Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.lop_com/adware.advertising


  • Please log in to reply
5 replies to this topic

#1 kareen

kareen

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 02 February 2008 - 02:26 AM

So this is my Hijack This log file ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:20 AM, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mode Surf] C:\DOCUME~1\User\APPLIC~1\DEBUGV~1\Date Way Knob.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201579320236
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5518 bytes


and this is from .. deljob ..

--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

Norton Security Scan.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is B4C0-F4D4

Directory of C:\Documents and Settings\User\Application Data

02/02/2008 02:23 AM <DIR> .
02/02/2008 02:23 AM <DIR> ..
28/01/2008 11:22 PM <DIR> Adobe
29/01/2008 09:49 AM <DIR> AdobeUM
29/01/2008 01:33 AM <DIR> DEBUGV~1 Debug Vc Sixth
01/09/2007 10:32 AM <DIR> IDENTI~1 Identities
28/01/2008 11:22 PM <DIR> MACROM~1 Macromedia
01/02/2008 03:15 AM <DIR> MICROS~1 Microsoft
28/01/2008 10:59 PM <DIR> Mozilla
29/01/2008 01:55 AM <DIR> Nexon
02/02/2008 02:03 AM <DIR> PCTOOL~1 PC Tools
29/01/2008 12:09 AM <DIR> Real
02/02/2008 02:23 AM <DIR> SUPERA~1.COM SUPERAntiSpyware.com
31/01/2008 11:31 PM <DIR> Ventrilo
30/01/2008 01:47 PM <DIR> WinRAR
0 File(s) 0 bytes
15 Dir(s) 30,516,342,784 bytes free
Volume in drive C has no label.
Volume Serial Number is B4C0-F4D4

Directory of C:\Documents and Settings\All Users\Application Data

02/02/2008 02:23 AM <DIR> .
02/02/2008 02:23 AM <DIR> ..
29/01/2008 09:47 AM <DIR> Adobe
28/01/2008 10:56 PM <DIR> Avg7
29/01/2008 09:45 AM <DIR> CYBERL~1 CyberLink
02/02/2008 02:06 AM <DIR> GOOGLE~1 Google Updater
29/01/2008 01:54 AM <DIR> MESSEN~1 Messenger Plus!
29/01/2008 01:33 AM <DIR> MICROS~1 Microsoft
02/02/2008 02:23 AM <DIR> SUPERA~1.COM SUPERAntiSpyware.com
02/02/2008 02:25 AM <DIR> TEMP
29/01/2008 01:17 AM <DIR> WLINST~1 WLInstaller
0 File(s) 0 bytes
11 Dir(s) 30,516,342,784 bytes free
--------------------------------------------------------
seems like trojan is gone but not 100% sure .. seeking help ! Thanks !

Edited by kareen, 02 February 2008 - 02:30 AM.


BC AdBot (Login to Remove)

 


m

#2 kareen

kareen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 05 February 2008 - 06:08 PM

Here is my hijack this log file ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:27 PM, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201579320236
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5079 bytes

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:22 AM

Posted 07 February 2008 - 01:05 AM

Hello kareen and welcome to the BC HijackThis forum. Let's see what we can find.

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 kareen

kareen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 07 February 2008 - 04:27 PM

WinPFind35 logfile created on: 07/02/2008 4:22:59 PM
WinPFind35U Version Beta46 Folder = C:\Documents and Settings\User\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

