Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Smitfraud (core.cache.dsk)


  • Please log in to reply
12 replies to this topic

#1 blarg08

blarg08

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 02 February 2008 - 04:47 AM

Can't clean Smitfraud and I need help.
I'm left with C:\WINDOWS\system32\drivers\core.cache.dsk

I've used the prep guide that you have provided, but I can't seem to delete the file core.cache.dsk. I've used adwawar, spybot s&d, etc.
Before my computer was infected, it had an older version of Java. Since then I've updated the program.
Any help would be greatly appreciated. Thanks!

Here is my HijackThis file:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:00 AM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mps/en-us/mps8/s...mp;dtag=cl5n5b1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F59DE68-1155-4295-98AF-43FAF7685876} - C:\WINDOWS\system32\vtutr.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {81DF6124-8713-41D5-2191-4FA0180BC00B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {E7895DD4-735B-4E77-82A2-1F00042EA3EC} - (no file)
O2 - BHO: (no name) - {FABEDCBD-F121-4F4A-ACD7-E04CB04A5C47} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA6920] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4489] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1300] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2047] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8684] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5790] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://vep.intel.com/Entriq_3_6_0_15_Silent.cab
O20 - Winlogon Notify: tuvvsqn - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13199 bytes

BC AdBot (Login to Remove)

 


m

#2 blarg08

blarg08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 02 February 2008 - 02:46 PM

!

#3 blarg08

blarg08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 03 February 2008 - 12:33 PM

!

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:20 PM

Posted 07 February 2008 - 01:07 AM

Hello blarg08 and welcome to the BC HijackThis forum. Let's see what else we can find.

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 blarg08

blarg08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 07 February 2008 - 10:51 PM

Thanks for the reply OT. Here is the WinPFind35U File:

