Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-c.coreservice Infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 chexmixisgood

chexmixisgood

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 03 February 2008 - 11:59 AM

HI
i get internet explorer popups from time to time. after running antivirus programs and adaware, spybot found that i had the "smitfraud-c.coreservice" trojan. spybot says it successfully removes it but then it comes back on the next scan.
here is this hijack this log
thank you in advance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:50 AM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [SpybotDeletingA7078] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8492] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB2471] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3276] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Connection Manager (NetCM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Se (RPCSEO) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9063 bytes

Edited by chexmixisgood, 04 February 2008 - 12:05 AM.


BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:27 AM

Posted 12 February 2008 - 03:15 AM

Hi and welcome,

Sorry for delay. If you still need help please post a fresh hijackthis log here and let me know if core.cache.dsk is still giving Spybot troubles.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 chexmixisgood

chexmixisgood
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 12 February 2008 - 09:41 AM

hi
i still cannot remove core.cache.dsk using spybot.
something called "zedo" also repeatedly shows up in my spybot scan, even though it is supposedly "removed" during the fix process. internet explorer gets popups so i've temporarily disabled it with the lan settings

here's the fresh hijackthis log
thanks !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:25 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Connection Manager (NetCM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Se (RPCSEO) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8597 bytes

#4 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:27 AM

Posted 13 February 2008 - 04:32 AM

Hi,

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#5 chexmixisgood

chexmixisgood
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 13 February 2008 - 08:42 AM

WinPFind35 logfile created on: 2/13/2008 8:39:38 AM

WinPFind35U Version Beta50	 Folder = C:\Documents and Settings\Ian1\Desktop\WinPFind35u

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

503.37 Mb Total Physical Memory | 166.25 Mb Available Physical Memory | 33.03% Memory free

1.94 Gb Paging File | 1.64 Gb Available in Paging File | 84.66% Paging File free

Paging file location(s): C:\pagefile.sys 1512 1512;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 32.55 Gb Total Space | 13.11 Gb Free Space | 40.28% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: IAN

Current User Name: Ian1

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 4:02:40 PM | Attr =	]

s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 4:05:10 PM | Attr =	]

wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 4:12:32 PM | Attr =	]

aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]

avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/3/2008 6:23:42 PM | Attr =	]

avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/3/2008 6:23:59 PM | Attr =	]

mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]

nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 3/3/2005 11:29:02 PM | Attr =	]

regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 4:02:04 PM | Attr =	]

symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 308352 bytes | Modified Date = 8/5/2004 5:23:10 PM | Attr =	]

zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 45 | Size = 389120 bytes | Modified Date = 9/7/2004 4:08:02 PM | Attr =	]

realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 11/4/2007 9:14:13 PM | Attr =	]

avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/3/2008 6:26:30 PM | Attr =	]

adc.exe -> %ProgramFiles%\XemiComputers\Active Desktop Calendar\ADC.exe -> XemiComputers ltd. [Ver = 7, 3, 0, 0 | Size = 3694592 bytes | Modified Date = 12/19/2007 10:55:22 AM | Attr =	]

realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 11.0.0.183 | Size = 214560 bytes | Modified Date = 11/4/2007 9:14:30 PM | Attr =	]

winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/11/2008 7:14:48 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]

(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 12/18/2007 5:45:33 AM | Attr =	]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/3/2008 6:23:42 PM | Attr =	]

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/3/2008 6:23:59 PM | Attr =	]

(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 4:02:40 PM | Attr =	]

(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/7/2008 7:36:03 PM | Attr =	]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr =	]

(NetCM) Network Connection Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Speech\svchost.exe -> File not found

(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 3/3/2005 11:29:02 PM | Attr =	]

(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 4:02:04 PM | Attr =	]

(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 86016 bytes | Modified Date = 8/2/2005 4:18:49 PM | Attr =	]

(RPCSEO) Remote Procedure Call (RPC) Se [Win32_Own | Auto | Stopped] ->  -> File not found

(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 4:05:10 PM | Attr =	]

(SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 308352 bytes | Modified Date = 8/5/2004 5:23:10 PM | Attr =	]

(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 4:12:32 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.1.0.1 | Size = 17056 bytes | Modified Date = 10/13/2005 1:03:04 AM | Attr =	]

(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr =	]

(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]

(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.5.1.271 | Size = 108791 bytes | Modified Date = 11/16/2004 4:03:52 PM | Attr =	]

(APLMp50) APLMp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\APLMp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.02 | Size = 18816 bytes | Modified Date = 2/16/2005 3:06:18 AM | Attr =	]

(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 8/18/2004 2:53:54 PM | Attr =	]

(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr =	]

(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr =	]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/3/2008 6:24:00 PM | Attr =	]

(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/3/2008 6:24:05 PM | Attr =	]

(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/3/2008 6:24:06 PM | Attr =	]

(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/3/2008 6:26:31 PM | Attr =	]

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.25.0.0 built by: WinDDK | Size = 44928 bytes | Modified Date = 5/26/2004 8:18:18 PM | Attr =	]

(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr =	]

(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.03a | Size = 87488 bytes | Modified Date = 12/1/2004 3:22:00 AM | Attr =	]

(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.43a | Size = 40480 bytes | Modified Date = 11/23/2004 2:56:00 AM | Attr =	]

(dtscsi) dtscsi [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\dtscsi.sys -> File not found

(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 12:12:10 PM | Attr =	]

(EntDrv51) EntDrv51 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EntDrv51.sys -> File not found

(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =	]

(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.0.0 | Size = 17480 bytes | Modified Date = 3/16/2007 7:44:01 PM | Attr =	]

(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 200064 bytes | Modified Date = 6/17/2004 8:57:02 PM | Attr =	]

(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 6/17/2004 8:55:04 PM | Attr =	]

(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4410 | Size = 1302812 bytes | Modified Date = 10/14/2005 5:15:18 PM | Attr =	]

(IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iwca.sys -> Intel Corporation [Ver = 9.00.0.17 built by: WinDDK | Size = 234496 bytes | Modified Date = 8/12/2004 8:44:04 AM | Attr =	]

(KLIF) KLIF [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 2/1/2008 12:35:51 PM | Attr =	]

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(LinksysFVNETusbl(AR)(R)) Linksys FVNETusbl(AR)(R) Service for Instant Wireless USB Network Adapter ver.2.6 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vnetusbl.sys -> Cisco-Linksys LLC [Ver = 4.10.9.428 built by: WinDDK | Size = 108032 bytes | Modified Date = 3/9/2004 9:48:08 PM | Attr =	]

(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 6:04:14 PM | Attr =	]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr =	]

(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Modified Date = 8/2/2005 4:10:13 PM | Attr =	]

(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 10:29:56 PM | Attr =	]

(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 2/13/2004 4:46:00 PM | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Stopped] -> System32\Drivers\Pcouffin.sys -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.11B | Size = 46080 bytes | Modified Date = 5/16/2006 3:23:54 PM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]

(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]

(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr =	]

(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 9, 0, 0, 3 | Size = 11354 bytes | Modified Date = 8/31/2004 8:53:04 AM | Attr =	]

(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]

(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr =	]

(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 639224 bytes | Modified Date = 1/29/2007 7:36:25 PM | Attr =	]

(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 11:29:04 AM | Attr =	]

(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 11:28:50 AM | Attr =	]

(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.4255 | Size = 273168 bytes | Modified Date = 3/10/2005 10:56:06 PM | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr =	]

(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr =	]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr =	]

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr =	]

(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25883 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]

(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]

(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]

(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]

(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86586 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]

(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15227 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]

(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]

(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]

(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]

(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr =	]

(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 10/31/2007 2:09:14 PM | Attr =	]

(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9000-61 Driver | Size = 3210496 bytes | Modified Date = 10/21/2004 8:56:04 PM | Attr =	]

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 6/17/2004 8:55:38 PM | Attr =	]

(WudfPff) WudfPff [Kernel | System | Running] -> %SystemRoot%\system32\drivers\WudfPff.sys ->  [Ver =  | Size = 86144 bytes | Modified Date = 2/1/2008 10:40:46 AM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/3/2008 6:26:30 PM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/14/2007 11:43:10 PM | Attr =	]

TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 11/4/2007 9:14:13 PM | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Active Desktop Calendar -> %ProgramFiles%\XemiComputers\Active Desktop Calendar\ADC.exe -> XemiComputers ltd. [Ver = 7, 3, 0, 0 | Size = 3694592 bytes | Modified Date = 12/19/2007 10:55:22 AM | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 1, 1, 1073 | Size = 2080768 bytes | Modified Date = 10/15/2004 1:26:54 PM | Attr =	]

< Ian1 Startup Folder > -> C:\Documents and Settings\Ian1\Start Menu\Programs\Startup -> 

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 4:45:38 PM | Attr =	]

IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 9/7/2004 4:08:06 PM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found

HKEY_CURRENT_USER\: ProxyEnable -> 1 -> 

HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 3:46:14 PM | Attr =	]

{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found

{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 1/9/2008 3:01:48 PM | Attr =	]

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 3:46:14 PM | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found

CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 3:46:14 PM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{109AF998-67C5-4A5E-A58B-E782217EF4DE} ->	(Instant Wireless USB Network Adapter ver.2.6) -> 

{46013A79-9DE2-43DF-A7DA-AAC4751099E2} ->	(Instant Wireless USB Network Adapter ver.2.6) -> 

{89BF901C-1BCA-46B2-AEAA-B8538DDFE6F9} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 

{9B9C23E1-84D0-439C-AE2E-4A21B564780A} ->	(Broadcom 440x 10/100 Integrated Controller) -> 

{BB3FE053-B9A8-479D-BAC7-4D8698542337} ->	(1394 Net Adapter) -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 892 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 88390 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Ian1\Desktop\utorrent.exe -> C:\Documents and Settings\Ian1\Desktop\utorrent.exe [C:\Documents and Settings\Ian1\Desktop\utorrent.exe:*:Enabled:µTorrent] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6023.5000 | Size = 12831608 bytes | Modified Date = 5/25/2007 10:09:50 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/27/2006 3:37:44 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/27/2006 3:03:04 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 11/15/2007 1:10:56 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Warcraft III.exe -> C:\Program Files\Warcraft III\Warcraft III.exe [C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe -> C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe [C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 72264 bytes | Modified Date = 12/20/2007 2:23:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 2/1/2008 10:10:29 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 2/3/2008 6:26:31 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/3/2008 6:23:42 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/3/2008 6:26:30 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 1 -> 





[Files/Folders - Created Within 30 days]

savcc20 -> %SystemDrive%\savcc20 ->  [Folder | Created Date = 2/1/2008 10:12:16 PM | Attr =	]

avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/3/2008 6:24:00 PM | Attr =	]

avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/3/2008 6:24:05 PM | Attr =	]

avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/3/2008 6:24:06 PM | Attr =	]

avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/3/2008 6:26:31 PM | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/3/2008 6:26:30 PM | Attr =	]

core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Modified Date = 2/1/2008 10:40:46 AM | Attr =	]

fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 4075040 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]

fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 55652 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]

fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 72992 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]

fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 7916 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]

klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 2/1/2008 12:35:51 PM | Attr =	]

WudfPff.sys -> %SystemRoot%\System32\drivers\WudfPff.sys ->  [Ver =  | Size = 86144 bytes | Modified Date = 2/1/2008 10:40:46 AM | Attr =	]

ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 2/3/2008 10:17:04 PM | Attr =	]

1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr =	]

Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]

pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]

Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]

ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Modified Date = 3/25/2003 6:53:50 PM | Attr =	]

BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 2/3/2008 6:24:49 PM | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

EurekaLog.ini -> %SystemRoot%\EurekaLog.ini ->  [Ver =  | Size = 73 bytes | Modified Date = 2/3/2008 12:14:19 AM | Attr =	]

ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 2/1/2008 10:31:05 PM | Attr =  H ]

LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 2/13/2008 8:34:16 AM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Avg7 -> %AllUsersProfile%\Application Data\Avg7 ->  [Folder | Created Date = 2/1/2008 12:27:50 PM | Attr =	]

Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Created Date = 2/3/2008 6:23:36 PM | Attr =	]

Kaspersky Lab Setup Files -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files ->  [Folder | Created Date = 1/28/2008 7:44:02 AM | Attr =	]

Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/3/2008 12:01:38 PM | Attr =	]

Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro ->  [Folder | Created Date = 2/3/2008 12:43:41 AM | Attr =	]

XemiComputers -> %AllUsersProfile%\Application Data\XemiComputers ->  [Folder | Created Date = 1/20/2008 12:19:26 PM | Attr =	]

acccore -> %AppData%\acccore ->  [Folder | Created Date = 1/28/2008 9:03:37 PM | Attr =	]

AVG7 -> %AppData%\AVG7 ->  [Folder | Created Date = 2/3/2008 6:24:22 PM | Attr =	]

URSoft -> %AppData%\URSoft ->  [Folder | Created Date = 2/2/2008 11:58:05 PM | Attr =	]

XemiComputers -> %AppData%\XemiComputers ->  [Folder | Created Date = 1/20/2008 12:19:27 PM | Attr =	]

AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Created Date = 1/28/2008 7:34:37 PM | Attr =	]

AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP ->  [Folder | Created Date = 1/28/2008 7:35:38 PM | Attr =	]

Installer2584 -> %UserProfile%\Local Settings\Application Data\Installer2584 ->  [Folder | Created Date = 1/14/2008 1:01:07 PM | Attr =	]

Installer476 -> %UserProfile%\Local Settings\Application Data\Installer476 ->  [Folder | Created Date = 1/14/2008 1:16:39 PM | Attr =	]

Installer564 -> %UserProfile%\Local Settings\Application Data\Installer564 ->  [Folder | Created Date = 1/21/2008 1:41:20 PM | Attr =	]

XemiComputers -> %UserProfile%\Local Settings\Application Data\XemiComputers ->  [Folder | Created Date = 1/20/2008 12:19:26 PM | Attr =	]

Active Desktop Calendar.lnk -> %UserProfile%\Desktop\Active Desktop Calendar.lnk ->  [Ver =  | Size = 790 bytes | Modified Date = 1/20/2008 12:18:38 PM | Attr =	]

Misc. Programs -> %UserProfile%\Desktop\Misc. Programs ->  [Folder | Created Date = 1/20/2008 1:04:33 PM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/13/2008 8:36:42 AM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480446 bytes | Modified Date = 2/13/2008 8:36:32 AM | Attr =	]



[Files/Folders - Modified Within 30 days]

boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 209 bytes | Modified Date = 2/1/2008 11:52:17 PM | Attr = RHS]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 527892480 bytes | Modified Date = 2/13/2008 8:31:18 AM | Attr =  HS]

IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 2783 bytes | Modified Date = 1/28/2008 7:35:35 PM | Attr =  H ]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/3/2008 6:22:58 PM | Attr = R  ]

quarantine -> %SystemDrive%\quarantine ->  [Folder | Modified Date = 1/28/2008 12:35:46 AM | Attr =	]

savcc20 -> %SystemDrive%\savcc20 ->  [Folder | Modified Date = 2/1/2008 10:12:18 PM | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/13/2008 8:34:43 AM | Attr =	]

avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/3/2008 6:24:00 PM | Attr =	]

avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/3/2008 6:24:05 PM | Attr =	]

avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/3/2008 6:24:06 PM | Attr =	]

avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/3/2008 6:26:31 PM | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/3/2008 6:26:30 PM | Attr =	]

core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Modified Date = 2/1/2008 10:40:46 AM | Attr =	]

etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/3/2008 12:50:36 AM | Attr =	]

fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 4075040 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]

fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 55652 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]

fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 72992 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]

fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 7916 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]

klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 2/1/2008 12:35:51 PM | Attr =	]

WudfPff.sys -> %SystemRoot%\System32\drivers\WudfPff.sys ->  [Ver =  | Size = 86144 bytes | Modified Date = 2/1/2008 10:40:46 AM | Attr =	]

ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 2/3/2008 10:28:14 PM | Attr =	]

1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/2/2008 3:02:17 AM | Attr =	]

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/13/2008 8:34:15 AM | Attr =	]

CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Modified Date = 2/2/2008 5:56:28 PM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/3/2008 12:11:58 AM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/3/2008 6:26:33 PM | Attr =	]

en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 2/2/2008 3:02:12 AM | Attr =	]

FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 2/11/2008 11:57:11 PM | Attr =	]

Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]

pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]

perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 62128 bytes | Modified Date = 2/2/2008 2:16:33 PM | Attr =	]

perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 402994 bytes | Modified Date = 2/2/2008 2:16:33 PM | Attr =	]

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 471628 bytes | Modified Date = 2/2/2008 2:16:33 PM | Attr =	]

Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2/13/2008 8:31:54 AM | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 8:34:43 AM | Attr =  H ]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 2/3/2008 8:44:49 PM | Attr =	]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/13/2008 8:31:18 AM | Attr =   S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/3/2008 10:17:06 PM | Attr =   S]

EurekaLog.ini -> %SystemRoot%\EurekaLog.ini ->  [Ver =  | Size = 73 bytes | Modified Date = 2/3/2008 12:14:19 AM | Attr =	]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/3/2008 12:11:57 AM | Attr =	]

ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 2/1/2008 10:32:46 PM | Attr =  H ]

ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/1/2008 3:18:44 PM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 8:35:15 AM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/3/2008 12:03:18 PM | Attr =  HS]

LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 2/13/2008 8:34:16 AM | Attr =	]

Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 2/1/2008 10:33:58 PM | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/13/2008 8:38:07 AM | Attr =	]

pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 2/1/2008 11:52:03 PM | Attr =	]

randseed.rnd -> %SystemRoot%\randseed.rnd ->  [Ver =  | Size = 512 bytes | Modified Date = 1/28/2008 6:27:11 PM | Attr =	]

Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/13/2008 8:31:38 AM | Attr =	]

system -> %SystemRoot%\system ->  [Folder | Modified Date = 2/3/2008 6:22:59 PM | Attr =	]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2/1/2008 11:52:17 PM | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/3/2008 10:17:47 PM | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/13/2008 8:35:51 AM | Attr =	]

WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 2/1/2008 10:34:27 PM | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 632 bytes | Modified Date = 2/3/2008 10:28:35 PM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 429 bytes | Modified Date = 2/12/2008 4:15:25 PM | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/4/2008 10:12:06 AM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/13/2008 8:31:25 AM | Attr =  H ]

Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job ->  [Ver =  | Size = 380 bytes | Modified Date = 2/12/2008 3:50:00 PM | Attr =	]

eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/22/2006 11:30:25 AM | Attr =  H ]

eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/22/2006 12:14:37 PM | Attr =  H ]

eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/2/2006 11:26:29 AM | Attr =  H ]

eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/2/2006 11:26:48 AM | Attr =  H ]

eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/3/2006 1:19:25 PM | Attr =  H ]

eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-13.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/4/2006 8:33:40 AM | Attr =  H ]

eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-14.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/5/2006 9:10:11 AM | Attr =  H ]

eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-15.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/5/2006 9:12:34 AM | Attr =  H ]

eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-16.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/6/2006 11:12:14 AM | Attr =  H ]

eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-17.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/6/2006 11:12:35 AM | Attr =  H ]

eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-18.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/6/2006 11:31:37 PM | Attr =  H ]

eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-19.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/6/2006 11:31:58 PM | Attr =  H ]

eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/26/2006 11:19:00 AM | Attr =  H ]

eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-20.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/7/2006 9:32:01 AM | Attr =  H ]

eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-21.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/7/2006 9:32:45 AM | Attr =  H ]

eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-22.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/8/2006 10:03:14 AM | Attr =  H ]

eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-23.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/8/2006 10:03:43 AM | Attr =  H ]

eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-24.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/9/2006 12:50:23 PM | Attr =  H ]

eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-25.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/10/2006 6:03:51 PM | Attr =  H ]

eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-26.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/11/2006 11:14:21 AM | Attr =  H ]

eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-27.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/11/2006 11:17:48 AM | Attr =  H ]

eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-28.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/12/2006 9:32:17 AM | Attr =  H ]

eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-29.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/13/2006 2:06:00 AM | Attr =  H ]

eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/26/2006 2:59:58 PM | Attr =  H ]

eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-30.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/12/2006 9:32:37 AM | Attr =  H ]

eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-31.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/13/2006 2:06:32 AM | Attr =  H ]

eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-32.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/13/2006 1:51:42 PM | Attr =  H ]

eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-33.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/13/2006 1:53:25 PM | Attr =  H ]

eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-34.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/13/2006 8:29:40 PM | Attr =  H ]

eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-35.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/14/2006 10:49:18 AM | Attr =  H ]

eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-36.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/14/2006 10:49:42 AM | Attr =  H ]

eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-37.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/15/2006 9:06:53 AM | Attr =  H ]

eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-38.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/15/2006 1:44:34 PM | Attr =  H ]

eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-39.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/17/2006 11:55:10 AM | Attr =  H ]

eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/26/2006 7:44:13 PM | Attr =  H ]

eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-40.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/17/2006 12:09:37 PM | Attr =  H ]

eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-41.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/18/2006 11:10:11 AM | Attr =  H ]

eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-42.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/19/2006 11:14:20 AM | Attr =  H ]

eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-43.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/19/2006 11:15:12 AM | Attr =  H ]

eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-44.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/20/2006 10:25:59 AM | Attr =  H ]

eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-45.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/20/2006 10:17:29 PM | Attr =  H ]

eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-46.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/20/2006 10:18:23 PM | Attr =  H ]

eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-47.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/21/2006 1:41:55 PM | Attr =  H ]

eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/27/2006 11:56:05 AM | Attr =  H ]

eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/29/2006 11:21:41 AM | Attr =  H ]

eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/30/2006 9:44:08 AM | Attr =  H ]

eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/1/2006 12:58:47 PM | Attr =  H ]

eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/1/2006 12:59:11 PM | Attr =  H ]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 11424 bytes | Modified Date = 2/13/2008 8:35:13 AM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 11809 bytes | Modified Date = 2/13/2008 8:35:13 AM | Attr =	]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 12/11/2005 1:24:58 PM | Attr =	]

opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 2/5/2007 12:24:20 AM | Attr =	]

Perflib_Perfdata_220.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_220.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/13/2008 8:31:35 AM | Attr =	]

Perflib_Perfdata_454.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_454.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/13/2008 8:31:37 AM | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Modified Date = 1/14/2008 12:59:19 PM | Attr =	]

AOL -> %AllUsersProfile%\Application Data\AOL ->  [Folder | Modified Date = 1/28/2008 7:26:14 PM | Attr =	]

Avg7 -> %AllUsersProfile%\Application Data\Avg7 ->  [Folder | Modified Date = 2/3/2008 6:29:34 PM | Attr =	]

Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 2/3/2008 6:23:36 PM | Attr =	]

Kaspersky Lab Setup Files -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files ->  [Folder | Modified Date = 1/28/2008 7:44:02 AM | Attr =	]

Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/3/2008 12:03:28 PM | Attr =	]

Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help ->  [Folder | Modified Date = 2/1/2008 10:11:51 PM | Attr =	]

TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/7/2008 6:39:44 PM | Attr =	]

@Alternate Data Stream - 147 bytes -> %AllUsersProfile%\Application Data\TEMP:A73B0434

@Alternate Data Stream - 111 bytes -> %AllUsersProfile%\Application Data\TEMP:B3D74A13

@Alternate Data Stream - 125 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9

Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro ->  [Folder | Modified Date = 2/3/2008 12:43:41 AM | Attr =	]

Viewpoint -> %AllUsersProfile%\Application Data\Viewpoint ->  [Folder | Modified Date = 2/1/2008 3:19:28 PM | Attr =	]

XemiComputers -> %AllUsersProfile%\Application Data\XemiComputers ->  [Folder | Modified Date = 1/20/2008 12:19:26 PM | Attr =	]

acccore -> %AppData%\acccore ->  [Folder | Modified Date = 1/28/2008 9:03:39 PM | Attr =	]

Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 1/14/2008 1:00:51 PM | Attr =	]

AVG7 -> %AppData%\AVG7 ->  [Folder | Modified Date = 2/3/2008 6:29:20 PM | Attr =	]

URSoft -> %AppData%\URSoft ->  [Folder | Modified Date = 2/2/2008 11:58:05 PM | Attr =	]

uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 2/1/2008 10:17:39 AM | Attr =	]

XemiComputers -> %AppData%\XemiComputers ->  [Folder | Modified Date = 1/20/2008 12:19:27 PM | Attr =	]

AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Modified Date = 1/28/2008 7:34:37 PM | Attr =	]

AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP ->  [Folder | Modified Date = 1/28/2008 7:35:38 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 165376 bytes | Modified Date = 1/24/2008 11:55:46 PM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 5297592 bytes | Modified Date = 2/1/2008 10:36:15 PM | Attr =  H ]

Installer2584 -> %UserProfile%\Local Settings\Application Data\Installer2584 ->  [Folder | Modified Date = 1/14/2008 1:01:11 PM | Attr =	]

Installer476 -> %UserProfile%\Local Settings\Application Data\Installer476 ->  [Folder | Modified Date = 1/14/2008 1:16:41 PM | Attr =	]

Installer564 -> %UserProfile%\Local Settings\Application Data\Installer564 ->  [Folder | Modified Date = 1/21/2008 1:41:25 PM | Attr =	]

XemiComputers -> %UserProfile%\Local Settings\Application Data\XemiComputers ->  [Folder | Modified Date = 1/20/2008 12:19:26 PM | Attr =	]

desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 75 bytes | Modified Date = 2/1/2008 10:38:33 PM | Attr =  HS]

My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 2/1/2008 10:38:36 PM | Attr = R  ]

My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/1/2008 10:38:35 PM | Attr = R  ]

My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 2/2/2008 10:04:08 PM | Attr = R  ]

Active Desktop Calendar.lnk -> %UserProfile%\Desktop\Active Desktop Calendar.lnk ->  [Ver =  | Size = 790 bytes | Modified Date = 1/20/2008 12:18:38 PM | Attr =	]

Big Journal Entries -> %UserProfile%\Desktop\Big Journal Entries ->  [Folder | Modified Date = 2/11/2008 11:57:08 PM | Attr =	]

entertain -> %UserProfile%\Desktop\entertain ->  [Folder | Modified Date = 1/28/2008 7:46:15 AM | Attr =	]

HumeLAb -> %UserProfile%\Desktop\HumeLAb ->  [Folder | Modified Date = 2/4/2008 12:41:46 PM | Attr =	]

Internships, Career -> %UserProfile%\Desktop\Internships, Career ->  [Folder | Modified Date = 1/18/2008 3:29:45 PM | Attr =	]

Medical SChool -> %UserProfile%\Desktop\Medical SChool ->  [Folder | Modified Date = 2/10/2008 10:26:00 PM | Attr =	]

