIVERS\IASTOR.SYS -> Intel Corporation [Ver = 3.5.0.2568, 06/17/2003 | Size = 274816 bytes | Modified Date = 7/2/2003 9:00:00 PM | Attr =	]

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 10:52:12 AM | Attr =	]

(NaiAvFilter1) NaiAvFilter1 [File_System | On_Demand | Running] -> %System32%\DRIVERS\naiavf5x.sys -> Network Associates, Inc. [Ver = 7.0.0.230 | Size = 84448 bytes | Modified Date = 3/6/2003 6:00:00 AM | Attr =	]

(npkcrypt) npkcrypt [Kernel | Auto | Running] -> %ProgramFiles%\NEXON\MapleStory\npkcrypt.sys -> INCA Internet Co., Ltd. [Ver = 2006. 11. 20. 1 | Size = 23217 bytes | Modified Date = 11/20/2006 9:40:28 AM | Attr = R  ]

(NPPTNT) NPPTNT [Kernel | System | Running] -> %System32%\npptNT.sys -> INCA Internet Co., Ltd. [Ver = 2003, 7, 22, 1 | Size = 4608 bytes | Modified Date = 7/21/2003 10:14:04 PM | Attr =	]

(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 9:29:54 PM | Attr =	]

(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 10:45:06 AM | Attr =	]

(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.0326-1.50.1040 | Size = 189504 bytes | Modified Date = 3/26/2003 12:32:32 PM | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\DRIVERS\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 200 | Size = 14604 bytes | Modified Date = 8/11/2003 9:07:46 AM | Attr =	]

(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\DRIVERS\pfmodnt.sys -> Creative Technology Ltd. [Ver = 3.0.0.3 | Size = 15840 bytes | Modified Date = 3/6/2003 6:10:34 AM | Attr =	]

(PNRHAIDN) PNRHAIDN [Kernel | Auto | Stopped] -> %System32%\pnrhaidn.eln -> File not found

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 2:00:00 AM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 10:52:20 AM | Attr =	]

(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 10:52:20 AM | Attr =	]

(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 10:52:18 AM | Attr =	]

(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr =	]

(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R  ]

(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr =	]

(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:53 AM | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 10:07:42 PM | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 11:07:44 AM | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 11:07:34 AM | Attr =	]

(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 11:07:36 AM | Attr =	]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 11:07:40 AM | Attr =	]

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 11:07:42 AM | Attr =	]

(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 10:52:22 AM | Attr =	]

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(XDva032) XDva032 [Kernel | On_Demand | Stopped] -> %System32%\XDva032.sys -> File not found



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 3/22/2005 8:05:00 PM | Attr =	]

CTDVDDet -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/29/2002 10:00:00 PM | Attr =	]

CTHelper -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 0, 11 | Size = 28672 bytes | Modified Date = 2/20/2003 1:45:40 PM | Attr =	]

CTSysVol -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 6:18:24 AM | Attr =	]

Dell AIO Printer A940 -> %ProgramFiles%\Dell AIO Printer A940\dlbabmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 86102 bytes | Modified Date = 2/17/2003 2:00:36 PM | Attr =	]

DVDSentry -> %System32%\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 7:27:40 AM | Attr =	]

IAAnotif -> %ProgramFiles%\Intel\Intel Application Accelerator\IAAnotif.exe -> Intel [Ver = 1, 0, 0, 2653 | Size = 126976 bytes | Modified Date = 9/14/2003 9:00:00 PM | Attr =	]

McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.0.0.595 | Size = 139347 bytes | Modified Date = 2/25/2003 2:00:00 AM | Attr =	]

Music Alarm Clock ->  -> File not found

PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826  | Size = 204800 bytes | Modified Date = 8/26/2003 4:47:34 PM | Attr =	]

PRONoMgr.exe -> %ProgramFiles%\Intel\NCS\PROSet\PRONoMgr.exe -> Intel(R) Corporation [Ver = 6.2.35.0 | Size = 86016 bytes | Modified Date = 3/11/2003 1:24:40 PM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 5/26/2004 7:41:34 PM | Attr =	]

ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 7.0.0.511 | Size = 90182 bytes | Modified Date = 3/6/2003 6:00:00 AM | Attr =	]

TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 9/10/2004 7:22:54 PM | Attr =	]

UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/10/2000 10:00:00 PM | Attr =	]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]

Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.EXE -> File not found

Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,239 | Size = 4670968 bytes | Modified Date = 1/19/2007 12:49:28 PM | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