510.73 Mb Total Physical Memory | 326.34 Mb Available Physical Memory | 63.90% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.47% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.10 Gb Total Space | 22.27 Gb Free Space | 58.45% Space Free | Partition Type: NTFS
Drive D: | 36.42 Gb Total Space | 34.63 Gb Free Space | 95.09% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: USER-FDE8AD15AD
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 02/02/2008 2:15:59 PM | Attr = ]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 10/12/2007 2:53:44 PM | Attr = ]
smtray.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe -> Analog Devices, Inc. [Ver = 3, 2, 17, 0 | Size = 143360 bytes | Modified Date = 05/05/2003 7:57:30 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 02/02/2008 3:56:13 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 1:11:35 AM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink DVD Solution\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 08/12/2003 5:35:14 PM | Attr = ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 10/12/2007 2:53:46 PM | Attr = ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 10/12/2007 2:53:46 PM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 3:50:10 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 28/11/2007 2:11:50 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 07/02/2008 1:47:38 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 02/02/2008 2:15:59 PM | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 10/12/2007 2:53:44 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 10/12/2007 2:53:46 PM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 3:50:10 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 01/09/2007 2:16:50 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Modified Date = 03/08/2004 5:29:28 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %System32%\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.41.00.0426 | Size = 42496 bytes | Modified Date = 16/12/2004 1:36:30 PM | Attr = ]
(FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 17/08/2001 7:13:08 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Modified Date = 10/12/2007 2:53:28 PM | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 10/12/2007 2:53:28 PM | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 10/12/2007 2:53:28 PM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(npkcrypt) npkcrypt [Kernel | Auto | Running] -> %SystemDrive%\Nexon\MapleStory\npkcrypt.sys -> INCA Internet Co., Ltd. [Ver = 2006. 11. 20. 1 | Size = 23217 bytes | Modified Date = 30/01/2008 9:39:04 AM | Attr = ]
(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Running] -> %System32%\npptNT2.sys -> INCA Internet Co., Ltd. [Ver = 2005, 1, 5, 1 | Size = 4682 bytes | Modified Date = 04/01/2005 4:43:08 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 5:25:53 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3663 | Size = 578368 bytes | Modified Date = 15/07/2003 3:00:00 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(viasraid) viasraid [Kernel | Boot | Running] -> %System32%\drivers\viasraid.sys -> VIA Technologies inc,.ltd [Ver = 5.1.2600.220 | Size = 77312 bytes | Modified Date = 31/10/2003 10:22:38 AM | Attr = R ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr = ]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 10/12/2007 2:53:46 PM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink DVD Solution\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 08/12/2003 5:35:14 PM | Attr = ]
Smapp -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe -> Analog Devices, Inc. [Ver = 3, 2, 17, 0 | Size = 143360 bytes | Modified Date = 05/05/2003 7:57:30 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 1:11:35 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 02/02/2008 3:56:13 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 02/02/2008 2:15:52 PM | Attr = ]
%AllUsersStartup%\VIA RAID TOOL.lnk -> %ProgramFiles%\VIA\RAID\raid_tool.exe -> VIA Technologies [Ver = 2, 2, 1, 0 | Size = 565248 bytes | Modified Date = 18/11/2003 1:11:04 PM | Attr = R ]