Misc. Programs -> %UserProfile%\Desktop\Misc. Programs ->  [Folder | Modified Date = 2/3/2008 12:07:20 AM | Attr =	]

Music -> %UserProfile%\Desktop\Music ->  [Folder | Modified Date = 1/21/2008 1:15:27 AM | Attr =	]

OEC -> %UserProfile%\Desktop\OEC ->  [Folder | Modified Date = 2/12/2008 8:00:39 PM | Attr =	]

Spyware, antivirus -> %UserProfile%\Desktop\Spyware, antivirus ->  [Folder | Modified Date = 2/13/2008 8:35:39 AM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/13/2008 8:36:42 AM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480446 bytes | Modified Date = 2/13/2008 8:36:32 AM | Attr =	]

Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 1/14/2008 12:59:01 PM | Attr =	]

AOL -> %CommonProgramFiles%\AOL ->  [Folder | Modified Date = 2/2/2008 2:09:08 PM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/3/2008 12:00:54 PM | Attr =	]



< End of report >


#6 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:27 AM

Posted 14 February 2008 - 07:00 AM

Hi,

Thanks for the log.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
NY -> (RPCSEO) Remote Procedure Call (RPC) Se [Win32_Own | Auto | Stopped] -> 
[Driver Services - Non-Microsoft Only]
NY -> (WudfPff) WudfPff [Kernel | System | Running] -> %SystemRoot%\system32\drivers\WudfPff.sys
[Registry - Non-Microsoft Only]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Ian1\Desktop\utorrent.exe -> C:\Documents and Settings\Ian1\Desktop\utorrent.exe [C:\Documents and Settings\Ian1\Desktop\utorrent.exe:*:Enabled:µTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Warcraft III.exe -> C:\Program Files\Warcraft III\Warcraft III.exe [C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III]
[Files/Folders - Created Within 30 days]
NY -> core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk
NY -> WudfPff.sys -> %SystemRoot%\System32\drivers\WudfPff.sys
[Files/Folders - Modified Within 30 days]
NY -> core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk
NY -> WudfPff.sys -> %SystemRoot%\System32\drivers\WudfPff.sys
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YN -> @Alternate Data Stream - 147 bytes -> %AllUsersProfile%\Application Data\TEMP:A73B0434
YN -> @Alternate Data Stream - 111 bytes -> %AllUsersProfile%\Application Data\TEMP:B3D74A13
YN -> @Alternate Data Stream - 125 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#7 chexmixisgood

chexmixisgood
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 14 February 2008 - 07:58 AM

thanks very much for all your help so far.
according to this log, core.cache.dsk and wudfpff.sys were supposed to be removed on reboot.
i checked my drivers folder after the reboot and found they were still there.
thought that info might be helpful
thanks again


[Win32 Services - Non-Microsoft Only]
Service RPCSEO stopped successfully.
Service RPCSEO deleted successfully.
File  not found.
[Driver Services - Non-Microsoft Only]
Service WudfPff stopped successfully.
Service WudfPff deleted successfully.
File move failed. C:\WINDOWS\system32\drivers\WudfPff.sys scheduled to be moved on reboot.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Ian1\Desktop\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Warcraft III.exe deleted successfully.
[Files/Folders - Created Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\core.cache.dsk scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\drivers\WudfPff.sys scheduled to be moved on reboot.
[Files/Folders - Modified Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\core.cache.dsk scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\drivers\WudfPff.sys scheduled to be moved on reboot.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A73B0434 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Ian1\Local Settings\Temp\~DF113F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_224.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_308.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version Beta50 fix logfile created on 02142008_074900

Edited by chexmixisgood, 14 February 2008 - 08:01 AM.


#8 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:27 AM

Posted 14 February 2008 - 08:43 AM

Hi,

Better print these instructions out or save them to text file.
You will need it in safe mode.

Boot to SAFE mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Once there locate and delete these files: (watch the spelling please)

C:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\drivers\wudfpff.sys

Now click start> run> type cmd and hit "enter"
Type the following command exactly as you see it then hit enter:

sc delete wudfpff

You should get success message.

Reboot back to normal windows, post fresh hijackthis log and let me know if those files stay gone.
Let me know how machine is running.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#9 chexmixisgood

chexmixisgood
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 14 February 2008 - 03:07 PM

wudfpff.sys and core.cache.dsk were both successfully removed!
thanks very much for your time, blender.
i am not getting IE popups anymore.
just curious, what was wudfpff.sys?

here is a new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:20 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Connection Manager (NetCM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8381 bytes

#10 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:27 AM

Posted 15 February 2008 - 12:23 AM

Hi,

Good go! :blink:

As for what "wudfpff.sys" was -- it was the driver protecting core.cache.dsk.

More info about that trojan here:

http://research.sunbelt-software.com/threa...threatid=191099

have to be careful removing the bad sys files because they very closely resemble legit driver names.

In your case the trojan tried to mock wudfpf.sys which is legit:

http://www.file.net/process/wudfpf.sys.html
---------------------------

Question:

Did you install WinPCap?

---------------------------

Few folders I wanna have a closer look at.

Please close running programs and start WinPFind35u.exe

In the Drivers section click on Non-Microsoft.

Under "manual file or registry key scans" copy/paste the following:

C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\*.* /s
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\*.* /s
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\*.* /s
C:\Program Files\Common Files\Microsoft Shared\Speech\*.* /s

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#11 chexmixisgood

chexmixisgood
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 15 February 2008 - 08:19 PM

I did not install winpcap, which is weird because i see it showing up in some logs
here is what you requested

WinPFind35 logfile created on: 2/15/2008 8:16:35 PM
WinPFind35U Version Beta50	 Folder = C:\Documents and Settings\Ian1\Desktop\Spyware, antivirus\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.37 Mb Total Physical Memory | 182.18 Mb Available Physical Memory | 36.19% Memory free
1.94 Gb Paging File | 1.66 Gb Available in Paging File | 85.47% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.55 Gb Total Space | 11.79 Gb Free Space | 36.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IAN
Current User Name: Ian1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 4:02:40 PM | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 4:05:10 PM | Attr =	]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 4:12:32 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/3/2008 6:23:42 PM | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/3/2008 6:23:59 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 45 | Size = 389120 bytes | Modified Date = 9/7/2004 4:08:02 PM | Attr =	]
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 3/3/2005 11:29:02 PM | Attr =	]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 4:02:04 PM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 11/4/2007 9:14:13 PM | Attr =	]
adc.exe -> %ProgramFiles%\XemiComputers\Active Desktop Calendar\ADC.exe -> XemiComputers ltd. [Ver = 7, 3, 0, 0 | Size = 3694592 bytes | Modified Date = 12/19/2007 10:55:22 AM | Attr =	]
psnlite.exe -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 1, 1, 1073 | Size = 2080768 bytes | Modified Date = 10/15/2004 1:26:54 PM | Attr =	]
psngive.exe -> %ProgramFiles%\3M\PSNLite\PSNGive.exe -> 3M [Ver = 3, 1, 2, 2073 | Size = 65536 bytes | Modified Date = 10/15/2004 1:27:22 PM | Attr =	]
symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 308352 bytes | Modified Date = 8/5/2004 5:23:10 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\Spyware, antivirus\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/11/2008 7:14:48 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 12/18/2007 5:45:33 AM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/3/2008 6:23:42 PM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/3/2008 6:23:59 PM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 9/7/2004 4:02:40 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/7/2008 7:36:03 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr =	]
(NetCM) Network Connection Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Speech\svchost.exe -> File not found
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 3/3/2005 11:29:02 PM | Attr =	]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 9/7/2004 4:02:04 PM | Attr =	]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 86016 bytes | Modified Date = 8/2/2005 4:18:49 PM | Attr =	]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 9/7/2004 4:05:10 PM | Attr =	]
(SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 308352 bytes | Modified Date = 8/5/2004 5:23:10 PM | Attr =	]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 9/7/2004 4:12:32 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.1.0.1 | Size = 17056 bytes | Modified Date = 10/13/2005 1:03:04 AM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.5.1.271 | Size = 108791 bytes | Modified Date = 11/16/2004 4:03:52 PM | Attr =	]
(APLMp50) APLMp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\APLMp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.02 | Size = 18816 bytes | Modified Date = 2/16/2005 3:06:18 AM | Attr =	]
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 8/18/2004 2:53:54 PM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/3/2008 6:24:00 PM | Attr =	]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/3/2008 6:24:05 PM | Attr =	]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/3/2008 6:24:06 PM | Attr =	]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/3/2008 6:26:31 PM | Attr =	]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.25.0.0 built by: WinDDK | Size = 44928 bytes | Modified Date = 5/26/2004 8:18:18 PM | Attr =	]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.03a | Size = 87488 bytes | Modified Date = 12/1/2004 3:22:00 AM | Attr =	]
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.43a | Size = 40480 bytes | Modified Date = 11/23/2004 2:56:00 AM | Attr =	]
(dtscsi) dtscsi [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\dtscsi.sys -> File not found
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 12:12:10 PM | Attr =	]
(EntDrv51) EntDrv51 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EntDrv51.sys -> File not found
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =	]
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.0.0 | Size = 17480 bytes | Modified Date = 3/16/2007 7:44:01 PM | Attr =	]
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 200064 bytes | Modified Date = 6/17/2004 8:57:02 PM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 6/17/2004 8:55:04 PM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4410 | Size = 1302812 bytes | Modified Date = 10/14/2005 5:15:18 PM | Attr =	]
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iwca.sys -> Intel Corporation [Ver = 9.00.0.17 built by: WinDDK | Size = 234496 bytes | Modified Date = 8/12/2004 8:44:04 AM | Attr =	]
(KLIF) KLIF [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 2/1/2008 12:35:51 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LinksysFVNETusbl(AR)(R)) Linksys FVNETusbl(AR)(R) Service for Instant Wireless USB Network Adapter ver.2.6 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vnetusbl.sys -> Cisco-Linksys LLC [Ver = 4.10.9.428 built by: WinDDK | Size = 108032 bytes | Modified Date = 3/9/2004 9:48:08 PM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 6:04:14 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr =	]
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Modified Date = 8/2/2005 4:10:13 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 10:29:56 PM | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 2/13/2004 4:46:00 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Stopped] -> System32\Drivers\Pcouffin.sys -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.11B | Size = 46080 bytes | Modified Date = 5/16/2006 3:23:54 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr =	]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 9, 0, 0, 3 | Size = 11354 bytes | Modified Date = 8/31/2004 8:53:04 AM | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr =	]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 639224 bytes | Modified Date = 1/29/2007 7:36:25 PM | Attr =	]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 11:29:04 AM | Attr =	]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 11:28:50 AM | Attr =	]
(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.4255 | Size = 273168 bytes | Modified Date = 3/10/2005 10:56:06 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr =	]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25883 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86586 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15227 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr =	]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 10/31/2007 2:09:14 PM | Attr =	]
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9000-61 Driver | Size = 3210496 bytes | Modified Date = 10/21/2004 8:56:04 PM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 6/17/2004 8:55:38 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/3/2008 6:26:30 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/14/2007 11:43:10 PM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 11/4/2007 9:14:13 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Active Desktop Calendar -> %ProgramFiles%\XemiComputers\Active Desktop Calendar\ADC.exe -> XemiComputers ltd. [Ver = 7, 3, 0, 0 | Size = 3694592 bytes | Modified Date = 12/19/2007 10:55:22 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 1, 1, 1073 | Size = 2080768 bytes | Modified Date = 10/15/2004 1:26:54 PM | Attr =	]
< Ian1 Startup Folder > -> C:\Documents and Settings\Ian1\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 4:45:38 PM | Attr =	]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 9/7/2004 4:08:06 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 1/9/2008 3:01:48 PM | Attr =	]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{109AF998-67C5-4A5E-A58B-E782217EF4DE} ->	(Instant Wireless USB Network Adapter ver.2.6) -> 
{46013A79-9DE2-43DF-A7DA-AAC4751099E2} ->	(Instant Wireless USB Network Adapter ver.2.6) -> 
{89BF901C-1BCA-46B2-AEAA-B8538DDFE6F9} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 
{9B9C23E1-84D0-439C-AE2E-4A21B564780A} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{BB3FE053-B9A8-479D-BAC7-4D8698542337} ->	(1394 Net Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 