< Samurai Chong Startup Folder > -> C:\Documents and Settings\Samurai Chong\Start Menu\Programs\Startup -> 

%UserStartup%\titanshield.lnk -> %ProgramFiles%\TitanShield Antispyware\titanshield.exe -> File not found

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{54D9498B-CF93-414F-8984-8CE7FDE0D391} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ewido anti-malware\shellhook.dll [ewido shell guard] ->  [Ver =  | Size = 39488 bytes | Modified Date = 9/30/2004 4:21:56 AM | Attr =	]

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]

AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 46080 bytes | Modified Date = 3/22/2005 6:56:11 PM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> www.google.com -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 1:17:44 PM | Attr =	]

{549B5CA7-4A86-11D7-A4DF-000874180BB3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %System32%\msjava.dll [Sun Java Console] -> File not found

{d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec -> %SystemDrive%\Documents and Settings\Samurai Chong\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found

{F4430FE8-2638-42e5-B849-800749B94EED}:Exec -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [PartyPoker.net] ->  [Ver = 1, 0, 0, 2 | Size = 110592 bytes | Modified Date = 11/7/2006 11:51:44 AM | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %System32%\msjava.dll [Web Browser Applet Control] -> File not found

CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [PartyPoker.net] ->  [Ver = 1, 0, 0, 2 | Size = 110592 bytes | Modified Date = 11/7/2006 11:51:44 AM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{1B896950-4D7D-4A53-831A-B7069B4C2E8B} ->	(1394 Net Adapter) -> 

{2BB4BCF3-7C47-441B-BD1C-A5A707D08693} ->	(Intel(R) PRO/1000 MT Network Connection) -> 

{F22B70CB-9F1D-4FBA-808F-1BAA49E10D9E} ->	() -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 

{05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab[StagingUI Object] -> 

{3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[ZoneBuddy Class] -> 

{459E93B6-150E-45D5-8D4B-45C66FC035FE}[HKEY_LOCAL_MACHINE] -> http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx[get_atlcom Class] -> 

{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] -> 

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 

{5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab[ZonePAChat Object] -> 

{5F5F9FB8-878E-4455-95E0-F64B2314288A}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab[ijjiPlugin2 Class] -> 

{62475759-9E84-458E-A1AB-5D2C442ADFDE}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe[Reg Error: Key does not exist or could not be opened.] -> 

{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 

{9BDF4724-10AA-43D5-BD15-AEA0D2287303}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/zpa_txhe.cab51411.cab[ZPA_TexasHoldem Object] -> 

{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[ZoneIntro Class] -> 

{CD995117-98E5-4169-9920-6C12D4C0B548}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab[HGPlugin9USA Class] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{D6FCA8ED-4715-43DE-9BD2-2789778A5B09}[HKEY_LOCAL_MACHINE] -> http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab[Reg Error: Key does not exist or could not be opened.] -> 

{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[StadiumProxy Class] -> 

{DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab[HGPlugin10USA Class] -> 

ppctlcab[HKEY_LOCAL_MACHINE] -> http://www.pestscan.com/scanner/ppctlcab.cab[Reg Error: Key does not exist or could not be opened.] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:43 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 9:49:30 AM | Attr =	]

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:43 PM | Attr =	]

schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 6:21:15 AM | Attr =	]

wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 8:37:50 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 744 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:57 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 25229 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> 

-> Reg Error: Key does not exist or could not be opened. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{0E5A1456-2580-41C2-A3B5-29B87EE9C747} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{1B896950-4D7D-4A53-831A-B7069B4C2E8B} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2BB4BCF3-7C47-441B-BD1C-A5A707D08693} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:57 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

S?mantec -> %UserDocuments%\Sуmantec ->  [Folder | Modified Date = 12/29/2007 3:12:03 AM | Attr =	]

ATITool.lnk -> %UserDesktop%\ATITool.lnk ->  [Ver =  | Size = 686 bytes | Created Date = 1/23/2008 4:16:11 PM | Attr =	]

ATITool_0.26.exe -> %UserDesktop%\ATITool_0.26.exe ->  [Ver =  | Size = 1359106 bytes | Created Date = 1/23/2008 4:15:21 PM | Attr =	]

ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1551672 bytes | Created Date = 1/15/2008 2:50:26 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier

GunZ Launcher.lnk -> %UserDesktop%\GunZ Launcher.lnk ->  [Ver =  | Size = 677 bytes | Created Date = 1/28/2008 5:59:18 PM | Attr =	]

Gunz.lnk -> %UserDesktop%\Gunz.lnk ->  [Ver =  | Size = 677 bytes | Created Date = 1/28/2008 5:38:22 PM | Attr =	]