< User Startup Folder > -> C:\Documents and Settings\User\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (4102 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 11:08:42 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 1:11:33 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 02/02/2008 2:16:07 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 1:11:33 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 1:11:34 AM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{31F591F8-702C-4CE5-9DBC-A2DC5A8E50FB} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftu...b?1201579320236[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...ash/swflash.cab[Shockwave Flash Object] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 12:49:30 PM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 9:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 688 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 105 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 11:34:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 5:18:24 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Nexon\MapleStory\MapleStory.exe -> C:\Nexon\MapleStory\MapleStory.exe [C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory] -> Wizet [Ver = 1, 0, 0, 1 | Size = 1874466 bytes | Modified Date = 30/01/2008 9:46:48 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 25/07/2005 11:39:49 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 03/08/2004 8:07:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 25/07/2005 11:39:49 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 02/02/2008 2:11:28 PM | Attr = ]
Fraps -> %SystemDrive%\Fraps -> [Folder | Created Date = 01/02/2008 9:20:56 PM | Attr = ]
MapleDream -> %SystemDrive%\MapleDream -> [Folder | Created Date = 03/02/2008 11:09:54 PM | Attr = ]
Nexon -> %SystemDrive%\Nexon -> [Folder | Created Date = 29/01/2008 1:11:09 AM | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 29/01/2008 1:28:26 AM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Created Date = 02/02/2008 2:48:10 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 29/01/2008 1:28:26 AM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 02/02/2008 2:48:10 PM | Attr = H ]
VP-EYE -> %SystemDrive%\VP-EYE -> [Folder | Created Date = 29/01/2008 9:50:25 AM | Attr = ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Created Date = 02/02/2008 2:17:11 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 02/02/2008 2:17:11 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 02/02/2008 2:17:11 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 02/02/2008 2:17:11 PM | Attr = ]
snpstd3.sys -> %System32%\drivers\snpstd3.sys -> [Ver = 1, 1, 10, 0 | Size = 413696 bytes | Created Date = 03/02/2008 3:30:48 PM | Attr = ]
csnpstd3.dll -> %System32%\csnpstd3.dll -> [Ver = 0, 9, 0, 5 | Size = 61440 bytes | Created Date = 03/02/2008 3:30:47 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 02/02/2008 2:47:48 PM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
dsnpstd3.ax -> %System32%\dsnpstd3.ax -> [Ver = 1, 0, 3, 1 | Size = 36864 bytes | Created Date = 03/02/2008 3:30:47 PM | Attr = ]
dsnpstd3.dll -> %System32%\dsnpstd3.dll -> [Ver = 1, 1, 0, 1 | Size = 53248 bytes | Created Date = 03/02/2008 3:30:48 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 03/02/2008 3:40:03 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 03/02/2008 3:40:03 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 03/02/2008 3:40:03 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 03/02/2008 3:40:03 PM | Attr = ]
nppt9x.vxd -> %System32%\nppt9x.vxd -> [Ver = | Size = 5174 bytes | Created Date = 02/02/2008 4:36:23 PM | Attr = ]
npptNT2.sys -> %System32%\npptNT2.sys -> INCA Internet Co., Ltd. [Ver = 2005, 1, 5, 1 | Size = 4682 bytes | Created Date = 02/02/2008 4:36:23 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 02/02/2008 2:21:13 PM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 02/02/2008 3:56:15 PM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 02/02/2008 3:56:17 PM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 02/02/2008 3:56:17 PM | Attr = ]
PreInstall -> %System32%\PreInstall -> [Folder | Created Date = 28/01/2008 11:04:39 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Created Date = 28/01/2008 10:57:20 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.45 | Size = 185944 bytes | Created Date = 02/02/2008 3:56:27 PM | Attr = ]
rsnpstd3.dll -> %System32%\rsnpstd3.dll -> [Ver = 1, 0, 0, 6 | Size = 57344 bytes | Created Date = 03/02/2008 3:30:47 PM | Attr = ]
Samsung_USB_Drivers -> %System32%\Samsung_USB_Drivers -> [Folder | Created Date = 03/02/2008 3:57:58 PM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Created Date = 28/01/2008 11:01:25 PM | Attr = ]
UnInstall_Driver.ico -> %System32%\UnInstall_Driver.ico -> [Ver = | Size = 22486 bytes | Created Date = 03/02/2008 3:57:58 PM | Attr = R ]
vsnpstd3.dll -> %System32%\vsnpstd3.dll -> [Ver = 1, 0, 3, 0 | Size = 36864 bytes | Created Date = 03/02/2008 3:30:47 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 28/01/2008 11:04:37 PM | Attr = H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 28/01/2008 11:04:56 PM | Attr = H ]
Cache -> %SystemRoot%\Cache -> [Folder | Created Date = 29/01/2008 9:46:22 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Created Date = 03/02/2008 3:35:12 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 31/01/2008 5:45:32 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1603 bytes | Created Date = 28/01/2008 11:22:53 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 28/01/2008 10:59:12 PM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 28/01/2008 11:54:53 PM | Attr = ]