WinPFind35 logfile created on: 2/7/2008 9:40:28 PM
WinPFind35U Version Beta46	 Folder = C:\Documents and Settings\Mausi\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.33% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 114.39 Gb Free Space | 79.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: 
Current User Name: Mausi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0  nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 9:20:44 PM | Attr =	]
lgdcore.exe -> %ProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 1122304 bytes | Modified Date = 3/6/2006 9:31:52 AM | Attr =	]
lcdmon.exe -> %ProgramFiles%\Logitech\G-series Software\LCDMon.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 497152 bytes | Modified Date = 3/6/2006 9:14:58 AM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 5:56:14 AM | Attr =	]
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe ->  [Ver =  | Size = 98304 bytes | Modified Date = 5/3/2006 2:12:00 AM | Attr =	]
dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
apagent.exe -> %ProgramFiles%\AirPort\APAgent.exe -> Apple Inc. [Ver = 1.2 | Size = 643072 bytes | Modified Date = 8/8/2007 2:51:08 PM | Attr =	]
versioncuecs2tray.exe -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe -> Adobe Sytems Incorporated [Ver = 2, 0, 0, 0 | Size = 856064 bytes | Modified Date = 4/4/2005 5:58:30 PM | Attr =	]
apdproxy.exe -> %ProgramFiles%\Adobe\Adobe Photoshop Lightroom\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 2/6/2007 3:30:42 PM | Attr = R  ]
acrotray.exe -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 7:52:32 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
lcdcountdown.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 378880 bytes | Modified Date = 3/6/2006 9:16:48 AM | Attr =	]
lcdpop3.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 307200 bytes | Modified Date = 3/6/2006 9:17:24 AM | Attr =	]
lcdclock.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDClock.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 198656 bytes | Modified Date = 3/6/2006 9:16:12 AM | Attr =	]
versioncuecs2.exe -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -> Adobe Systems Incorporated [Ver = 2, 0, 0, 0 | Size = 163840 bytes | Modified Date = 4/4/2005 5:58:28 PM | Attr =	]
lcdmedia.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDMedia.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 289792 bytes | Modified Date = 3/6/2006 9:15:42 AM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 12:06:00 AM | Attr = R  ]
wlan111t.exe -> %ProgramFiles%\NETGEAR\WG111T\wlan111t.exe -> NETGEAR [Ver = 1, 3, 0, 1 | Size = 884840 bytes | Modified Date = 1/25/2006 2:49:02 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 5:55:58 AM | Attr =	]
kservice.exe -> %ProgramFiles%\Kontiki\KService.exe ->  [Ver =  | Size = 3068352 bytes | Modified Date = 3/9/2007 9:05:20 PM | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr =	]
elservice.exe -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr =	]
mysqld-nt.exe -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ->  [Ver =  | Size = 3502080 bytes | Modified Date = 4/4/2005 5:58:30 PM | Attr =	]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
agent.exe -> %CommonProgramFiles%\InstallShield\UpdateService\agent.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 618496 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/21/2006 9:26:10 PM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 2/7/2008 1:47:38 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 6/23/2006 8:17:03 PM | Attr =	]
(Adobe Version Cue CS2) Adobe Version Cue CS2 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -> Adobe Systems Incorporated [Ver = 2, 0, 0, 0 | Size = 163840 bytes | Modified Date = 4/4/2005 5:58:28 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr =	]
(ELService) Intel® Quick Resume Technology Drivers [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 9/21/2007 8:40:36 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 11:06:36 PM | Attr =	]
(IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 5:55:58 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr =	]
(KService) KService [Win32_Own | Auto | Running] -> %ProgramFiles%\Kontiki\KService.exe ->  [Ver =  | Size = 3068352 bytes | Modified Date = 3/9/2007 9:05:20 PM | Attr =	]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 9:26:40 AM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 6/22/2006 12:17:30 AM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 11:51:56 AM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 9:07:44 PM | Attr =	]
(Angel2) Angel II MPEG Device [Kernel | On_Demand | Running] -> %System32%\drivers\Angel2.sys -> Lumanate, Inc. [Ver = 1,1,3,04 | Size = 380800 bytes | Modified Date = 2/4/2006 7:09:06 PM | Attr =	]
(AR5523) NETGEAR WG111T USB2.0 Wireless Card Service [Kernel | On_Demand | Running] -> %System32%\drivers\WG11TND5.sys -> NETGEAR, Inc. [Ver = 1.5.0.2102 | Size = 362944 bytes | Modified Date = 9/5/2005 10:21:06 AM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 11:52:00 AM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 11:51:58 AM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(bdfdll) bdfdll [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Softwin\BitDefender10\bdfdll.sys -> File not found
(BDFsDrv) BDFsDrv [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Softwin\BitDefender10\bdfsdrv.sys -> File not found
(BDRsDrv) BDRsDrv [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Softwin\BitDefender10\bdrsdrv.sys -> File not found
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Mausi\LOCALS~1\Temp\catchme.sys -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 11:51:54 AM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr =	]
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %System32%\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 25628 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %System32%\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 8/25/2005 10:16:52 AM | Attr =	]
(DLADResN) DLADResN [File_System | Auto | Running] -> %System32%\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 2496 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %System32%\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 86524 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %System32%\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 14684 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %System32%\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 6364 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %System32%\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 8/25/2005 10:16:16 AM | Attr =	]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %System32%\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 94332 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %System32%\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 87036 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(DNINDIS5) DNINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %System32%\DNINDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.55 | Size = 17149 bytes | Modified Date = 7/24/2003 11:10:34 AM | Attr =	]
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %System32%\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 1:30:00 AM | Attr =	]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %System32%\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 3:20:00 AM | Attr =	]
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 3:07:28 PM | Attr =	]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %System32%\drivers\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 11:10:48 AM | Attr =   S]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 10:12:10 AM | Attr =	]
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1e5132.sys -> Intel Corporation [Ver = 9.1.32.0 built by: WinDDK | Size = 176128 bytes | Modified Date = 8/25/2005 5:05:24 PM | Attr =	]
(ELacpi) ELacpi [Kernel | On_Demand | Running] -> %System32%\drivers\ELacpi.sys -> Intel Corporation [Ver = 1.0.0.1093 | Size = 7808 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr =	]
(ELhid) ELhid [Kernel | System | Running] -> %System32%\drivers\ELhid.sys -> Intel Corporation [Ver = 1.0.0.1093 | Size = 10112 bytes | Modified Date = 12/12/2005 2:52:34 PM | Attr =	]
(ELkbd) ELkbd [Kernel | System | Running] -> %System32%\drivers\ELkbd.sys -> Intel Corporation [Ver = 1.0.0.1093 | Size = 6912 bytes | Modified Date = 12/12/2005 2:52:34 PM | Attr =	]
(ELmon) ELmon [Kernel | System | Running] -> %System32%\drivers\ELmon.sys -> Intel Corporation [Ver = 1.0.0.1093 | Size = 7040 bytes | Modified Date = 12/12/2005 2:52:34 PM | Attr =	]
(ELmou) ELmou [Kernel | System | Running] -> %System32%\drivers\ELmou.sys -> Intel Corporation [Ver = 1.0.0.1093 | Size = 6400 bytes | Modified Date = 12/12/2005 2:52:34 PM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 8/12/2004 3:45:54 PM | Attr =	]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 212224 bytes | Modified Date = 11/17/2003 7:59:20 PM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 1042432 bytes | Modified Date = 11/17/2003 7:56:26 PM | Attr =	]
(iastor) Intel AHCI Controller [Kernel | Boot | Running] -> %System32%\drivers\iaStor.sys -> Intel Corporation [Ver = 5.1.0.1022 | Size = 872064 bytes | Modified Date = 6/17/2005 10:33:40 AM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %System32%\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 7/21/2006 9:29:26 PM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 4:48:08 PM | Attr =	]
(MODEMCSAA) MODEMCSAA [Kernel | System | Running] -> %System32%\drivers\MODEMCSAA.sys ->  [Ver =  | Size = 86016 bytes | Modified Date = 1/30/2008 5:19:28 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 11:52:12 AM | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 3958496 bytes | Modified Date = 8/11/2006 8:42:42 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 8/15/2007 4:33:10 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 11:52:18 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 9:07:44 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr =	]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4823.0  nd322 cp1 | Size = 1047816 bytes | Modified Date = 11/16/2005 7:36:00 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 12:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 12:07:36 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 12:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 12:07:42 PM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 11:52:22 AM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.06.00 built by: WinDDK | Size = 680704 bytes | Modified Date = 11/17/2003 7:58:02 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 7:52:32 PM | Attr =	]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Adobe Photoshop Lightroom\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 2/6/2007 3:30:42 PM | Attr = R  ]
Adobe Version Cue CS2 -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe -> Adobe Sytems Incorporated [Ver = 2, 0, 0, 0 | Size = 856064 bytes | Modified Date = 4/4/2005 5:58:30 PM | Attr =	]
AirPort Base Station Agent -> %ProgramFiles%\AirPort\APAgent.exe -> Apple Inc. [Ver = 1.2 | Size = 643072 bytes | Modified Date = 8/8/2007 2:51:08 PM | Attr =	]
DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe ->  [Ver =  | Size = 98304 bytes | Modified Date = 5/3/2006 2:12:00 AM | Attr =	]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 5:56:14 AM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
Launch LCDMon -> %ProgramFiles%\Logitech\G-series Software\LCDMon.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 497152 bytes | Modified Date = 3/6/2006 9:14:58 AM | Attr =	]
Launch LGDCore -> %ProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 1122304 bytes | Modified Date = 3/6/2006 9:31:52 AM | Attr =	]
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 8/12/2005 3:16:44 PM | Attr =	]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr =	]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 86016 bytes | Modified Date = 8/11/2006 8:43:04 PM | Attr =	]
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1519616 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr =	]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0  nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 9:20:44 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/21/2006 9:26:10 PM | Attr =	]
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
SpybotDeletingA1300 -> %System32%\command.com ->  [Ver =  | Size = 50620 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
SpybotDeletingA6920 -> %System32%\command.com ->  [Ver =  | Size = 50620 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
Zinio DLM -> %ProgramFiles%\Zinio\ZinioDeliveryManager.exe -> File not found
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
SpybotDeletingB8684 -> %System32%\command.com ->  [Ver =  | Size = 50620 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ->  [Ver =  | Size = 25214 bytes | Modified Date = 9/23/2007 3:32:33 PM | Attr = R  ]
%AllUsersStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 6:16:50 PM | Attr =	]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 12:48:20 AM | Attr =	]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/22/2006 11:01:50 PM | Attr =	]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 12:06:00 AM | Attr = R  ]
%AllUsersStartup%\NETGEAR WG111T Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WG111T\wlan111t.exe -> NETGEAR [Ver = 1, 3, 0, 1 | Size = 884840 bytes | Modified Date = 1/25/2006 2:49:02 PM | Attr =	]
< Mausi Startup Folder > -> C:\Documents and Settings\Mausi\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
tuvvsqn ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (223759 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4186 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
34 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4184 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =	]
{2F59DE68-1155-4295-98AF-43FAF7685876} [HKEY_LOCAL_MACHINE] -> %System32%\vtutr.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{81DF6124-8713-41D5-2191-4FA0180BC00B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/8/2007 12:03:59 AM | Attr =	]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/22/2006 5:00:30 PM | Attr =	]
{E7895DD4-735B-4E77-82A2-1F00042EA3EC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{FABEDCBD-F121-4F4A-ACD7-E04CB04A5C47} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:BandCLSID -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 516096 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{E6A4C19A-9475-4597-BD7A-181D2A0DB8F4} ->	(Intel(R) PRO/1000 PL Network Connection) -> 
{F5594A2D-CFE0-4AFD-AFFB-7110F2CEC780} ->	() -> 
{F913C533-F3A7-461A-9F01-C01A3095CC90} ->	(NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01A88BB1-1174-41EC-ACCB-963509EAE56B}[HKEY_LOCAL_MACHINE] -> http://support.dell.com/systemprofiler/SysPro.CAB[SysProWmi Class] -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://www.crucial.com/controls/cpcScanner.cab[Crucial cpcScan] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43}[HKEY_LOCAL_MACHINE] -> http://vep.intel.com/Entriq_3_6_0_15_Silent.cab[Reg Error: Key does not exist or could not be opened.] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 952 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 24083 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 10:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 10:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 1/31/2008 1:03:33 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145554432 bytes | Created Date = 1/31/2008 2:56:39 AM | Attr =  HS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 1/30/2008 11:15:07 PM | Attr =	]