GunzInternational_20070123.exe -> %UserDesktop%\GunzInternational_20070123.exe ->  [Ver =  | Size = 535515 bytes | Created Date = 1/28/2008 5:37:32 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\GunzInternational_20070123.exe:Zone.Identifier

Hijackthis.lnk -> %UserDesktop%\Hijackthis.lnk ->  [Ver =  | Size = 650 bytes | Created Date = 1/15/2008 2:40:36 PM | Attr =	]

HJTsetup.exe -> %UserDesktop%\HJTsetup.exe -> Soeperman Enterprises Ltd									[Ver =					  | Size = 488144 bytes | Created Date = 1/15/2008 2:19:14 PM | Attr =	]

IGunZ-09282006-setup.exe -> %UserDesktop%\IGunZ-09282006-setup.exe -> MAIET Entertainment										  [Ver =					  | Size = 143253320 bytes | Created Date = 1/28/2008 5:57:55 PM | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2/4/2008 5:48:25 PM | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478495 bytes | Created Date = 2/4/2008 5:46:46 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

INCA Shared -> %CommonProgramFiles%\INCA Shared ->  [Folder | Created Date = 1/31/2008 3:21:56 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 1/23/2008 4:07:19 PM | Attr =	]

5 C:\*.tmp files -> C:\*.tmp -> 

Fraps -> %SystemDrive%\Fraps ->  [Folder | Modified Date = 1/8/2008 5:56:17 AM | Attr =	]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2146500608 bytes | Modified Date = 2/4/2008 6:43:08 AM | Attr =  HS]

I386 -> %SystemDrive%\I386 ->  [Folder | Modified Date = 1/15/2008 2:03:41 PM | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/31/2008 3:11:59 PM | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/4/2008 6:44:02 AM | Attr =	]

BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %System32%\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 29760 bytes | Modified Date = 2/1/2008 5:34:31 PM | Attr =	]

BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %System32%\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 29760 bytes | Modified Date = 2/1/2008 5:34:31 PM | Attr =	]

BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %System32%\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30036 bytes | Modified Date = 2/1/2008 5:34:31 PM | Attr =	]

BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %System32%\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30036 bytes | Modified Date = 2/1/2008 5:34:31 PM | Attr =	]

CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/31/2008 8:01:33 PM | Attr =	]

5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

CONFIG -> %System32%\CONFIG ->  [Folder | Modified Date = 1/31/2008 3:12:21 PM | Attr =	]

DLLCACHE -> %System32%\DLLCACHE ->  [Folder | Modified Date = 1/9/2008 3:00:26 AM | Attr = RHS]

DRIVERS -> %System32%\DRIVERS ->  [Folder | Modified Date = 2/4/2008 12:56:50 PM | Attr =	]

DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> %System32%\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat ->  [Ver =  | Size = 288 bytes | Modified Date = 2/1/2008 5:34:30 PM | Attr =	]

DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat -> %System32%\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat ->  [Ver =  | Size = 288 bytes | Modified Date = 2/1/2008 5:34:30 PM | Attr =	]

FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 165912 bytes | Modified Date = 1/15/2008 1:45:21 PM | Attr =	]

settings.sfm -> %System32%\settings.sfm ->  [Ver =  | Size = 1072 bytes | Modified Date = 2/1/2008 5:34:30 PM | Attr =	]

settingsbkup.sfm -> %System32%\settingsbkup.sfm ->  [Ver =  | Size = 1072 bytes | Modified Date = 2/1/2008 5:34:30 PM | Attr =	]

WBEM -> %System32%\WBEM ->  [Folder | Modified Date = 1/31/2008 3:12:07 PM | Attr =	]

WPA.DBL -> %System32%\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 2/4/2008 6:43:52 AM | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/8/2008 6:48:04 PM | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/4/2008 6:43:10 AM | Attr =   S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/23/2008 3:24:44 PM | Attr =   S]

GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI ->  [Ver =  | Size = 50 bytes | Modified Date = 2/4/2008 12:57:01 PM | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Modified Date = 1/9/2008 3:00:23 AM | Attr =	]

INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 1/23/2008 4:16:05 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/23/2008 4:07:20 PM | Attr =  HS]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/4/2008 5:48:28 PM | Attr =	]

randseed.rnd -> %SystemRoot%\randseed.rnd ->  [Ver =  | Size = 512 bytes | Modified Date = 2/4/2008 11:08:09 AM | Attr =	]

Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 1/31/2008 3:12:07 PM | Attr =	]

SYSTEM.INI -> %SystemRoot%\SYSTEM.INI ->  [Ver =  | Size = 227 bytes | Modified Date = 1/11/2008 12:42:14 PM | Attr =	]

SYSTEM32 -> %System32% ->  [Folder | Modified Date = 1/28/2008 6:26:06 PM | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/4/2008 11:08:16 AM | Attr =	]

WIN.INI -> %SystemRoot%\WIN.INI ->  [Ver =  | Size = 591 bytes | Modified Date = 1/22/2008 1:02:16 PM | Attr =	]

{00000002-00000000-00000002-00001102-00000004-10031102}.CDF -> %SystemRoot%\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF ->  [Ver =  | Size = 4481358 bytes | Modified Date = 2/1/2008 5:33:59 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/4/2008 6:43:11 AM | Attr =  H ]

hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1307 bytes | Modified Date = 1/11/2005 1:38:43 PM | Attr =	]

about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\about.dat ->  [Ver =  | Size = 1528 bytes | Modified Date = 6/18/2003 9:00:00 AM | Attr =	]

college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\college.dat ->  [Ver =  | Size = 327746 bytes | Modified Date = 6/18/2003 9:00:00 AM | Attr =	]

moreinfo.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\moreinfo.dat ->  [Ver =  | Size = 102 bytes | Modified Date = 6/18/2003 9:00:00 AM | Attr =	]

ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ylpgscat.dat ->  [Ver =  | Size = 12283223 bytes | Modified Date = 6/18/2003 9:00:00 AM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 8313 bytes | Modified Date = 1/8/2008 6:48:33 PM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 8698 bytes | Modified Date = 1/8/2008 6:48:33 PM | Attr =	]

CAQJ8P6N.com%2F&region=_google_cpa_region_&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=-480&u_his=2&u_java=true -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\OVCNE78Z\CAQJ8P6N.com ->  [Ver =  | Size = 1728 bytes | Modified Date = 12/19/2006 8:09:09 PM | Attr =	]

red[2].com&scx=1024&scy=768&scc=32&sta=,,,1,,,,,,,0,5,0,15001,14965,14658,17785,819&iid=127300&bid=336265&dat=;ord=18145845 -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y9W9CF0D\red[2].com ->  [Ver =  | Size = 4987 bytes | Modified Date = 12/17/2006 3:14:50 PM | Attr =	]

A~NSISu_.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\A~NSISu_.exe ->  [Ver =  | Size = 93738 bytes | Modified Date = 11/25/2007 3:24:56 PM | Attr =	]

DivXInstaller.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\DivXInstaller.exe -> DivX, Inc. [Ver = 6.8.0.19 | Size = 6222376 bytes | Modified Date = 12/29/2007 4:33:57 AM | Attr =	]

DrvInst64.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\DrvInst64.exe ->  [Ver =  | Size = 112128 bytes | Modified Date = 2/28/2005 2:39:32 PM | Attr =	]

ismtpa8.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\ismtpa8.exe ->  [Ver =  | Size = 200776 bytes | Modified Date = 12/29/2007 2:45:27 AM | Attr =	]

miunst_.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\miunst_.exe ->  [Ver =  | Size = 4128 bytes | Modified Date = 11/16/2007 8:16:24 AM | Attr =	]

setup_wm.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 10.00.00.3646 | Size = 819200 bytes | Modified Date = 9/22/2004 6:46:04 PM | Attr =	]

SSUPDATE.EXE -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr =	]

U_GBOUND_setup.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\U_GBOUND_setup.exe -> NHN USA													  [Ver =					  | Size = 133746915 bytes | Modified Date = 11/16/2007 8:30:20 PM | Attr =	]

U_GUNZ_setup.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\U_GUNZ_setup.exe ->  [Ver =  | Size = 152118083 bytes | Modified Date = 12/9/2006 8:48:41 PM | Attr =	]

U_KWONHO_setup.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\U_KWONHO_setup.exe ->  [Ver =  | Size = 839680 bytes | Modified Date = 5/20/2007 6:59:08 PM | Attr =	]

519 C:\Documents and Settings\Samurai Chong\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\*.tmp -> 

ShowUrl1.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\2EM0473U\PPOKER~1\presetup\ShowUrl1.exe ->  [Ver =  | Size = 24576 bytes | Modified Date = 11/7/2006 11:45:38 AM | Attr =	]

ymdc.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\7869333\ymdc.exe -> Yahoo! Inc. [Ver = 2006.11.10.02 | Size = 46480 bytes | Modified Date = 11/10/2006 6:09:24 PM | Attr =	]