snpstd3.ini -> %SystemRoot%\snpstd3.ini -> [Ver = | Size = 15498 bytes | Created Date = 03/02/2008 3:30:48 PM | Attr = ]
snpstd3.src -> %SystemRoot%\snpstd3.src -> [Ver = | Size = 13023 bytes | Created Date = 03/02/2008 3:30:48 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 03/02/2008 3:43:13 PM | Attr = ]
unvpeye.ini -> %SystemRoot%\unvpeye.ini -> [Ver = | Size = 32096 bytes | Created Date = 03/02/2008 3:28:07 PM | Attr = ]
usnpstd3.exe -> %SystemRoot%\usnpstd3.exe -> [Ver = 1, 0, 0, 4 | Size = 20480 bytes | Created Date = 03/02/2008 3:30:46 PM | Attr = ]
vsnpstd3.exe -> %SystemRoot%\vsnpstd3.exe -> [Ver = 1, 0, 1, 2 | Size = 286720 bytes | Created Date = 03/02/2008 3:30:49 PM | Attr = ]
Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job -> [Ver = | Size = 406 bytes | Created Date = 02/02/2008 1:45:24 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe -> [Folder | Created Date = 29/01/2008 9:47:34 AM | Attr = ]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Created Date = 28/01/2008 10:56:33 PM | Attr = ]
CyberLink -> %AllUsersAppData%\CyberLink -> [Folder | Created Date = 29/01/2008 9:45:31 AM | Attr = ]
Google -> %AllUsersAppData%\Google -> [Folder | Created Date = 02/02/2008 2:04:47 PM | Attr = ]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Created Date = 02/02/2008 1:44:14 AM | Attr = ]
Messenger Plus! -> %AllUsersAppData%\Messenger Plus! -> [Folder | Created Date = 03/02/2008 3:22:39 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 02/02/2008 2:17:18 PM | Attr = ]
@Alternate Data Stream - 110 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
WLInstaller -> %AllUsersAppData%\WLInstaller -> [Folder | Created Date = 28/01/2008 11:06:01 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Created Date = 28/01/2008 11:22:57 PM | Attr = ]
Macromedia -> %UserAppData%\Macromedia -> [Folder | Created Date = 28/01/2008 11:22:57 PM | Attr = ]
Mozilla -> %UserAppData%\Mozilla -> [Folder | Created Date = 28/01/2008 10:59:10 PM | Attr = ]
Nexon -> %UserAppData%\Nexon -> [Folder | Created Date = 29/01/2008 1:55:42 AM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Created Date = 02/02/2008 2:17:05 PM | Attr = ]
Real -> %UserAppData%\Real -> [Folder | Created Date = 29/01/2008 12:06:55 AM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Created Date = 03/02/2008 3:43:13 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 02/02/2008 2:23:24 AM | Attr = ]
Ventrilo -> %UserAppData%\Ventrilo -> [Folder | Created Date = 31/01/2008 11:28:57 PM | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Created Date = 06/02/2008 7:26:18 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 3584 bytes | Created Date = 02/02/2008 2:37:50 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 49136 bytes | Created Date = 28/01/2008 11:08:31 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3733482 bytes | Created Date = 03/02/2008 3:31:50 AM | Attr = H ]
Identities -> %LocalAppData%\Identities -> [Folder | Created Date = 02/02/2008 7:39:45 PM | Attr = ]
Mozilla -> %LocalAppData%\Mozilla -> [Folder | Created Date = 28/01/2008 10:59:10 PM | Attr = ]
My Chat Logs -> %UserDocuments%\My Chat Logs -> [Folder | Created Date = 29/01/2008 1:33:22 AM | Attr = ]
My eBooks -> %UserDocuments%\My eBooks -> [Folder | Created Date = 29/01/2008 9:49:34 AM | Attr = ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Created Date = 29/01/2008 1:27:03 AM | Attr = ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 579 bytes | Created Date = 29/01/2008 1:29:14 AM | Attr = ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Created Date = 28/01/2008 11:25:13 PM | Attr = R ]
?????? -> %UserDocuments%\我的交談記錄 -> [Folder | Modified Date = 29/01/2008 10:02:32 AM | Attr = ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Created Date = 06/02/2008 7:25:30 PM | Attr = ]
CyberLink Multimedia Launcher.lnk -> %AllUsersDesktop%\CyberLink Multimedia Launcher.lnk -> [Ver = | Size = 1900 bytes | Created Date = 03/02/2008 3:40:32 PM | Attr = ]
Google Updater.lnk -> %AllUsersDesktop%\Google Updater.lnk -> [Ver = | Size = 890 bytes | Created Date = 02/02/2008 2:16:05 PM | Attr = ]
Microsoft Mouse.lnk -> %AllUsersDesktop%\Microsoft Mouse.lnk -> [Ver = | Size = 1868 bytes | Created Date = 28/01/2008 10:57:13 PM | Attr = ]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 28/01/2008 10:58:46 PM | Attr = ]
RealPlayer.lnk -> %AllUsersDesktop%\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Created Date = 02/02/2008 3:56:36 PM | Attr = ]