[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 2/14/2008 5:08:26 PM | Attr = RH ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 527892480 bytes | Modified Date = 2/15/2008 6:56:34 PM | Attr =  HS]
savcc20 -> %SystemDrive%\savcc20 ->  [Folder | Created Date = 2/1/2008 10:12:16 PM | Attr =	]
avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/3/2008 6:24:00 PM | Attr =	]
avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/3/2008 6:24:05 PM | Attr =	]
avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/3/2008 6:24:06 PM | Attr =	]
avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/3/2008 6:26:31 PM | Attr =	]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/3/2008 6:26:30 PM | Attr =	]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 4075040 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 55652 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 72992 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 7916 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]
klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 2/1/2008 12:35:51 PM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 2/3/2008 10:17:04 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Modified Date = 3/25/2003 6:53:50 PM | Attr =	]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 2/3/2008 6:24:49 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
EurekaLog.ini -> %SystemRoot%\EurekaLog.ini ->  [Ver =  | Size = 73 bytes | Modified Date = 2/3/2008 12:14:19 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 2/1/2008 10:31:05 PM | Attr =  H ]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 3439 bytes | Modified Date = 2/15/2008 10:56:51 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/15/2008 10:53:14 AM | Attr =	]
War3Unin.dat -> %SystemRoot%\War3Unin.dat ->  [Ver =  | Size = 76010 bytes | Modified Date = 2/14/2008 10:12:20 PM | Attr =	]
War3Unin.exe -> %SystemRoot%\War3Unin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 139264 bytes | Modified Date = 2/14/2008 6:34:31 PM | Attr =	]
War3Unin.pif -> %SystemRoot%\War3Unin.pif ->  [Ver =  | Size = 2829 bytes | Modified Date = 2/14/2008 6:34:32 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 2/14/2008 5:08:26 PM | Attr = RH ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 209 bytes | Modified Date = 2/14/2008 3:21:02 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 527892480 bytes | Modified Date = 2/15/2008 6:56:34 PM | Attr =  HS]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 2783 bytes | Modified Date = 1/28/2008 7:35:35 PM | Attr =  H ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/3/2008 6:22:58 PM | Attr = R  ]
quarantine -> %SystemDrive%\quarantine ->  [Folder | Modified Date = 1/28/2008 12:35:46 AM | Attr =	]
savcc20 -> %SystemDrive%\savcc20 ->  [Folder | Modified Date = 2/1/2008 10:12:18 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/15/2008 6:56:48 PM | Attr =	]
avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/3/2008 6:24:00 PM | Attr =	]
avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/3/2008 6:24:05 PM | Attr =	]
avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/3/2008 6:24:06 PM | Attr =	]
avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/3/2008 6:26:31 PM | Attr =	]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/3/2008 6:26:30 PM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/3/2008 12:50:36 AM | Attr =	]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 4075040 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 55652 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 72992 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 7916 bytes | Modified Date = 2/3/2008 11:34:22 AM | Attr =  HS]
klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 2/1/2008 12:35:51 PM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 2/3/2008 10:28:14 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/2/2008 3:02:17 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/15/2008 7:03:05 PM | Attr =	]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Modified Date = 2/2/2008 5:56:28 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 9:34:30 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/14/2008 3:01:50 PM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 2/2/2008 3:02:12 AM | Attr =	]
FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 2/15/2008 12:31:23 PM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 62128 bytes | Modified Date = 2/2/2008 2:16:33 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 402994 bytes | Modified Date = 2/2/2008 2:16:33 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 471628 bytes | Modified Date = 2/2/2008 2:16:33 PM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/3/2008 10:17:11 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2/15/2008 6:57:55 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 8:34:43 AM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 2/3/2008 8:44:49 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/15/2008 6:56:34 PM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2/15/2008 10:52:40 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/3/2008 10:17:06 PM | Attr =   S]
EurekaLog.ini -> %SystemRoot%\EurekaLog.ini ->  [Ver =  | Size = 73 bytes | Modified Date = 2/3/2008 12:14:19 AM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/3/2008 12:11:57 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 2/1/2008 10:32:46 PM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/1/2008 3:18:44 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 9:34:31 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/13/2008 9:34:13 AM | Attr =  HS]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 2/1/2008 10:33:58 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/15/2008 7:08:41 PM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 2/1/2008 11:52:03 PM | Attr =	]
randseed.rnd -> %SystemRoot%\randseed.rnd ->  [Ver =  | Size = 512 bytes | Modified Date = 1/28/2008 6:27:11 PM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/15/2008 6:57:37 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 2/3/2008 6:22:59 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2/14/2008 3:21:02 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/13/2008 9:06:46 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/15/2008 6:57:30 PM | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 3439 bytes | Modified Date = 2/15/2008 10:56:51 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/15/2008 10:53:14 AM | Attr =	]
War3Unin.dat -> %SystemRoot%\War3Unin.dat ->  [Ver =  | Size = 76010 bytes | Modified Date = 2/14/2008 10:12:20 PM | Attr =	]
War3Unin.exe -> %SystemRoot%\War3Unin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 139264 bytes | Modified Date = 2/14/2008 6:34:31 PM | Attr =	]
War3Unin.pif -> %SystemRoot%\War3Unin.pif ->  [Ver =  | Size = 2829 bytes | Modified Date = 2/14/2008 6:34:32 PM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 2/1/2008 10:34:27 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 632 bytes | Modified Date = 2/14/2008 3:21:02 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 429 bytes | Modified Date = 2/12/2008 4:15:25 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/4/2008 10:12:06 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/15/2008 6:56:41 PM | Attr =  H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job ->  [Ver =  | Size = 380 bytes | Modified Date = 2/15/2008 8:08:42 PM | Attr =	]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/22/2006 11:30:25 AM | Attr =  H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/22/2006 12:14:37 PM | Attr =  H ]
eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/2/2006 11:26:29 AM | Attr =  H ]
eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/2/2006 11:26:48 AM | Attr =  H ]
eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/3/2006 1:19:25 PM | Attr =  H ]
eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-13.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/4/2006 8:33:40 AM | Attr =  H ]
eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-14.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/5/2006 9:10:11 AM | Attr =  H ]
eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-15.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/5/2006 9:12:34 AM | Attr =  H ]
eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-16.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/6/2006 11:12:14 AM | Attr =  H ]
eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-17.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/6/2006 11:12:35 AM | Attr =  H ]
eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-18.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/6/2006 11:31:37 PM | Attr =  H ]
eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-19.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/6/2006 11:31:58 PM | Attr =  H ]
eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/26/2006 11:19:00 AM | Attr =  H ]
eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-20.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/7/2006 9:32:01 AM | Attr =  H ]
eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-21.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/7/2006 9:32:45 AM | Attr =  H ]
eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-22.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/8/2006 10:03:14 AM | Attr =  H ]
eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-23.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/8/2006 10:03:43 AM | Attr =  H ]
eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-24.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/9/2006 12:50:23 PM | Attr =  H ]
eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-25.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/10/2006 6:03:51 PM | Attr =  H ]
eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-26.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/11/2006 11:14:21 AM | Attr =  H ]
eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-27.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/11/2006 11:17:48 AM | Attr =  H ]
eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-28.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/12/2006 9:32:17 AM | Attr =  H ]
eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-29.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/13/2006 2:06:00 AM | Attr =  H ]
eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/26/2006 2:59:58 PM | Attr =  H ]
eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-30.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/12/2006 9:32:37 AM | Attr =  H ]
eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-31.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/13/2006 2:06:32 AM | Attr =  H ]
eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-32.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/13/2006 1:51:42 PM | Attr =  H ]
eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-33.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/13/2006 1:53:25 PM | Attr =  H ]
eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-34.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/13/2006 8:29:40 PM | Attr =  H ]
eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-35.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/14/2006 10:49:18 AM | Attr =  H ]
eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-36.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/14/2006 10:49:42 AM | Attr =  H ]
eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-37.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/15/2006 9:06:53 AM | Attr =  H ]
eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-38.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/15/2006 1:44:34 PM | Attr =  H ]
eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-39.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/17/2006 11:55:10 AM | Attr =  H ]
eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/26/2006 7:44:13 PM | Attr =  H ]
eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-40.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/17/2006 12:09:37 PM | Attr =  H ]
eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-41.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/18/2006 11:10:11 AM | Attr =  H ]
eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-42.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/19/2006 11:14:20 AM | Attr =  H ]
eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-43.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/19/2006 11:15:12 AM | Attr =  H ]
eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-44.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/20/2006 10:25:59 AM | Attr =  H ]
eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-45.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/20/2006 10:17:29 PM | Attr =  H ]
eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-46.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/20/2006 10:18:23 PM | Attr =  H ]
eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-47.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/21/2006 1:41:55 PM | Attr =  H ]
eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/27/2006 11:56:05 AM | Attr =  H ]
eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/29/2006 11:21:41 AM | Attr =  H ]
eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 11/30/2006 9:44:08 AM | Attr =  H ]
eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/1/2006 12:58:47 PM | Attr =  H ]
eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 12/1/2006 12:59:11 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 11424 bytes | Modified Date = 2/15/2008 6:58:06 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 11424 bytes | Modified Date = 2/15/2008 6:58:06 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 12/11/2005 1:24:58 PM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 2/5/2007 12:24:20 AM | Attr =	]
war3_Install.exe -> C:\Documents and Settings\Ian1\Local Settings\Temp\war3_Install.exe -> Blizzard Entertainment [Ver = 1, 5, 0, 0 | Size = 299008 bytes | Modified Date = 5/18/2003 1:55:04 PM | Attr =	]
8 C:\Documents and Settings\Ian1\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Ian1\Local Settings\Temp\*.tmp -> 
SIntf16.dll -> C:\Documents and Settings\Ian1\Local Settings\Temp\SIntf16.dll ->  [Ver =  | Size = 12067 bytes | Modified Date = 2/14/2008 6:34:51 PM | Attr =	]
SIntf32.dll -> C:\Documents and Settings\Ian1\Local Settings\Temp\SIntf32.dll ->  [Ver =  | Size = 19924 bytes | Modified Date = 2/14/2008 6:34:51 PM | Attr =	]
SIntfNT.dll -> C:\Documents and Settings\Ian1\Local Settings\Temp\SIntfNT.dll ->  [Ver =  | Size = 24516 bytes | Modified Date = 2/14/2008 6:34:51 PM | Attr =	]
8 C:\Documents and Settings\Ian1\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Ian1\Local Settings\Temp\*.tmp -> 
Perflib_Perfdata_204.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_204.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/15/2008 6:56:52 PM | Attr =	]
Perflib_Perfdata_268.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_268.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/15/2008 11:00:40 AM | Attr =	]
Perflib_Perfdata_638.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_638.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/15/2008 6:57:06 PM | Attr =	]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