4 C:\Documents and Settings\Samurai Chong\Local Settings\Temp\7869333\*.tmp files -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\7869333\*.tmp -> 

Installer.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Blizzard Installer Bootstrap - 9717f371\Installer.exe ->  [Ver = 3.0 | Size = 1015808 bytes | Modified Date = 7/24/2006 11:32:03 AM | Attr =	]

HGStart9USA.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\ICD1.tmp\HGStart9USA.exe -> NHN Co. [Ver = 9, 0, 0, 0 | Size = 540672 bytes | Modified Date = 8/9/2006 7:29:32 PM | Attr =	]

jinstall.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\ICD2.tmp\jinstall.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 245873 bytes | Modified Date = 1/30/2007 4:28:04 PM | Attr =	]

ijjiNotify2.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\ICD3.tmp\ijjiNotify2.exe -> NHN USA Corp. [Ver = 1, 0, 0, 0 | Size = 46488 bytes | Modified Date = 6/21/2007 5:59:42 PM | Attr =	]

ijjiPreNotify2.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\ICD3.tmp\ijjiPreNotify2.exe ->  [Ver = 1, 0, 0, 0 | Size = 75160 bytes | Modified Date = 6/21/2007 5:59:46 PM | Attr =	]

ijjiPreStarter2.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\ICD3.tmp\ijjiPreStarter2.exe -> NHN USA Corp. [Ver = 1, 0, 0, 0 | Size = 83352 bytes | Modified Date = 6/21/2007 5:59:38 PM | Attr =	]

ijjistarter2.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\ICD3.tmp\ijjistarter2.exe -> NHN USA Corp. [Ver = 10, 0, 0, 1 | Size = 943512 bytes | Modified Date = 6/21/2007 5:59:34 PM | Attr =	]

GZEntropy.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Directory 1 for GunzEntropy_v0.22.zip\GZEntropy.exe -> Project: D.I.V.I.N.A [Ver = 0.22 "razorsharp" | Size = 409600 bytes | Modified Date = 2/22/2007 7:04:58 PM | Attr =	]

Repair.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Directory 1 for Repair[1].zip\Repair.exe -> Blizzard Entertainment, Inc. [Ver = 1, 4, 33, 0 | Size = 708608 bytes | Modified Date = 4/5/2006 9:42:50 AM | Attr =	]

@Alternate Data Stream - 0 bytes -> %LocalSettings%\Temp\Temporary Directory 1 for Repair[1].zip\Repair.exe:Zone.Identifier

installdrivecleanerstart[1].exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\MNG5FLIW\installdrivecleanerstart[1].exe ->  [Ver =  | Size = 2540 bytes | Modified Date = 12/19/2006 8:11:50 PM | Attr =	]

WMPAU.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\WMC0000.tmp\WMPAU.exe -> Microsoft Corporation [Ver = 11.0.5721.5146 (WMP_11.061018-2006) | Size = 1669120 bytes | Modified Date = 11/1/2006 6:31:38 PM | Attr =	]

WMPAU.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\WMC0001.tmp\WMPAU.exe -> Microsoft Corporation [Ver = 11.0.5721.5146 (WMP_11.061018-2006) | Size = 1669120 bytes | Modified Date = 11/1/2006 6:31:38 PM | Attr =	]

WMPAU.exe -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\WMC0002.tmp\WMPAU.exe -> Microsoft Corporation [Ver = 11.0.5721.5146 (WMP_11.061018-2006) | Size = 1669120 bytes | Modified Date = 11/1/2006 6:31:38 PM | Attr =	]

yvertr.dll -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\7869333\yvertr.dll ->  [Ver = 2004, 1, 15, 1 | Size = 42080 bytes | Modified Date = 1/15/2004 1:48:38 PM | Attr =	]

4 C:\Documents and Settings\Samurai Chong\Local Settings\Temp\7869333\*.tmp files -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\7869333\*.tmp -> 

RichEd20.dll -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Blizzard Installer Bootstrap - 9717f371\RichEd20.dll -> Microsoft Corporation [Ver = 5.30.23.1200 | Size = 421888 bytes | Modified Date = 7/24/2006 11:32:03 AM | Attr =	]

Unicows.dll -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Blizzard Installer Bootstrap - 9717f371\Unicows.dll -> Microsoft Corporation [Ver = 1.0.4018.0 | Size = 245408 bytes | Modified Date = 7/24/2006 11:32:03 AM | Attr =	]