Ventrilo.lnk -> %AllUsersDesktop%\Ventrilo.lnk -> [Ver = | Size = 630 bytes | Created Date = 02/02/2008 4:43:50 PM | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 07/02/2008 4:20:11 PM | Attr = ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 02/02/2008 3:58:52 PM | Attr = ]
Chinese Songs -> %UserDesktop%\Chinese Songs -> [Folder | Created Date = 28/01/2008 11:31:30 PM | Attr = ]
Computer Engineer Notes -> %UserDesktop%\Computer Engineer Notes -> [Folder | Created Date = 04/02/2008 5:56:33 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 05/02/2008 6:07:16 PM | Attr = ]
Lucky -> %UserDesktop%\Lucky -> [Folder | Created Date = 28/01/2008 11:36:12 PM | Attr = ]
MapleDreamSetup.exe -> %UserDesktop%\MapleDreamSetup.exe -> [Ver = | Size = 52360472 bytes | Created Date = 03/02/2008 11:09:25 PM | Attr = ]
MapleStory -> %UserDesktop%\MapleStory -> [Folder | Created Date = 28/01/2008 11:36:22 PM | Attr = ]
MapleStory.lnk -> %UserDesktop%\MapleStory.lnk -> [Ver = | Size = 2355 bytes | Created Date = 02/02/2008 4:33:35 PM | Attr = ]
MDinstall.exe -> %UserDesktop%\MDinstall.exe -> [Ver = | Size = 27516951 bytes | Created Date = 03/02/2008 11:08:34 PM | Attr = ]
Notepad.lnk -> %UserDesktop%\Notepad.lnk -> [Ver = | Size = 1519 bytes | Created Date = 02/02/2008 2:40:13 PM | Attr = ]
Spyware Doctor.lnk -> %UserDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 780 bytes | Created Date = 02/02/2008 2:17:12 PM | Attr = ]
Stars -> %UserDesktop%\Stars -> [Folder | Created Date = 28/01/2008 11:36:27 PM | Attr = ]
The Gentle Crackdown II 11.rmvb -> %UserDesktop%\The Gentle Crackdown II 11.rmvb -> [Ver = | Size = 221997187 bytes | Created Date = 07/02/2008 1:02:13 AM | Attr = ]
The Gentle Crackdown II 12.rmvb -> %UserDesktop%\The Gentle Crackdown II 12.rmvb -> [Ver = | Size = 228090735 bytes | Created Date = 07/02/2008 3:10:51 PM | Attr = ]
Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 11776 bytes | Created Date = 02/02/2008 7:39:43 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable
VP-EYE.lnk -> %UserDesktop%\VP-EYE.lnk -> [Ver = | Size = 611 bytes | Created Date = 03/02/2008 3:29:14 PM | Attr = ]
Windows Live Messenger .lnk -> %UserDesktop%\Windows Live Messenger .lnk -> [Ver = | Size = 1839 bytes | Created Date = 02/02/2008 2:47:13 PM | Attr = ]
Windows Media Player.lnk -> %UserDesktop%\Windows Media Player.lnk -> [Ver = | Size = 792 bytes | Created Date = 02/02/2008 2:50:05 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 07/02/2008 4:21:46 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478955 bytes | Created Date = 07/02/2008 4:21:40 PM | Attr = ]
WinRAR.lnk -> %UserDesktop%\WinRAR.lnk -> [Ver = | Size = 692 bytes | Created Date = 02/02/2008 3:59:58 PM | Attr = ]
Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk -> [Ver = | Size = 920 bytes | Created Date = 02/02/2008 2:16:05 PM | Attr = ]
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 29/01/2008 9:49:30 AM | Attr = ]
INCA Shared -> %CommonProgramFiles%\INCA Shared -> [Folder | Created Date = 04/02/2008 3:08:23 PM | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 03/02/2008 3:38:58 PM | Attr = ]
Real -> %CommonProgramFiles%\Real -> [Folder | Created Date = 29/01/2008 12:06:55 AM | Attr = ]
snpstd3 -> %CommonProgramFiles%\snpstd3 -> [Folder | Created Date = 03/02/2008 3:30:46 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 02/02/2008 1:47:01 AM | Attr = ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 28/01/2008 11:06:23 PM | Attr = HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 02/02/2008 4:42:56 PM | Attr = ]
xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 02/02/2008 3:56:49 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 06/02/2008 7:26:19 PM | Attr = ]
Fraps -> %SystemDrive%\Fraps -> [Folder | Modified Date = 02/02/2008 2:08:26 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535613440 bytes | Modified Date = 07/02/2008 3:01:22 PM | Attr = HS]
MapleDream -> %SystemDrive%\MapleDream -> [Folder | Modified Date = 03/02/2008 11:16:36 PM | Attr = ]
Nexon -> %SystemDrive%\Nexon -> [Folder | Modified Date = 29/01/2008 1:11:09 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 03/02/2008 3:40:26 PM | Attr = R ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 29/01/2008 1:28:26 AM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 02/02/2008 2:48:10 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 29/01/2008 1:28:26 AM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 02/02/2008 2:48:10 PM | Attr = H ]
VP-EYE -> %SystemDrive%\VP-EYE -> [Folder | Modified Date = 03/02/2008 3:28:39 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 06/02/2008 10:48:09 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 02/02/2008 2:05:45 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 4102 bytes | Modified Date = 29/01/2008 1:33:24 AM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 02/02/2008 2:47:42 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 02/02/2008 2:14:17 PM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 06/02/2008 3:34:02 PM | Attr = ]