Temp -> %SystemDrive%\Temp ->  [Folder | Created Date = 1/30/2008 5:19:24 PM | Attr =	]
core.cache.dsk -> %System32%\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Created Date = 1/31/2008 2:56:34 AM | Attr =	]
MODEMCSAA.sys -> %System32%\drivers\MODEMCSAA.sys ->  [Ver =  | Size = 86016 bytes | Created Date = 1/30/2008 5:19:28 PM | Attr =	]
bdod.bin -> %System32%\bdod.bin ->  [Ver =  | Size = 81984 bytes | Created Date = 2/1/2008 1:15:50 AM | Attr =	]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]
DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 1/9/2008 5:18:18 AM | Attr =	]
divxsm.tlb -> %System32%\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Created Date = 1/9/2008 5:18:18 AM | Attr =	]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Created Date = 1/9/2008 5:16:02 AM | Attr =	]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]
dpl100.dll.manifest -> %System32%\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]
dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]
dtu100.dll.manifest -> %System32%\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 1/9/2008 5:16:10 AM | Attr =	]
gis6 -> %System32%\gis6 ->  [Folder | Created Date = 1/30/2008 5:19:27 PM | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 1/9/2008 5:18:00 AM | Attr =	]
ms9 -> %System32%\ms9 ->  [Folder | Created Date = 1/30/2008 5:19:27 PM | Attr =	]
nGpxx01 -> %System32%\nGpxx01 ->  [Folder | Created Date = 1/30/2008 5:19:25 PM | Attr =	]
qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Created Date = 1/9/2008 5:18:12 AM | Attr =	]
rip4 -> %System32%\rip4 ->  [Folder | Created Date = 1/30/2008 5:19:27 PM | Attr =	]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 1/9/2008 5:18:00 AM | Attr =	]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
tps5 -> %System32%\tps5 ->  [Folder | Created Date = 1/30/2008 5:19:27 PM | Attr =	]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 1/30/2008 11:15:31 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 229 bytes | Created Date = 2/1/2008 12:41:29 AM | Attr =	]
YWRtaW4 -> %SystemRoot%\YWRtaW4 ->  [Folder | Created Date = 1/30/2008 5:19:39 PM | Attr =  HS]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
BitDefender -> %AllUsersAppData%\BitDefender ->  [Folder | Created Date = 2/1/2008 1:13:04 AM | Attr =	]
Dell -> %AllUsersAppData%\Dell ->  [Folder | Created Date = 1/24/2008 12:53:07 AM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/31/2008 1:37:54 PM | Attr =	]
Rabio -> %AllUsersAppData%\Rabio ->  [Folder | Created Date = 1/30/2008 5:20:12 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 1/30/2008 5:54:47 PM | Attr =	]
Entriq -> %LocalAppData%\Entriq ->  [Folder | Created Date = 1/30/2008 5:28:15 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/31/2008 1:37:55 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/31/2008 1:37:55 PM | Attr =	]
DivX Converter.lnk -> %AllUsersDesktop%\DivX Converter.lnk ->  [Ver =  | Size = 806 bytes | Created Date = 1/31/2008 2:00:59 AM | Attr =	]
DivX Player.lnk -> %AllUsersDesktop%\DivX Player.lnk ->  [Ver =  | Size = 795 bytes | Created Date = 1/31/2008 2:01:17 AM | Attr =	]
0spy -> %UserDesktop%\0spy ->  [Folder | Created Date = 1/31/2008 1:34:46 PM | Attr =	]
ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1592008 bytes | Created Date = 1/30/2008 11:12:44 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier
DivX Movies.lnk -> %UserDesktop%\DivX Movies.lnk ->  [Ver =  | Size = 1425 bytes | Created Date = 1/31/2008 2:01:04 AM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 1/31/2008 2:21:34 AM | Attr =	]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/31/2008 2:21:22 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Preparation Guide For Use Before Posting A Hijackthis Log.pdf -> %UserDesktop%\Preparation Guide For Use Before Posting A Hijackthis Log.pdf ->  [Ver =  | Size = 0 bytes | Created Date = 1/31/2008 4:37:46 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 1/31/2008 11:56:14 PM | Attr =	]
spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Created Date = 1/31/2008 12:01:17 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd152.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2/7/2008 9:38:48 PM | Attr =	]
Adobe Acrobat Speed Launcher.lnk -> %AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk ->  [Ver =  | Size = 2359 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
Adobe Gamma.lnk -> %AllUsersStartup%\Adobe Gamma.lnk ->  [Ver =  | Size = 988 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk ->  [Ver =  | Size = 1746 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
Adobe Reader Synchronizer.lnk -> %AllUsersStartup%\Adobe Reader Synchronizer.lnk ->  [Ver =  | Size = 1788 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
Digital Line Detect.lnk -> %AllUsersStartup%\Digital Line Detect.lnk ->  [Ver =  | Size = 493 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
NETGEAR WG111T Smart Wizard.lnk -> %AllUsersStartup%\NETGEAR WG111T Smart Wizard.lnk ->  [Ver =  | Size = 1473 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
Softwin -> %CommonProgramFiles%\Softwin ->  [Folder | Created Date = 2/1/2008 1:12:29 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 209 bytes | Modified Date = 1/30/2008 11:59:01 PM | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 1/31/2008 1:22:01 AM | Attr =	]
drmHeader.bin -> %SystemDrive%\drmHeader.bin ->  [Ver =  | Size = 120 bytes | Modified Date = 1/24/2008 2:56:21 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145554432 bytes | Modified Date = 2/1/2008 2:12:37 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/1/2008 1:13:03 AM | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 1/31/2008 1:21:58 AM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 1/30/2008 9:33:08 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/30/2008 8:55:59 PM | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 1/31/2008 1:18:39 AM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/2/2008 3:27:46 AM | Attr =	]
core.cache.dsk -> %System32%\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Modified Date = 1/31/2008 2:56:35 AM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2/2/2008 1:45:02 AM | Attr =	]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 223759 bytes | Modified Date = 1/31/2008 11:58:12 PM | Attr =	]
hosts.20080131-235812.backup -> %System32%\drivers\etc\hosts.20080131-235812.backup ->  [Ver =  | Size = 27 bytes | Modified Date = 1/31/2008 1:19:09 AM | Attr =	]
hosts.20080131-235837.backup -> %System32%\drivers\etc\hosts.20080131-235837.backup ->  [Ver =  | Size = 223759 bytes | Modified Date = 1/31/2008 11:58:12 PM | Attr =	]
hosts.20080202-014502.backup -> %System32%\drivers\etc\hosts.20080202-014502.backup ->  [Ver =  | Size = 223759 bytes | Modified Date = 1/31/2008 11:58:12 PM | Attr =	]
MODEMCSAA.sys -> %System32%\drivers\MODEMCSAA.sys ->  [Ver =  | Size = 86016 bytes | Modified Date = 1/30/2008 5:19:28 PM | Attr =	]
029E806D1E.sys -> %System32%\029E806D1E.sys ->  [Ver =  | Size = 88 bytes | Modified Date = 1/27/2008 1:35:33 AM | Attr = RHS]
17A515 -> %System32%\17A515 ->  [Ver =  | Size = 4 bytes | Modified Date = 1/30/2008 10:50:36 PM | Attr =	]
appmgmt -> %System32%\appmgmt ->  [Folder | Modified Date = 2/1/2008 1:43:47 AM | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
bdod.bin -> %System32%\bdod.bin ->  [Ver =  | Size = 81984 bytes | Modified Date = 2/1/2008 1:38:45 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/1/2008 2:13:00 PM | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 1/30/2008 11:17:47 PM | Attr =	]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]
divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Modified Date = 1/9/2008 5:15:58 AM | Attr =	]
DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 1/9/2008 5:18:18 AM | Attr =	]
divxsm.tlb -> %System32%\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Modified Date = 1/9/2008 5:18:18 AM | Attr =	]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Modified Date = 1/9/2008 5:16:02 AM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 1/9/2008 3:00:46 AM | Attr = RHS]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]
dpl100.dll.manifest -> %System32%\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/31/2008 1:37:54 PM | Attr =	]
dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]
dtu100.dll.manifest -> %System32%\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 1/9/2008 5:16:10 AM | Attr =	]
gis6 -> %System32%\gis6 ->  [Folder | Modified Date = 1/31/2008 5:28:15 PM | Attr =	]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys ->  [Ver =  | Size = 3766 bytes | Modified Date = 1/27/2008 1:35:34 AM | Attr =  HS]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 1/9/2008 5:18:00 AM | Attr =	]
mcs.rma -> %System32%\mcs.rma ->  [Ver =  | Size = 870128 bytes | Modified Date = 1/30/2008 10:50:36 PM | Attr =	]
ms9 -> %System32%\ms9 ->  [Folder | Modified Date = 1/30/2008 5:19:27 PM | Attr =	]
nGpxx01 -> %System32%\nGpxx01 ->  [Folder | Modified Date = 1/30/2008 5:19:25 PM | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 81400 bytes | Modified Date = 2/1/2008 3:35:22 PM | Attr =	]
qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Modified Date = 1/9/2008 5:18:12 AM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/30/2008 8:55:59 PM | Attr =	]
rip4 -> %System32%\rip4 ->  [Folder | Modified Date = 1/31/2008 5:28:15 PM | Attr =	]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 1/9/2008 5:18:00 AM | Attr =	]
tps5 -> %System32%\tps5 ->  [Folder | Modified Date = 1/30/2008 5:19:27 PM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 1/30/2008 5:47:33 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2/1/2008 11:07:39 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/1/2008 2:12:43 PM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 1/30/2008 11:17:38 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Modified Date = 1/9/2008 3:00:42 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/9/2008 3:00:47 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/1/2008 1:43:23 AM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/7/2008 9:38:28 PM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 1/30/2008 7:20:46 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/1/2008 3:57:00 PM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/1/2008 2:13:06 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 1/31/2008 1:19:13 AM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2/1/2008 1:44:37 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/31/2008 1:04:51 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/7/2008 9:37:17 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 477 bytes | Modified Date = 1/30/2008 11:59:01 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 229 bytes | Modified Date = 2/2/2008 3:27:16 AM | Attr =	]
YWRtaW4 -> %SystemRoot%\YWRtaW4 ->  [Folder | Modified Date = 2/1/2008 1:21:18 AM | Attr =  HS]
McAfee.com Scan for Viruses - My Computer (DCL5N5B1-admin).job -> %SystemRoot%\tasks\McAfee.com Scan for Viruses - My Computer (DCL5N5B1-admin).job ->  [Ver =  | Size = 350 bytes | Modified Date = 1/25/2008 6:30:00 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/1/2008 2:12:47 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/31/2008 11:10:48 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/31/2008 11:10:48 PM | Attr =	]
Perflib_Perfdata_630.dat -> C:\Documents and Settings\Mausi\Local Settings\Temp\Perflib_Perfdata_630.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 2:12:54 PM | Attr =	]
Perflib_Perfdata_6ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/1/2008 2:15:22 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
BitDefender -> %AllUsersAppData%\BitDefender ->  [Folder | Modified Date = 2/1/2008 1:13:26 AM | Attr =	]
Dell -> %AllUsersAppData%\Dell ->  [Folder | Modified Date = 1/24/2008 12:53:07 AM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/31/2008 1:38:22 PM | Attr =	]
QTSBandwidthCache -> %AllUsersAppData%\QTSBandwidthCache ->  [Ver =  | Size = 3326 bytes | Modified Date = 1/10/2008 1:05:38 PM | Attr =	]
Rabio -> %AllUsersAppData%\Rabio ->  [Folder | Modified Date = 1/30/2008 6:19:54 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/1/2008 12:41:37 AM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 1/31/2008 4:33:46 PM | Attr =	]
Adobe -> %LocalAppData%\Adobe ->  [Folder | Modified Date = 1/31/2008 4:38:34 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 73216 bytes | Modified Date = 2/1/2008 2:57:12 PM | Attr =	]
Entriq -> %LocalAppData%\Entriq ->  [Folder | Modified Date = 1/30/2008 5:28:15 PM | Attr =	]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 1/30/2008 7:57:27 PM | Attr =	]
My Videos -> %AllUsersDocuments%\My Videos ->  [Folder | Modified Date = 2/1/2008 10:26:14 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/31/2008 12:28:27 AM | Attr = R  ]
My Videos -> %UserDocuments%\My Videos ->  [Folder | Modified Date = 2/1/2008 3:33:41 PM | Attr = R  ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/31/2008 1:37:55 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/31/2008 1:37:55 PM | Attr =	]
DivX Converter.lnk -> %AllUsersDesktop%\DivX Converter.lnk ->  [Ver =  | Size = 806 bytes | Modified Date = 1/31/2008 2:00:59 AM | Attr =	]
DivX Player.lnk -> %AllUsersDesktop%\DivX Player.lnk ->  [Ver =  | Size = 795 bytes | Modified Date = 1/31/2008 2:01:17 AM | Attr =	]
0spy -> %UserDesktop%\0spy ->  [Folder | Modified Date = 2/7/2008 9:38:16 PM | Attr =	]
ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1592008 bytes | Modified Date = 1/30/2008 11:12:49 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier
DivX Movies.lnk -> %UserDesktop%\DivX Movies.lnk ->  [Ver =  | Size = 1425 bytes | Modified Date = 1/31/2008 2:01:21 AM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 1/31/2008 2:21:34 AM | Attr =	]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/31/2008 2:21:31 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Preparation Guide For Use Before Posting A Hijackthis Log.pdf -> %UserDesktop%\Preparation Guide For Use Before Posting A Hijackthis Log.pdf ->  [Ver =  | Size = 0 bytes | Modified Date = 1/31/2008 4:37:46 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 1/31/2008 11:56:14 PM | Attr =	]
spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 1/31/2008 12:01:17 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd152.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2/7/2008 9:38:48 PM | Attr =	]
Adobe Acrobat Speed Launcher.lnk -> %AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk ->  [Ver =  | Size = 2359 bytes | Modified Date = 2/1/2008 3:35:29 PM | Attr =	]
Softwin -> %CommonProgramFiles%\Softwin ->  [Folder | Modified Date = 2/1/2008 1:39:10 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 1/31/2008 1:37:05 PM | Attr =	]