HGPlugin9USA.dll -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\ICD1.tmp\HGPlugin9USA.dll ->  [Ver = 9, 0, 0, 0 | Size = 53248 bytes | Modified Date = 8/9/2006 7:56:06 PM | Attr =	]

ijjiPlugin2.dll -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\ICD3.tmp\ijjiPlugin2.dll -> TODO: <Company name> [Ver = 2.0.0.0 | Size = 58776 bytes | Modified Date = 6/21/2007 5:59:50 PM | Attr =	]

SecurityUtil.dll -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\is-9I47S.tmp\SecurityUtil.dll ->  [Ver = 2, 0, 0, 18 | Size = 86016 bytes | Modified Date = 9/27/2005 10:23:36 AM | Attr =	]

LegitLibM.dll -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\WMC0001.tmp\LegitLibM.dll -> Microsoft Corporation [Ver = 1.5.0530.0 | Size = 410928 bytes | Modified Date = 6/27/2006 7:00:26 PM | Attr =	]

Perflib_Perfdata_160.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Perflib_Perfdata_160.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/18/2007 3:35:17 AM | Attr =	]

Perflib_Perfdata_17e8.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Perflib_Perfdata_17e8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/1/2006 11:35:19 PM | Attr =	]

Perflib_Perfdata_1a4.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Perflib_Perfdata_1a4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/30/2007 1:49:21 PM | Attr =	]

Perflib_Perfdata_224.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Perflib_Perfdata_224.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/18/2007 5:10:52 PM | Attr =	]

Perflib_Perfdata_614.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Perflib_Perfdata_614.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/4/2007 2:24:14 AM | Attr =	]

Perflib_Perfdata_954.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Perflib_Perfdata_954.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/18/2007 11:08:17 PM | Attr =	]

Perflib_Perfdata_a28.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Perflib_Perfdata_a28.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/15/2007 11:22:43 PM | Attr =	]

Perflib_Perfdata_cd4.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Perflib_Perfdata_cd4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/29/2007 6:54:14 PM | Attr =	]

Perflib_Perfdata_e70.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Perflib_Perfdata_e70.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/13/2006 2:50:16 PM | Attr =	]

Perflib_Perfdata_f34.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Perflib_Perfdata_f34.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/26/2007 11:55:45 AM | Attr =	]

519 C:\Documents and Settings\Samurai Chong\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\*.tmp -> 

index.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Cookies\index.dat ->  [Ver =  | Size = 114688 bytes | Modified Date = 12/20/2006 9:35:18 PM | Attr =	]

index.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Draa\index.dat ->  [Ver =  | Size = 437 bytes | Modified Date = 9/9/2007 2:30:12 PM | Attr =	]

4 C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Draa\*.tmp files -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Draa\*.tmp -> 

index.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 950272 bytes | Modified Date = 12/20/2006 9:35:18 PM | Attr =	]

index.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\History\History.IE5\MSHist012006121120061218\index.dat ->  [Ver =  | Size = 311296 bytes | Modified Date = 12/18/2006 6:49:13 PM | Attr =	]

index.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\History\History.IE5\MSHist012006121820061219\index.dat ->  [Ver =  | Size = 81920 bytes | Modified Date = 12/18/2006 9:40:04 PM | Attr =	]

index.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\History\History.IE5\MSHist012006121920061220\index.dat ->  [Ver =  | Size = 98304 bytes | Modified Date = 12/19/2006 11:07:39 PM | Attr =	]

index.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\History\History.IE5\MSHist012006122020061221\index.dat ->  [Ver =  | Size = 65536 bytes | Modified Date = 12/20/2006 9:35:18 PM | Attr =	]

index.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\History\History.IE5\MSHist012006122120061222\index.dat ->  [Ver =  | Size = 65536 bytes | Modified Date = 12/21/2006 7:53:47 PM | Attr =	]

index.dat -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 9535488 bytes | Modified Date = 12/20/2006 9:35:18 PM | Attr =	]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 6/23/2006 4:30:40 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/1/2006 8:17:59 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\1ZNVQ75R\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/10/2006 9:14:09 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\8H6R41EJ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/8/2006 2:30:33 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\9HN7USQ1\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/4/2006 1:37:11 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\A9LQZ61S\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/6/2006 8:10:50 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\BLN8DB38\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/4/2006 1:37:11 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\E77GH89C\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/10/2006 9:14:09 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\ER6RAJEB\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/1/2006 8:17:59 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\G1ABC9U7\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/8/2006 2:30:33 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\GPMVKLAZ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/8/2006 2:30:33 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1M72ZKH\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/1/2006 8:17:59 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\M5SBMHI5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/6/2006 8:10:50 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\MNG5FLIW\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/10/2006 9:14:09 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\NE9YV35F\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/10/2006 9:14:09 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5K78NG3\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/6/2006 8:10:50 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODAF456J\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/8/2006 2:30:33 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\OVCNE78Z\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/4/2006 1:37:11 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\WJODMFOR\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/1/2006 8:17:59 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y9W9CF0D\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/1/2006 8:17:59 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZI0BJXKP\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/6/2006 8:10:50 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Samurai Chong\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZX0GDRRX\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/4/2006 1:37:11 AM | Attr =  HS]