Com -> %System32%\Com -> [Folder | Modified Date = 03/02/2008 3:39:24 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 02/02/2008 2:12:56 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 02/02/2008 2:07:31 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 04/02/2008 12:10:18 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 07/02/2008 3:42:08 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 02/02/2008 2:47:48 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 193776 bytes | Modified Date = 03/02/2008 3:22:24 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 02/02/2008 2:47:42 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 02/02/2008 2:22:10 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 40700 bytes | Modified Date = 06/02/2008 10:52:04 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 312822 bytes | Modified Date = 06/02/2008 10:52:04 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356844 bytes | Modified Date = 06/02/2008 10:52:04 PM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 02/02/2008 3:56:15 PM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 02/02/2008 3:56:17 PM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 02/02/2008 3:56:17 PM | Attr = ]
PreInstall -> %System32%\PreInstall -> [Folder | Modified Date = 28/01/2008 11:04:39 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 06/02/2008 3:34:06 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 02/02/2008 1:57:05 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.45 | Size = 185944 bytes | Modified Date = 02/02/2008 3:56:27 PM | Attr = ]
Samsung_USB_Drivers -> %System32%\Samsung_USB_Drivers -> [Folder | Modified Date = 03/02/2008 3:58:12 PM | Attr = ]
SoftwareDistribution -> %System32%\SoftwareDistribution -> [Folder | Modified Date = 28/01/2008 11:01:25 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 02/02/2008 2:12:50 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 06/02/2008 3:14:37 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 30/01/2008 12:03:54 AM | Attr = H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 28/01/2008 11:04:58 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 07/02/2008 3:01:24 PM | Attr = S]
Cache -> %SystemRoot%\Cache -> [Folder | Modified Date = 29/01/2008 9:46:22 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 30/01/2008 6:15:31 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 02/02/2008 4:36:00 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 02/02/2008 2:47:40 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 04/02/2008 12:10:19 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 06/02/2008 10:48:10 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 06/02/2008 7:26:20 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 31/01/2008 5:45:32 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1603 bytes | Modified Date = 03/02/2008 3:40:11 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 03/02/2008 3:22:22 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 28/01/2008 10:59:12 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 07/02/2008 4:22:16 PM | Attr = ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 02/02/2008 2:48:07 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 02/02/2008 2:12:50 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 02/02/2008 2:54:09 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 28/01/2008 11:01:35 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 03/02/2008 3:43:13 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 28/01/2008 10:56:28 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 06/02/2008 10:52:04 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 02/02/2008 1:45:24 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 07/02/2008 4:20:46 PM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 02/02/2008 2:10:44 PM | Attr = ]
unvpeye.ini -> %SystemRoot%\unvpeye.ini -> [Ver = | Size = 32096 bytes | Modified Date = 03/02/2008 3:28:40 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 749 bytes | Modified Date = 29/01/2008 10:00:53 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 03/02/2008 3:42:03 AM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 02/02/2008 2:45:22 PM | Attr = ]
Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job -> [Ver = | Size = 406 bytes | Modified Date = 02/02/2008 2:04:56 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 07/02/2008 3:01:26 PM | Attr = H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5394 bytes | Modified Date = 07/02/2008 3:02:43 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5394 bytes | Modified Date = 07/02/2008 3:02:42 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 29/01/2008 1:21:46 AM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 06/02/2008 7:26:18 PM | Attr = ]