[Manual Scans]
< C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\*.* /s >
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584 ->  [Folder | Modified Date = 1/14/2008 1:01:11 PM | Attr =	]
Deployment.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\Deployment.xml ->  [Ver =  | Size = 2819 bytes | Modified Date = 1/14/2008 1:01:15 PM | Attr =	]
Setup.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\Setup.exe -> Adobe Systems, Copyright 2005-2007 [Ver = 1,1,8,0 | Size = 2688968 bytes | Modified Date = 6/29/2007 10:29:22 AM | Attr =	]
WinBootstrapper.msi -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\WinBootstrapper.msi ->  [Ver =  | Size = 1900544 bytes | Modified Date = 6/29/2007 10:28:42 AM | Attr =	]
WinBootstrapper1.cab -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\WinBootstrapper1.cab ->  [Ver =  | Size = 514375 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads ->  [Folder | Modified Date = 1/14/2008 1:01:09 PM | Attr =	]
Setup.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\Setup.xml ->  [Ver =  | Size = 320 bytes | Modified Date = 6/29/2007 10:28:26 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All ->  [Folder | Modified Date = 1/14/2008 1:01:09 PM | Attr =	]
AdobeExtendScriptToolkit2.0.1All.boot.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\AdobeExtendScriptToolkit2.0.1All.boot.xml ->  [Ver =  | Size = 7196 bytes | Modified Date = 6/29/2007 10:28:40 AM | Attr =	]
AdobeExtendScriptToolkit2.0.1All.msi -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\AdobeExtendScriptToolkit2.0.1All.msi ->  [Ver =  | Size = 2442240 bytes | Modified Date = 6/29/2007 10:29:02 AM | Attr =	]
AdobeExtendScriptToolkit2.0.1All.proxy.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\AdobeExtendScriptToolkit2.0.1All.proxy.xml ->  [Ver =  | Size = 1903272 bytes | Modified Date = 6/29/2007 10:28:40 AM | Attr =	]
AdobeExtendScriptToolkit2.0.1All1.cab -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\AdobeExtendScriptToolkit2.0.1All1.cab ->  [Ver =  | Size = 6227717 bytes | Modified Date = 6/29/2007 10:29:00 AM | Attr =	]
ar_AE.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\ar_AE.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:02 AM | Attr =	]
be_BY.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\be_BY.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:02 AM | Attr =	]
bg_BG.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\bg_BG.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:02 AM | Attr =	]
ca_ES.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\ca_ES.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:02 AM | Attr =	]
cs_CZ.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\cs_CZ.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:02 AM | Attr =	]
da_DK.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\da_DK.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:04 AM | Attr =	]
de_DE.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\de_DE.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:04 AM | Attr =	]
el_GR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\el_GR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:04 AM | Attr =	]
en_GB.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\en_GB.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:04 AM | Attr =	]
en_US.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\en_US.mst ->  [Ver =  | Size = 4096 bytes | Modified Date = 6/29/2007 10:29:02 AM | Attr =	]
en_XC.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\en_XC.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:04 AM | Attr =	]
en_XM.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\en_XM.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:04 AM | Attr =	]
es_ES.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\es_ES.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:04 AM | Attr =	]
es_QM.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\es_QM.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:04 AM | Attr =	]
et_EE.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\et_EE.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:04 AM | Attr =	]
fi_FI.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\fi_FI.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:04 AM | Attr =	]
fr_FR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\fr_FR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
fr_XM.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\fr_XM.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
he_IL.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\he_IL.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
hi_IN.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\hi_IN.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
hr_HR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\hr_HR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
hu_HU.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\hu_HU.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
is_IS.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\is_IS.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
it_IT.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\it_IT.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
ja_JP.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\ja_JP.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
ko_KR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\ko_KR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
lt_LT.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\lt_LT.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
lv_LV.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\lv_LV.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:06 AM | Attr =	]
mk_MK.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\mk_MK.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
nb_NO.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\nb_NO.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
nl_NL.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\nl_NL.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
pl_PL.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\pl_PL.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
pt_BR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\pt_BR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
ro_RO.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\ro_RO.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
ru_RU.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\ru_RU.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
sh_YU.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\sh_YU.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
sk_SK.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\sk_SK.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
sl_SI.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\sl_SI.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
sq_AL.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\sq_AL.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
sv_SE.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\sv_SE.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:08 AM | Attr =	]
th_TH.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\th_TH.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:10 AM | Attr =	]
tr_TR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\tr_TR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:10 AM | Attr =	]
uk_UA.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\uk_UA.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:10 AM | Attr =	]
vi_VN.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\vi_VN.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:10 AM | Attr =	]
zh_CN.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\zh_CN.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:10 AM | Attr =	]
zh_TW.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\payloads\AdobeExtendScriptToolkit2.0.1All\zh_TW.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 6/29/2007 10:29:10 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\redist\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\redist ->  [Folder | Modified Date = 1/14/2008 1:01:09 PM | Attr =	]
WindowsInstaller-KB893803-v2-x86.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\redist\WindowsInstaller-KB893803-v2-x86.exe -> Microsoft Corporation [Ver = 3.1 | Size = 2585872 bytes | Modified Date = 6/29/2007 10:24:32 AM | Attr =	]
WindowsServer2003-KB898715-ia64-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\redist\WindowsServer2003-KB898715-ia64-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 5960944 bytes | Modified Date = 6/29/2007 10:24:34 AM | Attr =	]
WindowsServer2003-KB898715-x64-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\redist\WindowsServer2003-KB898715-x64-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 4584688 bytes | Modified Date = 6/29/2007 10:24:34 AM | Attr =	]
WindowsServer2003-KB898715-x86-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\redist\WindowsServer2003-KB898715-x86-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 1536752 bytes | Modified Date = 6/29/2007 10:24:36 AM | Attr =	]
WindowsXP-KB898715-x64-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\redist\WindowsXP-KB898715-x64-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 4584688 bytes | Modified Date = 6/29/2007 10:24:36 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources ->  [Folder | Modified Date = 1/14/2008 1:01:10 PM | Attr =	]
main.html -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\main.htm ->  [Ver =  | Size = 7292 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
main.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\main.xml ->  [Ver =  | Size = 25990 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common ->  [Folder | Modified Date = 1/14/2008 1:01:10 PM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\alert\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\alert ->  [Folder | Modified Date = 1/14/2008 1:01:10 PM | Attr =	]
alert.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\alert\alert.css ->  [Ver =  | Size = 583 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
alert.html -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\alert\alert.htm ->  [Ver =  | Size = 2412 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
alert_ie.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\alert\alert_ie.css ->  [Ver =  | Size = 508 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
alert_rtl.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\alert\alert_rtl.css ->  [Ver =  | Size = 623 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
alert_rtl_ie.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\alert\alert_rtl_ie.css ->  [Ver =  | Size = 548 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\scripts\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\scripts ->  [Folder | Modified Date = 1/14/2008 1:01:10 PM | Attr =	]