< End of report >


#6 blarg08

blarg08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 07 February 2008 - 10:52 PM

I have another question: I used IE and Firefox on another account on the same computer, will I have to run the programs you told me to on the other account?

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:20 PM

Posted 08 February 2008 - 01:48 AM

Hi blarg08. Let's see what we can do with this. One thing I do not see in the log is an anti-virus application. I would highly recommend that one gets installed on this machine as soon as it's cleaned up. For now, follow the steps below in order.

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (MODEMCSAA) MODEMCSAA [Kernel | System | Running] -> %System32%\drivers\MODEMCSAA.sys
[Registry - Non-Microsoft Only]
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> SpybotDeletingA1300 -> %System32%\command.com
YN -> SpybotDeletingA6920 -> %System32%\command.com
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> SpybotDeletingB8684 -> %System32%\command.com
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> tuvvsqn -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {2F59DE68-1155-4295-98AF-43FAF7685876} [HKEY_LOCAL_MACHINE] -> %System32%\vtutr.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {81DF6124-8713-41D5-2191-4FA0180BC00B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {E7895DD4-735B-4E77-82A2-1F00042EA3EC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {FABEDCBD-F121-4F4A-ACD7-E04CB04A5C47} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console]
YN -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
NY -> core.cache.dsk -> %System32%\drivers\core.cache.dsk
NY -> MODEMCSAA.sys -> %System32%\drivers\MODEMCSAA.sys
NY -> gis6 -> %System32%\gis6
NY -> ms9 -> %System32%\ms9
NY -> nGpxx01 -> %System32%\nGpxx01
NY -> rip4 -> %System32%\rip4
NY -> tps5 -> %System32%\tps5
NY -> YWRtaW4 -> %SystemRoot%\YWRtaW4
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> Rabio -> %AllUsersAppData%\Rabio
[Files/Folders - Modified Within 30 days]
NY -> core.cache.dsk -> %System32%\drivers\core.cache.dsk
NY -> MODEMCSAA.sys -> %System32%\drivers\MODEMCSAA.sys
NY -> 029E806D1E.sys -> %System32%\029E806D1E.sys
NY -> 17A515 -> %System32%\17A515
NY -> gis6 -> %System32%\gis6
NY -> ms9 -> %System32%\ms9
NY -> nGpxx01 -> %System32%\nGpxx01
NY -> rip4 -> %System32%\rip4
NY -> tps5 -> %System32%\tps5
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> Entriq -> %LocalAppData%\Entriq
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report (take the default settings along with the Additional Folder Scans option in the Additional Scans section)
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 blarg08

blarg08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 08 February 2008 - 09:02 PM

New WinPFind35U:

WinPFind35 logfile created on: 2/8/2008 7:53:03 PM
WinPFind35U Version Beta46	 Folder = C:\Documents and Settings\Mausi\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.68% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 114.25 Gb Free Space | 79.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: 
Current User Name: Mausi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
versioncuecs2.exe -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -> Adobe Systems Incorporated [Ver = 2, 0, 0, 0 | Size = 163840 bytes | Modified Date = 4/4/2005 5:58:28 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 5:55:58 AM | Attr =	]
kservice.exe -> %ProgramFiles%\Kontiki\KService.exe ->  [Ver =  | Size = 3068352 bytes | Modified Date = 3/9/2007 9:05:20 PM | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr =	]
elservice.exe -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr =	]
mysqld-nt.exe -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ->  [Ver =  | Size = 3502080 bytes | Modified Date = 4/4/2005 5:58:30 PM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/21/2006 9:26:10 PM | Attr =	]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0  nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 9:20:44 PM | Attr =	]
lgdcore.exe -> %ProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 1122304 bytes | Modified Date = 3/6/2006 9:31:52 AM | Attr =	]
lcdmon.exe -> %ProgramFiles%\Logitech\G-series Software\LCDMon.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 497152 bytes | Modified Date = 3/6/2006 9:14:58 AM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 5:56:14 AM | Attr =	]
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe ->  [Ver =  | Size = 98304 bytes | Modified Date = 5/3/2006 2:12:00 AM | Attr =	]
dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
apagent.exe -> %ProgramFiles%\AirPort\APAgent.exe -> Apple Inc. [Ver = 1.2 | Size = 643072 bytes | Modified Date = 8/8/2007 2:51:08 PM | Attr =	]
versioncuecs2tray.exe -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe -> Adobe Sytems Incorporated [Ver = 2, 0, 0, 0 | Size = 856064 bytes | Modified Date = 4/4/2005 5:58:30 PM | Attr =	]
apdproxy.exe -> %ProgramFiles%\Adobe\Adobe Photoshop Lightroom\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 2/6/2007 3:30:42 PM | Attr = R  ]
acrotray.exe -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 7:52:32 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
lcdcountdown.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 378880 bytes | Modified Date = 3/6/2006 9:16:48 AM | Attr =	]
lcdpop3.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 307200 bytes | Modified Date = 3/6/2006 9:17:24 AM | Attr =	]
lcdmedia.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDMedia.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 289792 bytes | Modified Date = 3/6/2006 9:15:42 AM | Attr =	]
lcdclock.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDClock.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 198656 bytes | Modified Date = 3/6/2006 9:16:12 AM | Attr =	]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 12:06:00 AM | Attr = R  ]
wlan111t.exe -> %ProgramFiles%\NETGEAR\WG111T\wlan111t.exe -> NETGEAR [Ver = 1, 3, 0, 1 | Size = 884840 bytes | Modified Date = 1/25/2006 2:49:02 PM | Attr =	]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 2/7/2008 1:47:38 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 6/23/2006 8:17:03 PM | Attr =	]
(Adobe Version Cue CS2) Adobe Version Cue CS2 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -> Adobe Systems Incorporated [Ver = 2, 0, 0, 0 | Size = 163840 bytes | Modified Date = 4/4/2005 5:58:28 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr =	]
(ELService) Intel® Quick Resume Technology Drivers [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 9/21/2007 8:40:36 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 11:06:36 PM | Attr =	]
(IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 5:55:58 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr =	]
(KService) KService [Win32_Own | Auto | Running] -> %ProgramFiles%\Kontiki\KService.exe ->  [Ver =  | Size = 3068352 bytes | Modified Date = 3/9/2007 9:05:20 PM | Attr =	]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 9:26:40 AM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 7:52:32 PM | Attr =	]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Adobe Photoshop Lightroom\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 2/6/2007 3:30:42 PM | Attr = R  ]
Adobe Version Cue CS2 -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe -> Adobe Sytems Incorporated [Ver = 2, 0, 0, 0 | Size = 856064 bytes | Modified Date = 4/4/2005 5:58:30 PM | Attr =	]
AirPort Base Station Agent -> %ProgramFiles%\AirPort\APAgent.exe -> Apple Inc. [Ver = 1.2 | Size = 643072 bytes | Modified Date = 8/8/2007 2:51:08 PM | Attr =	]
DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe ->  [Ver =  | Size = 98304 bytes | Modified Date = 5/3/2006 2:12:00 AM | Attr =	]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 5:56:14 AM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
Launch LCDMon -> %ProgramFiles%\Logitech\G-series Software\LCDMon.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 497152 bytes | Modified Date = 3/6/2006 9:14:58 AM | Attr =	]
Launch LGDCore -> %ProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 1122304 bytes | Modified Date = 3/6/2006 9:31:52 AM | Attr =	]
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 8/12/2005 3:16:44 PM | Attr =	]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr =	]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 86016 bytes | Modified Date = 8/11/2006 8:43:04 PM | Attr =	]
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1519616 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr =	]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0  nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 9:20:44 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/21/2006 9:26:10 PM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
Zinio DLM -> %ProgramFiles%\Zinio\ZinioDeliveryManager.exe -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ->  [Ver =  | Size = 25214 bytes | Modified Date = 9/23/2007 3:32:33 PM | Attr = R  ]
%AllUsersStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 6:16:50 PM | Attr =	]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 12:48:20 AM | Attr =	]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/22/2006 11:01:50 PM | Attr =	]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 12:06:00 AM | Attr = R  ]
%AllUsersStartup%\NETGEAR WG111T Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WG111T\wlan111t.exe -> NETGEAR [Ver = 1, 3, 0, 1 | Size = 884840 bytes | Modified Date = 1/25/2006 2:49:02 PM | Attr =	]
< Mausi Startup Folder > -> C:\Documents and Settings\Mausi\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]
tuvvsqn ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (223759 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4186 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
34 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4184 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =	]
{2F59DE68-1155-4295-98AF-43FAF7685876} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{81DF6124-8713-41D5-2191-4FA0180BC00B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/8/2007 12:03:59 AM | Attr =	]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/22/2006 5:00:30 PM | Attr =	]
{E7895DD4-735B-4E77-82A2-1F00042EA3EC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{FABEDCBD-F121-4F4A-ACD7-E04CB04A5C47} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:BandCLSID -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 516096 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{E6A4C19A-9475-4597-BD7A-181D2A0DB8F4} ->	(Intel(R) PRO/1000 PL Network Connection) -> 
{F5594A2D-CFE0-4AFD-AFFB-7110F2CEC780} ->	() -> 
{F913C533-F3A7-461A-9F01-C01A3095CC90} ->	(NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01A88BB1-1174-41EC-ACCB-963509EAE56B}[HKEY_LOCAL_MACHINE] -> http://support.dell.com/systemprofiler/SysPro.CAB[SysProWmi Class] -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://www.crucial.com/controls/cpcScanner.cab[Crucial cpcScan] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43}[HKEY_LOCAL_MACHINE] -> http://vep.intel.com/Entriq_3_6_0_15_Silent.cab[Reg Error: Key does not exist or could not be opened.] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 