Avg7 -> %AllUsersAppData%\Avg7 -> [Folder | Modified Date = 28/01/2008 10:56:33 PM | Attr = ]
CyberLink -> %AllUsersAppData%\CyberLink -> [Folder | Modified Date = 29/01/2008 9:45:31 AM | Attr = ]
Google -> %AllUsersAppData%\Google -> [Folder | Modified Date = 02/02/2008 2:04:47 PM | Attr = ]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 06/02/2008 7:21:31 PM | Attr = ]
Messenger Plus! -> %AllUsersAppData%\Messenger Plus! -> [Folder | Modified Date = 03/02/2008 3:22:39 PM | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 02/02/2008 2:41:44 PM | Attr = S]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 07/02/2008 3:25:13 PM | Attr = ]
@Alternate Data Stream - 110 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
WLInstaller -> %AllUsersAppData%\WLInstaller -> [Folder | Modified Date = 02/02/2008 2:37:08 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 02/02/2008 3:59:44 PM | Attr = ]
Macromedia -> %UserAppData%\Macromedia -> [Folder | Modified Date = 28/01/2008 11:22:57 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 04/02/2008 6:51:28 PM | Attr = S]
Mozilla -> %UserAppData%\Mozilla -> [Folder | Modified Date = 28/01/2008 10:59:10 PM | Attr = ]
Nexon -> %UserAppData%\Nexon -> [Folder | Modified Date = 29/01/2008 1:55:42 AM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Modified Date = 02/02/2008 2:17:05 PM | Attr = ]
Real -> %UserAppData%\Real -> [Folder | Modified Date = 02/02/2008 11:26:50 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Modified Date = 03/02/2008 3:43:13 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 02/02/2008 2:23:24 AM | Attr = ]
Ventrilo -> %UserAppData%\Ventrilo -> [Folder | Modified Date = 02/02/2008 4:44:50 PM | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 06/02/2008 7:26:18 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 3584 bytes | Modified Date = 02/02/2008 2:37:57 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 49136 bytes | Modified Date = 28/01/2008 11:08:31 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3733482 bytes | Modified Date = 07/02/2008 1:57:19 AM | Attr = H ]
Identities -> %LocalAppData%\Identities -> [Folder | Modified Date = 02/02/2008 7:39:45 PM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 02/02/2008 2:48:17 PM | Attr = ]
Mozilla -> %LocalAppData%\Mozilla -> [Folder | Modified Date = 28/01/2008 10:59:10 PM | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 28/01/2008 11:55:14 PM | Attr = R ]
My Chat Logs -> %UserDocuments%\My Chat Logs -> [Folder | Modified Date = 01/02/2008 2:23:03 AM | Attr = ]
My eBooks -> %UserDocuments%\My eBooks -> [Folder | Modified Date = 29/01/2008 9:49:34 AM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 02/02/2008 11:53:58 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 02/02/2008 2:39:52 PM | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 29/01/2008 1:30:24 AM | Attr = ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 579 bytes | Modified Date = 07/02/2008 3:02:03 PM | Attr = ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 29/01/2008 12:09:17 AM | Attr = R ]
?????? -> %UserDocuments%\我的交談記錄 -> [Folder | Modified Date = 29/01/2008 10:02:32 AM | Attr = ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Modified Date = 06/02/2008 7:25:30 PM | Attr = ]
CyberLink Multimedia Launcher.lnk -> %AllUsersDesktop%\CyberLink Multimedia Launcher.lnk -> [Ver = | Size = 1900 bytes | Modified Date = 03/02/2008 3:40:32 PM | Attr = ]
Google Updater.lnk -> %AllUsersDesktop%\Google Updater.lnk -> [Ver = | Size = 890 bytes | Modified Date = 02/02/2008 2:16:05 PM | Attr = ]
Microsoft Mouse.lnk -> %AllUsersDesktop%\Microsoft Mouse.lnk -> [Ver = | Size = 1868 bytes | Modified Date = 28/01/2008 10:57:13 PM | Attr = ]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 28/01/2008 10:58:46 PM | Attr = ]
RealPlayer.lnk -> %AllUsersDesktop%\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Modified Date = 02/02/2008 3:56:36 PM | Attr = ]
Ventrilo.lnk -> %AllUsersDesktop%\Ventrilo.lnk -> [Ver = | Size = 630 bytes | Modified Date = 02/02/2008 4:43:50 PM | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 07/02/2008 4:20:04 PM | Attr = ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 02/02/2008 3:58:52 PM | Attr = ]
Chinese Songs -> %UserDesktop%\Chinese Songs -> [Folder | Modified Date = 02/02/2008 2:41:15 PM | Attr = ]
Computer Engineer Notes -> %UserDesktop%\Computer Engineer Notes -> [Folder | Modified Date = 04/02/2008 5:56:58 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 05/02/2008 6:07:16 PM | Attr = ]
Lucky -> %UserDesktop%\Lucky -> [Folder | Modified Date = 28/01/2008 11:36:22 PM | Attr = ]