ContainerProxy.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\scripts\ContainerProxy.js ->  [Ver =  | Size = 32241 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
localization.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\scripts\localization.js ->  [Ver =  | Size = 10366 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
silentWorkflow.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\scripts\silentWorkflow.js ->  [Ver =  | Size = 46303 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
utils.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\common\scripts\utils.js ->  [Ver =  | Size = 109621 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media ->  [Folder | Modified Date = 1/14/2008 1:01:10 PM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media\css\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media\css ->  [Folder | Modified Date = 1/14/2008 1:01:10 PM | Attr =	]
styles.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media\css\styles.css ->  [Ver =  | Size = 1572 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media\img\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media\img ->  [Folder | Modified Date = 1/14/2008 1:01:10 PM | Attr =	]
progbarLeft_on.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media\img\progbarLeft_on.png ->  [Ver =  | Size = 270 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
progbarRight.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media\img\progbarRight.png ->  [Ver =  | Size = 273 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
progbar_on.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media\img\progbar_on.png ->  [Ver =  | Size = 162 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
progbox.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer2584\resources\media\img\progbox.png ->  [Ver =  | Size = 1692 bytes | Modified Date = 6/29/2007 10:25:04 AM | Attr =	]
< C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\*.* /s >
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476 ->  [Folder | Modified Date = 1/14/2008 1:16:41 PM | Attr =	]
Deployment.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\Deployment.xml ->  [Ver =  | Size = 2193 bytes | Modified Date = 1/14/2008 1:16:46 PM | Attr =	]
Setup.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\Setup.exe -> Adobe Systems, Copyright 2005-2007 [Ver = 1,0,135,0 | Size = 2641920 bytes | Modified Date = 5/29/2007 11:01:54 AM | Attr =	]
WinBootstrapper.msi -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\WinBootstrapper.msi ->  [Ver =  | Size = 1900544 bytes | Modified Date = 5/29/2007 11:05:40 AM | Attr =	]
WinBootstrapper1.cab -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\WinBootstrapper1.cab ->  [Ver =  | Size = 511676 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\payloads\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\payloads ->  [Folder | Modified Date = 1/14/2008 1:16:39 PM | Attr =	]
Setup.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\payloads\Setup.xml ->  [Ver =  | Size = 312 bytes | Modified Date = 5/29/2007 11:05:56 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\payloads\AdobeColorCommonSet1.0.1All\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\payloads\AdobeColorCommonSet1.0.1All ->  [Folder | Modified Date = 1/14/2008 1:16:39 PM | Attr =	]
AdobeColorCommonSet1.0.1All.boot.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\payloads\AdobeColorCommonSet1.0.1All\AdobeColorCommonSet1.0.1All.boot.xml ->  [Ver =  | Size = 5882 bytes | Modified Date = 5/29/2007 11:05:36 AM | Attr =	]
AdobeColorCommonSet1.0.1All.msi -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\payloads\AdobeColorCommonSet1.0.1All\AdobeColorCommonSet1.0.1All.msi ->  [Ver =  | Size = 1815552 bytes | Modified Date = 5/29/2007 11:05:48 AM | Attr =	]
AdobeColorCommonSet1.0.1All.proxy.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\payloads\AdobeColorCommonSet1.0.1All\AdobeColorCommonSet1.0.1All.proxy.xml ->  [Ver =  | Size = 8230 bytes | Modified Date = 5/29/2007 11:05:36 AM | Attr =	]
AdobeColorCommonSet1.0.1All1.cab -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\payloads\AdobeColorCommonSet1.0.1All\AdobeColorCommonSet1.0.1All1.cab ->  [Ver =  | Size = 5548570 bytes | Modified Date = 5/29/2007 11:05:48 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\redist\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\redist ->  [Folder | Modified Date = 1/14/2008 1:16:39 PM | Attr =	]
WindowsInstaller-KB893803-v2-x86.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\redist\WindowsInstaller-KB893803-v2-x86.exe -> Microsoft Corporation [Ver = 3.1 | Size = 2585872 bytes | Modified Date = 5/29/2007 11:00:26 AM | Attr =	]
WindowsServer2003-KB898715-ia64-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\redist\WindowsServer2003-KB898715-ia64-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 5960944 bytes | Modified Date = 5/29/2007 11:00:34 AM | Attr =	]
WindowsServer2003-KB898715-x64-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\redist\WindowsServer2003-KB898715-x64-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 4584688 bytes | Modified Date = 5/29/2007 11:00:40 AM | Attr =	]
WindowsServer2003-KB898715-x86-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\redist\WindowsServer2003-KB898715-x86-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 1536752 bytes | Modified Date = 5/29/2007 11:00:42 AM | Attr =	]
WindowsXP-KB898715-x64-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\redist\WindowsXP-KB898715-x64-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 4584688 bytes | Modified Date = 5/29/2007 11:00:48 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources ->  [Folder | Modified Date = 1/14/2008 1:16:40 PM | Attr =	]
main.html -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\main.htm ->  [Ver =  | Size = 7292 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
main.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\main.xml ->  [Ver =  | Size = 25993 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common ->  [Folder | Modified Date = 1/14/2008 1:16:40 PM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\alert\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\alert ->  [Folder | Modified Date = 1/14/2008 1:16:40 PM | Attr =	]
alert.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\alert\alert.css ->  [Ver =  | Size = 583 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
alert.html -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\alert\alert.htm ->  [Ver =  | Size = 2418 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
alert_ie.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\alert\alert_ie.css ->  [Ver =  | Size = 508 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\scripts\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\scripts ->  [Folder | Modified Date = 1/14/2008 1:16:40 PM | Attr =	]
ContainerProxy.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\scripts\ContainerProxy.js ->  [Ver =  | Size = 32241 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
localization.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\scripts\localization.js ->  [Ver =  | Size = 9181 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
silentWorkflow.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\scripts\silentWorkflow.js ->  [Ver =  | Size = 46303 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
utils.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\common\scripts\utils.js ->  [Ver =  | Size = 110156 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media ->  [Folder | Modified Date = 1/14/2008 1:16:40 PM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media\css\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media\css ->  [Folder | Modified Date = 1/14/2008 1:16:40 PM | Attr =	]
styles.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media\css\styles.css ->  [Ver =  | Size = 1572 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media\img\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media\img ->  [Folder | Modified Date = 1/14/2008 1:16:40 PM | Attr =	]
progbarLeft_on.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media\img\progbarLeft_on.png ->  [Ver =  | Size = 270 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
progbarRight.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media\img\progbarRight.png ->  [Ver =  | Size = 273 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
progbar_on.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media\img\progbar_on.png ->  [Ver =  | Size = 162 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
progbox.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer476\resources\media\img\progbox.png ->  [Ver =  | Size = 1692 bytes | Modified Date = 5/29/2007 11:01:56 AM | Attr =	]
< C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\*.* /s >
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564 ->  [Folder | Modified Date = 1/21/2008 1:41:25 PM | Attr =	]
Deployment.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\Deployment.xml ->  [Ver =  | Size = 2858 bytes | Modified Date = 1/21/2008 1:41:26 PM | Attr =	]
Setup.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\Setup.exe -> Adobe Systems, Copyright 2005-2007 [Ver = 1,1,8,0 | Size = 2682880 bytes | Modified Date = 12/19/2007 7:58:16 AM | Attr =	]
WinBootstrapper.msi -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\WinBootstrapper.msi ->  [Ver =  | Size = 1900544 bytes | Modified Date = 12/19/2007 7:58:16 AM | Attr =	]
WinBootstrapper1.cab -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\WinBootstrapper1.cab ->  [Ver =  | Size = 514375 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads ->  [Folder | Modified Date = 1/21/2008 1:41:22 PM | Attr =	]
Setup.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\Setup.xml ->  [Ver =  | Size = 320 bytes | Modified Date = 12/19/2007 7:57:56 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All ->  [Folder | Modified Date = 1/21/2008 1:41:22 PM | Attr =	]
AdobeExtendScriptToolkit2.0.2All.boot.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\AdobeExtendScriptToolkit2.0.2All.boot.xml ->  [Ver =  | Size = 7196 bytes | Modified Date = 12/19/2007 7:58:14 AM | Attr =	]
AdobeExtendScriptToolkit2.0.2All.msi -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\AdobeExtendScriptToolkit2.0.2All.msi ->  [Ver =  | Size = 2437632 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
AdobeExtendScriptToolkit2.0.2All.proxy.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\AdobeExtendScriptToolkit2.0.2All.proxy.xml ->  [Ver =  | Size = 1898247 bytes | Modified Date = 12/19/2007 7:58:14 AM | Attr =	]
AdobeExtendScriptToolkit2.0.2All1.cab -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\AdobeExtendScriptToolkit2.0.2All1.cab ->  [Ver =  | Size = 6407837 bytes | Modified Date = 12/19/2007 7:58:34 AM | Attr =	]
ar_AE.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\ar_AE.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
be_BY.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\be_BY.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