index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/21/2006 6:24:27 PM | Attr =	]

index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/21/2006 6:24:27 PM | Attr =	]

index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 12/21/2006 6:24:27 PM | Attr =	]

desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 12/21/2006 6:24:27 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/21/2006 6:24:27 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CTIB2FCZ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/21/2006 6:24:27 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IBARW12J\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/21/2006 6:24:27 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K14Z6ZCF\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/21/2006 6:24:27 PM | Attr =  HS]

desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K5E74NUT\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/21/2006 6:24:27 PM | Attr =  HS]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 88064 bytes | Modified Date = 1/15/2008 2:04:01 PM | Attr =	]

GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 40856 bytes | Modified Date = 1/12/2008 1:48:47 PM | Attr =	]

IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 1634814 bytes | Modified Date = 2/1/2008 5:33:59 PM | Attr =  H ]

My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/28/2008 3:56:46 PM | Attr = R  ]

My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Modified Date = 1/30/2008 10:25:03 PM | Attr =	]

My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk ->  [Ver =  | Size = 588 bytes | Modified Date = 2/1/2008 5:14:19 PM | Attr =	]

S?mantec -> %UserDocuments%\Sуmantec ->  [Folder | Modified Date = 12/29/2007 3:12:03 AM | Attr =	]

ATITool.lnk -> %UserDesktop%\ATITool.lnk ->  [Ver =  | Size = 686 bytes | Modified Date = 1/23/2008 4:16:11 PM | Attr =	]

ATITool_0.26.exe -> %UserDesktop%\ATITool_0.26.exe ->  [Ver =  | Size = 1359106 bytes | Modified Date = 1/23/2008 4:15:31 PM | Attr =	]

ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1551672 bytes | Modified Date = 1/15/2008 2:50:36 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier

GunZ Launcher.lnk -> %UserDesktop%\GunZ Launcher.lnk ->  [Ver =  | Size = 677 bytes | Modified Date = 1/28/2008 5:59:18 PM | Attr =	]

Gunz.lnk -> %UserDesktop%\Gunz.lnk ->  [Ver =  | Size = 677 bytes | Modified Date = 1/28/2008 5:38:22 PM | Attr =	]

GunzInternational_20070123.exe -> %UserDesktop%\GunzInternational_20070123.exe ->  [Ver =  | Size = 535515 bytes | Modified Date = 1/28/2008 5:37:37 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\GunzInternational_20070123.exe:Zone.Identifier

Hijackthis.lnk -> %UserDesktop%\Hijackthis.lnk ->  [Ver =  | Size = 650 bytes | Modified Date = 1/15/2008 2:40:36 PM | Attr =	]

HJTsetup.exe -> %UserDesktop%\HJTsetup.exe -> Soeperman Enterprises Ltd									[Ver =					  | Size = 488144 bytes | Modified Date = 1/15/2008 2:19:16 PM | Attr =	]

IGunZ-09282006-setup.exe -> %UserDesktop%\IGunZ-09282006-setup.exe -> MAIET Entertainment										  [Ver =					  | Size = 143253320 bytes | Modified Date = 1/28/2008 5:58:06 PM | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2/4/2008 5:48:25 PM | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478495 bytes | Modified Date = 2/4/2008 5:46:48 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

INCA Shared -> %CommonProgramFiles%\INCA Shared ->  [Folder | Modified Date = 1/31/2008 3:21:56 PM | Attr =	]



< End of report >


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:30 AM

Posted 04 February 2008 - 10:23 PM

Hi kaypee. I don't see anything malware related in the log. There is some housekeeping that we should do to clean out a number of orphaned registry entries so let's do that while you are here.