MapleStory -> %UserDesktop%\MapleStory -> [Folder | Modified Date = 02/02/2008 4:44:31 PM | Attr = ]
MapleStory.lnk -> %UserDesktop%\MapleStory.lnk -> [Ver = | Size = 2355 bytes | Modified Date = 07/02/2008 3:41:54 PM | Attr = ]
MDinstall.exe -> %UserDesktop%\MDinstall.exe -> [Ver = | Size = 27516951 bytes | Modified Date = 03/02/2008 11:09:10 PM | Attr = ]
Microsoft Office Word 2003.lnk -> %UserDesktop%\Microsoft Office Word 2003.lnk -> [Ver = | Size = 2497 bytes | Modified Date = 04/02/2008 6:51:26 PM | Attr = ]
Notepad.lnk -> %UserDesktop%\Notepad.lnk -> [Ver = | Size = 1519 bytes | Modified Date = 02/02/2008 2:31:26 PM | Attr = ]
Paint.lnk -> %UserDesktop%\Paint.lnk -> [Ver = | Size = 1515 bytes | Modified Date = 02/02/2008 2:40:33 PM | Attr = ]
Spyware Doctor.lnk -> %UserDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 780 bytes | Modified Date = 02/02/2008 2:17:12 PM | Attr = ]
Stars -> %UserDesktop%\Stars -> [Folder | Modified Date = 02/02/2008 2:12:41 PM | Attr = ]
The Gentle Crackdown II 11.rmvb -> %UserDesktop%\The Gentle Crackdown II 11.rmvb -> [Ver = | Size = 221997187 bytes | Modified Date = 07/02/2008 1:02:13 AM | Attr = ]
The Gentle Crackdown II 12.rmvb -> %UserDesktop%\The Gentle Crackdown II 12.rmvb -> [Ver = | Size = 228090735 bytes | Modified Date = 07/02/2008 3:10:51 PM | Attr = ]
Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 11776 bytes | Modified Date = 02/02/2008 7:39:48 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable
VP-EYE.lnk -> %UserDesktop%\VP-EYE.lnk -> [Ver = | Size = 611 bytes | Modified Date = 03/02/2008 3:29:14 PM | Attr = ]
Windows Live Messenger .lnk -> %UserDesktop%\Windows Live Messenger .lnk -> [Ver = | Size = 1839 bytes | Modified Date = 02/02/2008 2:47:13 PM | Attr = ]
Windows Media Player.lnk -> %UserDesktop%\Windows Media Player.lnk -> [Ver = | Size = 792 bytes | Modified Date = 02/02/2008 2:48:25 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 07/02/2008 4:21:46 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478955 bytes | Modified Date = 07/02/2008 4:21:38 PM | Attr = ]
WinRAR.lnk -> %UserDesktop%\WinRAR.lnk -> [Ver = | Size = 692 bytes | Modified Date = 02/02/2008 3:59:58 PM | Attr = ]
Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk -> [Ver = | Size = 920 bytes | Modified Date = 02/02/2008 2:16:05 PM | Attr = ]
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 06/02/2008 7:25:25 PM | Attr = ]
INCA Shared -> %CommonProgramFiles%\INCA Shared -> [Folder | Modified Date = 04/02/2008 3:08:23 PM | Attr = ]
InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 03/02/2008 3:30:28 PM | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 03/02/2008 3:38:58 PM | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 02/02/2008 2:41:44 PM | Attr = ]
Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 02/02/2008 3:56:32 PM | Attr = ]
snpstd3 -> %CommonProgramFiles%\snpstd3 -> [Folder | Modified Date = 03/02/2008 3:30:49 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 02/02/2008 2:08:25 PM | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 03/02/2008 3:39:47 AM | Attr = ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 02/02/2008 2:41:15 PM | Attr = HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 02/02/2008 4:42:56 PM | Attr = ]
xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Modified Date = 02/02/2008 3:56:49 PM | Attr = ]

< End of report >


Thank you for helping me, I would also appreciate if you help me with another issue, Spyware Doctor detected Spyware.Known_Bad_Sites. Just right now, i finished scanning with Sypware Doctor to see if i still have viruses, it seems that SD did not detect anything .. I am not 100% sure all viruses are gone. I am hoping that in your next post, you will be able to help me get rid of virues ! Thank you.

Edited by kareen, 07 February 2008 - 04:31 PM.


#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:22 AM

Posted 07 February 2008 - 06:41 PM

Hi kareen. I don't see anything in the log. It's clean. It really depends on what SD finds and where it finds it. It could be that it was something in the temporary internet files folder when you were surfing. In that case, it might or might not be bad. To view web pages they must be downloaded to the machine. All the pictures, all the links, all the text. In some instances, anti-malware applications just find something they do not like which is really harmless.

The next time it does that, write down the complete text of what it finds (filename and complete path) and I'll see what it is. At this point, I'd say you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 kareen

kareen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 07 February 2008 - 06:44 PM

Thank you for helping me. I will do what you have said if i do have any viruses .




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users