[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 1/31/2008 1:03:33 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145554432 bytes | Created Date = 1/31/2008 2:56:39 AM | Attr =  HS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 1/30/2008 11:15:07 PM | Attr =	]
Temp -> %SystemDrive%\Temp ->  [Folder | Created Date = 1/30/2008 5:19:24 PM | Attr =	]
core.cache.dsk -> %System32%\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Created Date = 1/31/2008 2:56:34 AM | Attr =	]
MODEMCSAA.sys -> %System32%\drivers\MODEMCSAA.sys ->  [Ver =  | Size = 86016 bytes | Created Date = 1/30/2008 5:19:28 PM | Attr =	]
bdod.bin -> %System32%\bdod.bin ->  [Ver =  | Size = 81984 bytes | Created Date = 2/1/2008 1:15:50 AM | Attr =	]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 1/30/2008 11:15:31 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 229 bytes | Created Date = 2/1/2008 12:41:29 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
BitDefender -> %AllUsersAppData%\BitDefender ->  [Folder | Created Date = 2/1/2008 1:13:04 AM | Attr =	]
Dell -> %AllUsersAppData%\Dell ->  [Folder | Created Date = 1/24/2008 12:53:07 AM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/31/2008 1:37:54 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 1/30/2008 5:54:47 PM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/8/2008 1:13:54 PM | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2/8/2008 1:13:49 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/31/2008 1:37:55 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/31/2008 1:37:55 PM | Attr =	]
DivX Converter.lnk -> %AllUsersDesktop%\DivX Converter.lnk ->  [Ver =  | Size = 806 bytes | Created Date = 1/31/2008 2:00:59 AM | Attr =	]
DivX Player.lnk -> %AllUsersDesktop%\DivX Player.lnk ->  [Ver =  | Size = 795 bytes | Created Date = 1/31/2008 2:01:17 AM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 2/8/2008 1:13:51 PM | Attr =	]
0spy -> %UserDesktop%\0spy ->  [Folder | Created Date = 1/31/2008 1:34:46 PM | Attr =	]
ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1592008 bytes | Created Date = 1/30/2008 11:12:44 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier
DivX Movies.lnk -> %UserDesktop%\DivX Movies.lnk ->  [Ver =  | Size = 1425 bytes | Created Date = 1/31/2008 2:01:04 AM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 1/31/2008 2:21:34 AM | Attr =	]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/31/2008 2:21:22 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Logs -> %UserDesktop%\Logs ->  [Folder | Created Date = 2/8/2008 7:48:44 PM | Attr =	]
Preparation Guide For Use Before Posting A Hijackthis Log.pdf -> %UserDesktop%\Preparation Guide For Use Before Posting A Hijackthis Log.pdf ->  [Ver =  | Size = 0 bytes | Created Date = 1/31/2008 4:37:46 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 1/31/2008 11:56:14 PM | Attr =	]
spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Created Date = 1/31/2008 12:01:17 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd152.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2/7/2008 9:38:48 PM | Attr =	]
Adobe Acrobat Speed Launcher.lnk -> %AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk ->  [Ver =  | Size = 2359 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
Adobe Gamma.lnk -> %AllUsersStartup%\Adobe Gamma.lnk ->  [Ver =  | Size = 988 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk ->  [Ver =  | Size = 1746 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
Adobe Reader Synchronizer.lnk -> %AllUsersStartup%\Adobe Reader Synchronizer.lnk ->  [Ver =  | Size = 1788 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
Digital Line Detect.lnk -> %AllUsersStartup%\Digital Line Detect.lnk ->  [Ver =  | Size = 493 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
NETGEAR WG111T Smart Wizard.lnk -> %AllUsersStartup%\NETGEAR WG111T Smart Wizard.lnk ->  [Ver =  | Size = 1473 bytes | Created Date = 1/30/2008 8:54:53 PM | Attr =	]
Softwin -> %CommonProgramFiles%\Softwin ->  [Folder | Created Date = 2/1/2008 1:12:29 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 209 bytes | Modified Date = 1/30/2008 11:59:01 PM | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 1/31/2008 1:22:01 AM | Attr =	]
drmHeader.bin -> %SystemDrive%\drmHeader.bin ->  [Ver =  | Size = 120 bytes | Modified Date = 1/24/2008 2:56:21 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145554432 bytes | Modified Date = 2/8/2008 7:46:26 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/8/2008 1:13:49 PM | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 1/31/2008 1:21:58 AM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 1/30/2008 9:33:08 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/30/2008 8:55:59 PM | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 1/31/2008 1:18:39 AM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/8/2008 7:46:43 PM | Attr =	]
core.cache.dsk -> %System32%\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Modified Date = 2/8/2008 7:46:23 PM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2/2/2008 1:45:02 AM | Attr =	]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 223759 bytes | Modified Date = 1/31/2008 11:58:12 PM | Attr =	]
hosts.20080131-235812.backup -> %System32%\drivers\etc\hosts.20080131-235812.backup ->  [Ver =  | Size = 27 bytes | Modified Date = 1/31/2008 1:19:09 AM | Attr =	]
hosts.20080131-235837.backup -> %System32%\drivers\etc\hosts.20080131-235837.backup ->  [Ver =  | Size = 223759 bytes | Modified Date = 1/31/2008 11:58:12 PM | Attr =	]
hosts.20080202-014502.backup -> %System32%\drivers\etc\hosts.20080202-014502.backup ->  [Ver =  | Size = 223759 bytes | Modified Date = 1/31/2008 11:58:12 PM | Attr =	]
MODEMCSAA.sys -> %System32%\drivers\MODEMCSAA.sys ->  [Ver =  | Size = 86016 bytes | Modified Date = 1/30/2008 5:19:28 PM | Attr =	]
appmgmt -> %System32%\appmgmt ->  [Folder | Modified Date = 2/1/2008 1:43:47 AM | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
bdod.bin -> %System32%\bdod.bin ->  [Ver =  | Size = 81984 bytes | Modified Date = 2/1/2008 1:38:45 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/8/2008 7:46:47 PM | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 1/30/2008 11:17:47 PM | Attr =	]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2/8/2008 7:46:23 PM | Attr =	]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys ->  [Ver =  | Size = 3766 bytes | Modified Date = 1/27/2008 1:35:34 AM | Attr =  HS]
mcs.rma -> %System32%\mcs.rma ->  [Ver =  | Size = 870128 bytes | Modified Date = 1/30/2008 10:50:36 PM | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 81400 bytes | Modified Date = 2/8/2008 7:46:50 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/30/2008 8:55:59 PM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 1/30/2008 5:47:33 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2/8/2008 7:47:00 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/8/2008 7:46:32 PM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 1/30/2008 11:17:38 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/8/2008 1:13:52 PM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/8/2008 7:48:16 PM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 1/30/2008 7:20:46 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/1/2008 3:57:00 PM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/8/2008 7:46:56 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 1/31/2008 1:19:13 AM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2/8/2008 1:17:54 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/31/2008 1:04:51 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/8/2008 7:46:58 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 477 bytes | Modified Date = 1/30/2008 11:59:01 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 229 bytes | Modified Date = 2/2/2008 3:27:16 AM | Attr =	]
McAfee.com Scan for Viruses - My Computer (DCL5N5B1-admin).job -> %SystemRoot%\tasks\McAfee.com Scan for Viruses - My Computer (DCL5N5B1-admin).job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/8/2008 6:30:00 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/8/2008 7:46:36 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/31/2008 11:10:48 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/31/2008 11:10:48 PM | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\Mausi\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr =	]
Perflib_Perfdata_c00.dat -> C:\Documents and Settings\Mausi\Local Settings\Temp\Perflib_Perfdata_c00.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/8/2008 7:46:51 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
BitDefender -> %AllUsersAppData%\BitDefender ->  [Folder | Modified Date = 2/1/2008 1:13:26 AM | Attr =	]
Dell -> %AllUsersAppData%\Dell ->  [Folder | Modified Date = 1/24/2008 12:53:07 AM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/31/2008 1:38:22 PM | Attr =	]
QTSBandwidthCache -> %AllUsersAppData%\QTSBandwidthCache ->  [Ver =  | Size = 3326 bytes | Modified Date = 1/10/2008 1:05:38 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/1/2008 12:41:37 AM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/8/2008 1:13:54 PM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 1/31/2008 4:33:46 PM | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/8/2008 1:13:49 PM | Attr =	]
Adobe -> %LocalAppData%\Adobe ->  [Folder | Modified Date = 1/31/2008 4:38:34 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 73216 bytes | Modified Date = 2/1/2008 2:57:12 PM | Attr =	]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 1/30/2008 7:57:27 PM | Attr =	]
My Videos -> %AllUsersDocuments%\My Videos ->  [Folder | Modified Date = 2/1/2008 10:26:14 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/31/2008 12:28:27 AM | Attr = R  ]
My Videos -> %UserDocuments%\My Videos ->  [Folder | Modified Date = 2/1/2008 3:33:41 PM | Attr = R  ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/31/2008 1:37:55 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/31/2008 1:37:55 PM | Attr =	]
DivX Converter.lnk -> %AllUsersDesktop%\DivX Converter.lnk ->  [Ver =  | Size = 806 bytes | Modified Date = 1/31/2008 2:00:59 AM | Attr =	]
DivX Player.lnk -> %AllUsersDesktop%\DivX Player.lnk ->  [Ver =  | Size = 795 bytes | Modified Date = 1/31/2008 2:01:17 AM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 2/8/2008 1:13:51 PM | Attr =	]
0spy -> %UserDesktop%\0spy ->  [Folder | Modified Date = 2/8/2008 1:10:36 PM | Attr =	]
ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1592008 bytes | Modified Date = 1/30/2008 11:12:49 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier
DivX Movies.lnk -> %UserDesktop%\DivX Movies.lnk ->  [Ver =  | Size = 1425 bytes | Modified Date = 1/31/2008 2:01:21 AM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 1/31/2008 2:21:34 AM | Attr =	]
HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/31/2008 2:21:31 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier
Logs -> %UserDesktop%\Logs ->  [Folder | Modified Date = 2/8/2008 7:49:21 PM | Attr =	]
Preparation Guide For Use Before Posting A Hijackthis Log.pdf -> %UserDesktop%\Preparation Guide For Use Before Posting A Hijackthis Log.pdf ->  [Ver =  | Size = 0 bytes | Modified Date = 1/31/2008 4:37:46 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 1/31/2008 11:56:14 PM | Attr =	]
spybotsd152.exe -> %UserDesktop%\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 1/31/2008 12:01:17 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd152.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2/8/2008 1:17:53 PM | Attr =	]
Adobe Acrobat Speed Launcher.lnk -> %AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk ->  [Ver =  | Size = 2359 bytes | Modified Date = 2/8/2008 7:46:49 PM | Attr =	]
Softwin -> %CommonProgramFiles%\Softwin ->  [Folder | Modified Date = 2/1/2008 1:39:10 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/8/2008 1:13:14 PM | Attr =	]

< End of report >


SUPERAntiSpyware Report:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/08/2008 at 02:55 PM

Application Version : 3.9.1008

Core Rules Database Version : 3398
Trace Rules Database Version: 1390

Scan type : Complete Scan
Total Scan Time : 01:34:20

Memory items scanned : 461
Memory threats detected : 0
Registry items scanned : 5791
Registry threats detected : 1
File items scanned : 103735
File threats detected : 24

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

Adware.VXGame-Trace
HKU\S-1-5-21-1070024012-1926943944-4102976645-1006\Software\kernelexe

Adware.Tracking Cookie
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@advertising[1].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@anad.tacoda[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@atdmt[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@tacoda[2].txt
C:\Documents and Settings\admin\Local Settings\Temp\Cookies\admin@tribalfusion[2].txt

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Adware.k8l
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MOVIE MAKER\VIKOBIBO.HTML.VIR

Trojan.Downloader-Gen/MROFIN
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU1000106.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU572.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0002069.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0002070.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0002079.DLL

Trojan.Unclassifed/AffiliateBundle
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0002087.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP9\A0003454.VBS