Also, Ewido was sold to Grisoft some time ago. It has not been updated in a year or more. I would suggest uninstalling it. It is not performing any meaningful function at this time.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.EXE
< Samurai Chong Startup Folder > -> C:\Documents and Settings\Samurai Chong\Start Menu\Programs\Startup
YN -> %UserStartup%\titanshield.lnk -> %ProgramFiles%\TitanShield Antispyware\titanshield.exe
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {549B5CA7-4A86-11D7-A4DF-000874180BB3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {90C61707-C8F8-43DB-A25C-C1F4B18EE41E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %System32%\msjava.dll [Sun Java Console]
YN -> {d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec -> %SystemDrive%\Documents and Settings\Samurai Chong\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %System32%\msjava.dll [Web Browser Applet Control]
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {459E93B6-150E-45D5-8D4B-45C66FC035FE}[HKEY_LOCAL_MACHINE] -> http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx[get_atlcom Class]
YY -> {5F5F9FB8-878E-4455-95E0-F64B2314288A}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab[ijjiPlugin2 Class]
YY -> {CD995117-98E5-4169-9920-6C12D4C0B548}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab[HGPlugin9USA Class]
YY -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09}[HKEY_LOCAL_MACHINE] -> http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab[Reg Error: Key does not exist or could not be opened.]
YY -> {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab[HGPlugin10USA Class]
YY -> ppctlcab[HKEY_LOCAL_MACHINE] -> http://www.pestscan.com/scanner/ppctlcab.cab[Reg Error: Key does not exist or could not be opened.]
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here and I will review the information when it comes back in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 kaypee

kaypee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 05 February 2008 - 01:34 AM

hello OT. when i hit the "run fix" button, not much happens, and the program stops responding.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:30 AM

Posted 05 February 2008 - 10:38 AM

Hi kaypee. It sounds like not all the code is getting copied. make sure the open bracket is included with the first line.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 kaypee

kaypee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 05 February 2008 - 11:09 AM

hi OT! i'm almost 100% positive i'm copying all of the code into the box, although i'm not quite sure what you're referring to when you say the first open bracket. what happens is that i hit run fix, and then everything just stalls, and for some reason the program clones it self, or is running twice. i'll keep at it.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:30 AM

Posted 05 February 2008 - 11:40 AM

Hi kaypee. The Desktop should disappear. If not, then I would guess that instead of "[kill explorer]" for the first line it is "kill explorer]". Otherwise, try it in Safe Mode.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 kaypee

kaypee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 05 February 2008 - 06:20 PM

the program seems to be not responding in safe mode as well. in the "paste fix here" box, there is a long stream of :
[start explorer]
[start explorer]
[start explorer]

should i be using the same settings as you asked me to at first? i.e.

In the Drivers section click on Non-Microsoft.
Under Additional Scans click the checkboxes in front of the following items to select them:
Reg - BotCheck
File - Additional Folder Scans

--because i am just opening the program, pasting the code, and hitting run fix.

Edited by kaypee, 05 February 2008 - 06:21 PM.


#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:30 AM

Posted 05 February 2008 - 06:43 PM

Hi kaypee. Then it should be done. Some screen drivers don't update the screen correctly when it removes a line from the list and the [Start Explorer] line moves up. It just looks like a long list of the last line.

How are things running? Any other issues?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 kaypee

kaypee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 05 February 2008 - 08:30 PM

i haven't noticed a huge improvement in performance OT. 3d applications are still running pretty slow even using the lowest grafic settings. the main reason i bring this up is because my computer should be demolishing the fps in older applications like the one i'm currently running. multi tasking and running programs at the same time used to be flawless, but more recently i've been bogged down. maybe i should defrag in safe mode and remove unnecessary programs? i'm not sure whether my sloppy computer is eating up memory, or whether my grafics card is putting out. i appreciate your help!

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:30 AM

Posted 05 February 2008 - 09:37 PM

Hi kaypee. It could be that whatever your ex- (is that the reason why lol) installed changed the video settings or components if it was a video application. The forum that could help check the settings and drivers is the Internal Hardware
forum. They have various diagnostic software that could test the hardware for efficiency and make any recommendations for improving performance. If you go there, let them know that you have already been here and that the machine is clean.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 kaypee

kaypee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 06 February 2008 - 06:11 AM

thank you!

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:30 AM

Posted 06 February 2008 - 10:29 AM

Hi kaypee. Let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start WinPFind35
    Click the CleanUp button
  • WinPFind35 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • WinPFind35 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 kaypee

kaypee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 06 February 2008 - 07:31 PM

Thank you so much for your help. i have one more small issue. when i ctrl+alt+del i notice an extremely long list of .exe in the processes section. any way i can cut this down to free up more memory for my 3d program called Gunz Online? Ty.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users