.log File from WinPFind35U/MovedFiles Folder

Explorer killed successfully
[Driver Services - Non-Microsoft Only]
Service MODEMCSAA stopped successfully.
Service MODEMCSAA deleted successfully.
File move failed. C:\WINDOWS\System32\drivers\MODEMCSAA.sys scheduled to be moved on reboot.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA1300 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA6920 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8684 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvvsqn\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F59DE68-1155-4295-98AF-43FAF7685876}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F59DE68-1155-4295-98AF-43FAF7685876}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81DF6124-8713-41D5-2191-4FA0180BC00B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81DF6124-8713-41D5-2191-4FA0180BC00B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7895DD4-735B-4E77-82A2-1F00042EA3EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7895DD4-735B-4E77-82A2-1F00042EA3EC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FABEDCBD-F121-4F4A-ACD7-E04CB04A5C47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FABEDCBD-F121-4F4A-ACD7-E04CB04A5C47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
[Files/Folders - Created Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\core.cache.dsk scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\drivers\MODEMCSAA.sys scheduled to be moved on reboot.
C:\WINDOWS\System32\gis6 folder moved successfully.
C:\WINDOWS\System32\ms9 folder moved successfully.
C:\WINDOWS\System32\nGpxx01 folder moved successfully.
C:\WINDOWS\System32\rip4 folder moved successfully.
C:\WINDOWS\System32\tps5 folder moved successfully.
C:\WINDOWS\YWRtaW4 folder moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\Rabio folder moved successfully.
[Files/Folders - Modified Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\core.cache.dsk scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\drivers\MODEMCSAA.sys scheduled to be moved on reboot.
C:\WINDOWS\System32\029E806D1E.sys moved successfully.
C:\WINDOWS\System32\17A515 moved successfully.
File C:\WINDOWS\System32\gis6 not found!
File C:\WINDOWS\System32\ms9 not found!
File C:\WINDOWS\System32\nGpxx01 not found!
File C:\WINDOWS\System32\rip4 not found!
File C:\WINDOWS\System32\tps5 not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\Mausi\Local Settings\Application Data\Entriq\MS folder moved successfully.
C:\Documents and Settings\Mausi\Local Settings\Application Data\Entriq folder moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Mausi\Local Settings\Temp\Perflib_Perfdata_630.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\1612 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6ec.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta46 fix logfile created on 02082008_131753

Edited by blarg08, 08 February 2008 - 09:05 PM.


#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:20 PM

Posted 08 February 2008 - 11:45 PM

Hi blarg08. That looks better. We will need to use a different tool to remove the last files.

First, we need to disable TeaTimer so it does not interfere with the changes we are going to make.
  • Start Spybot-S&D.
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools and then click on Resident.
  • Uncheck Resident TeaTimer and choose OK for any further prompts.
  • Restart your computer.
Now follow these steps in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

files to delete:
c:\windows\System32\drivers\core.cache.dsk
c:\windows\System32\drivers\MODEMCSAA.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> tuvvsqn -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {2F59DE68-1155-4295-98AF-43FAF7685876} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {81DF6124-8713-41D5-2191-4FA0180BC00B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {E7895DD4-735B-4E77-82A2-1F00042EA3EC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {FABEDCBD-F121-4F4A-ACD7-E04CB04A5C47} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> core.cache.dsk -> %System32%\drivers\core.cache.dsk
NY -> MODEMCSAA.sys -> %System32%\drivers\MODEMCSAA.sys
[Files/Folders - Modified Within 30 days]
NY -> core.cache.dsk -> %System32%\drivers\core.cache.dsk
NY -> MODEMCSAA.sys -> %System32%\drivers\MODEMCSAA.sys
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run a new WinPFind35u scan with the default options.

Step #4

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (in the WinPFind35u folder)
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 blarg08

blarg08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 09 February 2008 - 09:44 AM

Avenger Report:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lxidcxdo

*******************

Script file located at: \??\C:\WINDOWS\ygyqryij.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File c:\windows\System32\drivers\core.cache.dsk deleted successfully.
File c:\windows\System32\drivers\MODEMCSAA.sys deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



WinPFind35U Fix Log


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvvsqn\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F59DE68-1155-4295-98AF-43FAF7685876}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F59DE68-1155-4295-98AF-43FAF7685876}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81DF6124-8713-41D5-2191-4FA0180BC00B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81DF6124-8713-41D5-2191-4FA0180BC00B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7895DD4-735B-4E77-82A2-1F00042EA3EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7895DD4-735B-4E77-82A2-1F00042EA3EC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FABEDCBD-F121-4F4A-ACD7-E04CB04A5C47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FABEDCBD-F121-4F4A-ACD7-E04CB04A5C47}\ not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\drivers\core.cache.dsk not found!
File C:\WINDOWS\System32\drivers\MODEMCSAA.sys not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\drivers\core.cache.dsk not found!
File C:\WINDOWS\System32\drivers\MODEMCSAA.sys not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Mausi\Local Settings\Temp\Acrobat Distiller 7\00000DBC\dirlock.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mausi\Local Settings\Temp\Perflib_Perfdata_ec0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\216 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta46 fix logfile created on 02092008_083543



WinPFind35U Scan Log


WinPFind35 logfile created on: 2/9/2008 8:38:17 AM
WinPFind35U Version Beta46	 Folder = C:\Documents and Settings\Mausi\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.33% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 114.24 Gb Free Space | 79.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name:
Current User Name: Mausi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
versioncuecs2.exe -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -> Adobe Systems Incorporated [Ver = 2, 0, 0, 0 | Size = 163840 bytes | Modified Date = 4/4/2005 5:58:28 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 5:55:58 AM | Attr =	]
kservice.exe -> %ProgramFiles%\Kontiki\KService.exe ->  [Ver =  | Size = 3068352 bytes | Modified Date = 3/9/2007 9:05:20 PM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/21/2006 9:26:10 PM | Attr =	]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0  nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 9:20:44 PM | Attr =	]
lgdcore.exe -> %ProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 1122304 bytes | Modified Date = 3/6/2006 9:31:52 AM | Attr =	]
lcdmon.exe -> %ProgramFiles%\Logitech\G-series Software\LCDMon.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 497152 bytes | Modified Date = 3/6/2006 9:14:58 AM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 5:56:14 AM | Attr =	]
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe ->  [Ver =  | Size = 98304 bytes | Modified Date = 5/3/2006 2:12:00 AM | Attr =	]
dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
apagent.exe -> %ProgramFiles%\AirPort\APAgent.exe -> Apple Inc. [Ver = 1.2 | Size = 643072 bytes | Modified Date = 8/8/2007 2:51:08 PM | Attr =	]
versioncuecs2tray.exe -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe -> Adobe Sytems Incorporated [Ver = 2, 0, 0, 0 | Size = 856064 bytes | Modified Date = 4/4/2005 5:58:30 PM | Attr =	]
apdproxy.exe -> %ProgramFiles%\Adobe\Adobe Photoshop Lightroom\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 2/6/2007 3:30:42 PM | Attr = R  ]
acrotray.exe -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 7:52:32 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr =	]
acrobat_sl.exe -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 32256 bytes | Modified Date = 9/24/2005 1:05:38 AM | Attr =	]
reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 12:48:20 AM | Attr =	]
lcdcountdown.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 378880 bytes | Modified Date = 3/6/2006 9:16:48 AM | Attr =	]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 12:06:00 AM | Attr = R  ]
wlan111t.exe -> %ProgramFiles%\NETGEAR\WG111T\wlan111t.exe -> NETGEAR [Ver = 1, 3, 0, 1 | Size = 884840 bytes | Modified Date = 1/25/2006 2:49:02 PM | Attr =	]
lcdpop3.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 307200 bytes | Modified Date = 3/6/2006 9:17:24 AM | Attr =	]
lcdmedia.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDMedia.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 289792 bytes | Modified Date = 3/6/2006 9:15:42 AM | Attr =	]
lcdclock.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDClock.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 198656 bytes | Modified Date = 3/6/2006 9:16:12 AM | Attr =	]
acrodist.exe -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Distillr\acrodist.exe -> Adobe Systems Incorporated. [Ver = 7.0.7.2006011200 | Size = 196608 bytes | Modified Date = 1/12/2006 7:53:07 PM | Attr =	]
elservice.exe -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr =	]
mysqld-nt.exe -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ->  [Ver =  | Size = 3502080 bytes | Modified Date = 4/4/2005 5:58:30 PM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 2/7/2008 1:47:38 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 6/23/2006 8:17:03 PM | Attr =	]
(Adobe Version Cue CS2) Adobe Version Cue CS2 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -> Adobe Systems Incorporated [Ver = 2, 0, 0, 0 | Size = 163840 bytes | Modified Date = 4/4/2005 5:58:28 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr =	]
(ELService) Intel® Quick Resume Technology Drivers [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -> Intel Corporation [Ver = 1.0.0.1093 | Size = 180224 bytes | Modified Date = 12/12/2005 2:52:32 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 9/21/2007 8:40:36 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 11:06:36 PM | Attr =	]
(IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 5:55:58 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr =	]
(KService) KService [Win32_Own | Auto | Running] -> %ProgramFiles%\Kontiki\KService.exe ->  [Ver =  | Size = 3068352 bytes | Modified Date = 3/9/2007 9:05:20 PM | Attr =	]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 9:26:40 AM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 8:42:50 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 7:52:32 PM | Attr =	]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Adobe Photoshop Lightroom\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 2/6/2007 3:30:42 PM | Attr = R  ]
Adobe Version Cue CS2 -> %ProgramFiles%\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe -> Adobe Sytems Incorporated [Ver = 2, 0, 0, 0 | Size = 856064 bytes | Modified Date = 4/4/2005 5:58:30 PM | Attr =	]
AirPort Base Station Agent -> %ProgramFiles%\AirPort\APAgent.exe -> Apple Inc. [Ver = 1.2 | Size = 643072 bytes | Modified Date = 8/8/2007 2:51:08 PM | Attr =	]
DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe ->  [Ver =  | Size = 98304 bytes | Modified Date = 5/3/2006 2:12:00 AM | Attr =	]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 139264 bytes | Modified Date = 6/17/2005 5:56:14 AM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 8:44:02 AM | Attr =	]
Launch LCDMon -> %ProgramFiles%\Logitech\G-series Software\LCDMon.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 497152 bytes | Modified Date = 3/6/2006 9:14:58 AM | Attr =	]
Launch LGDCore -> %ProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 1122304 bytes | Modified Date = 3/6/2006 9:31:52 AM | Attr =	]
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 8/12/2005 3:16:44 PM | Attr =	]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 8:43:02 PM | Attr =	]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 86016 bytes | Modified Date = 8/11/2006 8:43:04 PM | Attr =	]
nwiz -> %System32%\nwiz.exe ->  [Ver =  | Size = 1519616 bytes | Modified Date = 8/11/2006 8:43:00 PM | Attr =	]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0  nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 9:20:44 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/21/2006 9:26:10 PM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Zinio DLM -> %ProgramFiles%\Zinio\ZinioDeliveryManager.exe -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ->  [Ver =  | Size = 25214 bytes | Modified Date = 9/23/2007 3:32:33 PM | Attr = R  ]
%AllUsersStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 6:16:50 PM | Attr =	]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 12:48:20 AM | Attr =	]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/22/2006 11:01:50 PM | Attr =	]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 12:06:00 AM | Attr = R  ]
%AllUsersStartup%\NETGEAR WG111T Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WG111T\wlan111t.exe -> NETGEAR [Ver = 1, 3, 0, 1 | Size = 884840 bytes | Modified Date = 1/25/2006 2:49:02 PM | Attr =	]
< Mausi Startup Folder > -> C:\Documents and Settings\Mausi\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (223759 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4186 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
34 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4184 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 3:20:00 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/8/2007 12:03:59 AM | Attr =	]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/22/2006 5:00:30 PM | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:BandCLSID -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 516096 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
Convert to existing PDF -> %ProgramFiles%\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 11:41:42 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{E6A4C19A-9475-4597-BD7A-181D2A0DB8F4} ->	(Intel(R) PRO/1000 PL Network Connection) -> 
{F5594A2D-CFE0-4AFD-AFFB-7110F2CEC780} ->	() -> 
{F913C533-F3A7-461A-9F01-C01A3095CC90} ->	(NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 2:17:08 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01A88BB1-1174-41EC-ACCB-963509EAE56B}[HKEY_LOCAL_MACHINE] -> http://support.dell.com/systemprofiler/SysPro.CAB[SysProWmi Class] -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://www.crucial.com/controls/cpcScanner.cab[Crucial cpcScan] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43}[HKEY_LOCAL_MACHINE] -> http://vep.intel.com/Entriq_3_6_0_15_Silent.cab[Reg Error: Key does not exist or could not be opened.] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 2/9/2008 8:33:08 AM | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 1/31/2008 1:03:33 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145554432 bytes | Created Date = 1/31/2008 2:56:39 AM | Attr =  HS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 1/30/2008 11:15:07 PM | Attr =	]
Temp -> %SystemDrive%\Temp ->  [Folder | Created Date = 1/30/2008 5:19:24 PM | Attr =	]
bdod.bin -> %System32%\bdod.bin ->  [Ver =  | Size = 81984 bytes | Created Date = 2/1/2008 1:15:50 AM | Attr =	]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 2/1/2008 1:42:01 AM | Attr =	]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 1/30/2008 11:15:31 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/30/2008 11:15:02 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 229 bytes | Created Date = 2/1/2008 12:41:29 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 2/9/2008 8:33:08 AM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 209 bytes | Modified Date = 1/30/2008 11:59:01 PM | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 1/31/2008 1:22:01 AM | Attr =	]
drmHeader.bin -> %SystemDrive%\drmHeader.bin ->  [Ver =  | Size = 120 bytes | Modified Date = 1/24/2008 2:56:21 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145554432 bytes | Modified Date = 2/9/2008 8:36:34 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/8/2008 1:13:49 PM | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 1/31/2008 1:21:58 AM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 1/30/2008 9:33:08 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/30/2008 8:55:59 PM | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 1/31/2008 1:18:39 AM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/9/2008 8:36:52 AM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2/2/2008 1:45:02 AM | Attr =	]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 223759 bytes | Modified Date = 1/31/2008 11:58:12 PM | Attr =	]
hosts.20080131-235812.backup -> %System32%\drivers\etc\hosts.20080131-235812.backup ->  [Ver =  | Size = 27 bytes | Modified Date = 1/31/2008 1:19:09 AM | Attr =	]
hosts.20080131-235837.backup -> %System32%\drivers\etc\hosts.20080131-235837.backup ->  [Ver =  | Size = 223759 bytes | Modified Date = 1/31/2008 11:58:12 PM | Attr =	]
hosts.20080202-014502.backup -> %System32%\drivers\etc\hosts.20080202-014502.backup ->  [Ver =  | Size = 223759 bytes | Modified Date = 1/31/2008 11:58:12 PM | Attr =	]
appmgmt -> %System32%\appmgmt ->  [Folder | Modified Date = 2/1/2008 1:43:47 AM | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
bdod.bin -> %System32%\bdod.bin ->  [Ver =  | Size = 81984 bytes | Modified Date = 2/1/2008 1:38:45 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/9/2008 8:36:55 AM | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 1/30/2008 11:17:47 PM | Attr =	]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2/9/2008 8:33:08 AM | Attr =	]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys ->  [Ver =  | Size = 3766 bytes | Modified Date = 1/27/2008 1:35:34 AM | Attr =  HS]
mcs.rma -> %System32%\mcs.rma ->  [Ver =  | Size = 870128 bytes | Modified Date = 1/30/2008 10:50:36 PM | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 81400 bytes | Modified Date = 2/9/2008 8:36:54 AM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/30/2008 8:55:59 PM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 1/30/2008 5:47:33 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2/9/2008 8:37:04 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/9/2008 8:36:40 AM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 1/30/2008 11:17:38 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/8/2008 1:13:52 PM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/9/2008 8:35:43 AM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 1/30/2008 7:20:46 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/1/2008 3:57:00 PM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/9/2008 8:37:00 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 1/31/2008 1:19:13 AM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2/8/2008 1:17:54 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/31/2008 1:04:51 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/9/2008 8:37:05 AM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 477 bytes | Modified Date = 1/30/2008 11:59:01 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 229 bytes | Modified Date = 2/2/2008 3:27:16 AM | Attr =	]
McAfee.com Scan for Viruses - My Computer (DCL5N5B1-admin).job -> %SystemRoot%\tasks\McAfee.com Scan for Viruses - My Computer (DCL5N5B1-admin).job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/8/2008 6:30:00 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/9/2008 8:36:44 AM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/31/2008 11:10:48 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 1/31/2008 11:10:48 PM | Attr =	]
Perflib_Perfdata_244.dat -> C:\Documents and Settings\Mausi\Local Settings\Temp\Perflib_Perfdata_244.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/9/2008 8:36:54 AM | Attr =	]

< End of report >


#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:20 PM

Posted 09 February 2008 - 12:06 PM

Hi blarg08. That looks very nice. Lean, mean, and clean lol. How are things running? Any more issues? If not, run it for a couple of days and then get back to me with the results. Then we can do some final cleanup.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 blarg08

blarg08
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 10 February 2008 - 11:08 PM

Hi blarg08. That looks very nice. Lean, mean, and clean lol. How are things running? Any more issues? If not, run it for a couple of days and then get back to me with the results. Then we can do some final cleanup.

Cheers.

OT



Seems to be working fine so far. No popup windows, thank god. Ill let you know in a week or so how the computer is doing.
I really want to thank you for all the help.

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:20 PM

Posted 10 February 2008 - 11:16 PM

Hi blarg08. Glad to hear it. Let me know when you're ready to finish up.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users