bg_BG.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\bg_BG.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
ca_ES.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\ca_ES.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
cs_CZ.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\cs_CZ.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
da_DK.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\da_DK.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
de_DE.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\de_DE.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
el_GR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\el_GR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
en_GB.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\en_GB.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
en_US.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\en_US.mst ->  [Ver =  | Size = 4096 bytes | Modified Date = 12/19/2007 7:58:36 AM | Attr =	]
en_XC.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\en_XC.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
en_XM.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\en_XM.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
es_ES.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\es_ES.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
es_QM.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\es_QM.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
et_EE.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\et_EE.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
fi_FI.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\fi_FI.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
fr_FR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\fr_FR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
fr_XM.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\fr_XM.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
he_IL.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\he_IL.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
hi_IN.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\hi_IN.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
hr_HR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\hr_HR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
hu_HU.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\hu_HU.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:38 AM | Attr =	]
is_IS.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\is_IS.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
it_IT.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\it_IT.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
ja_JP.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\ja_JP.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
ko_KR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\ko_KR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
lt_LT.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\lt_LT.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
lv_LV.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\lv_LV.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
mk_MK.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\mk_MK.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
nb_NO.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\nb_NO.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
nl_NL.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\nl_NL.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
pl_PL.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\pl_PL.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
pt_BR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\pt_BR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
ro_RO.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\ro_RO.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:40 AM | Attr =	]
ru_RU.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\ru_RU.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
sh_YU.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\sh_YU.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
sk_SK.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\sk_SK.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
sl_SI.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\sl_SI.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
sq_AL.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\sq_AL.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
sv_SE.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\sv_SE.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
th_TH.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\th_TH.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
tr_TR.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\tr_TR.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
uk_UA.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\uk_UA.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
vi_VN.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\vi_VN.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
zh_CN.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\zh_CN.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
zh_TW.mst -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\payloads\AdobeExtendScriptToolkit2.0.2All\zh_TW.mst ->  [Ver =  | Size = 4608 bytes | Modified Date = 12/19/2007 7:58:42 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\redist\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\redist ->  [Folder | Modified Date = 1/21/2008 1:41:22 PM | Attr =	]
WindowsInstaller-KB893803-v2-x86.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\redist\WindowsInstaller-KB893803-v2-x86.exe -> Microsoft Corporation [Ver = 3.1 | Size = 2585872 bytes | Modified Date = 12/19/2007 7:53:58 AM | Attr =	]
WindowsServer2003-KB898715-ia64-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\redist\WindowsServer2003-KB898715-ia64-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 5960944 bytes | Modified Date = 12/19/2007 7:54:00 AM | Attr =	]
WindowsServer2003-KB898715-x64-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\redist\WindowsServer2003-KB898715-x64-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 4584688 bytes | Modified Date = 12/19/2007 7:54:02 AM | Attr =	]
WindowsServer2003-KB898715-x86-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\redist\WindowsServer2003-KB898715-x86-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 1536752 bytes | Modified Date = 12/19/2007 7:54:02 AM | Attr =	]
WindowsXP-KB898715-x64-enu.exe -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\redist\WindowsXP-KB898715-x64-enu.exe -> Microsoft Corporation [Ver = 1 | Size = 4584688 bytes | Modified Date = 12/19/2007 7:54:04 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources ->  [Folder | Modified Date = 1/21/2008 1:41:23 PM | Attr =	]
main.html -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\main.htm ->  [Ver =  | Size = 7292 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
main.xml -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\main.xml ->  [Ver =  | Size = 25990 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common ->  [Folder | Modified Date = 1/21/2008 1:41:23 PM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\alert\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\alert ->  [Folder | Modified Date = 1/21/2008 1:41:23 PM | Attr =	]
alert.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\alert\alert.css ->  [Ver =  | Size = 583 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
alert.html -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\alert\alert.htm ->  [Ver =  | Size = 2412 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
alert_ie.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\alert\alert_ie.css ->  [Ver =  | Size = 508 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
alert_rtl.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\alert\alert_rtl.css ->  [Ver =  | Size = 623 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
alert_rtl_ie.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\alert\alert_rtl_ie.css ->  [Ver =  | Size = 548 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\scripts\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\scripts ->  [Folder | Modified Date = 1/21/2008 1:41:23 PM | Attr =	]
ContainerProxy.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\scripts\ContainerProxy.js ->  [Ver =  | Size = 32241 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
localization.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\scripts\localization.js ->  [Ver =  | Size = 10366 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
silentWorkflow.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\scripts\silentWorkflow.js ->  [Ver =  | Size = 46303 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
utils.js -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\common\scripts\utils.js ->  [Ver =  | Size = 109621 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media ->  [Folder | Modified Date = 1/21/2008 1:41:23 PM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media\css\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media\css ->  [Folder | Modified Date = 1/21/2008 1:41:23 PM | Attr =	]
styles.css -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media\css\styles.css ->  [Ver =  | Size = 1572 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media\img\ -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media\img ->  [Folder | Modified Date = 1/21/2008 1:41:23 PM | Attr =	]
progbarLeft_on.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media\img\progbarLeft_on.png ->  [Ver =  | Size = 270 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
progbarRight.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media\img\progbarRight.png ->  [Ver =  | Size = 273 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
progbar_on.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media\img\progbar_on.png ->  [Ver =  | Size = 162 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
progbox.png -> C:\Documents and Settings\Ian1\Local Settings\Application Data\Installer564\resources\media\img\progbox.png ->  [Ver =  | Size = 1692 bytes | Modified Date = 12/19/2007 7:54:40 AM | Attr =	]
< C:\Program Files\Common Files\Microsoft Shared\Speech\*.* /s >
C:\Program Files\Common Files\Microsoft Shared\Speech\ -> C:\Program Files\Common Files\Microsoft Shared\Speech ->  [Folder | Modified Date = 1/27/2007 12:21:29 PM | Attr =	]
sapi.cpl -> C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.cpl -> Microsoft Corporation [Ver = 5.1.4111.00  (xpsp_sp2_rtm.040803-2158) | Size = 155648 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]
sapi.dll -> C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll -> Microsoft Corporation [Ver = 5.1.4111.00  (xpsp_sp2_rtm.040803-2158) | Size = 741376 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]
sapisvr.exe -> C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe -> Microsoft Corporation [Ver = 5.1.4111.00  (XPClient.010817-1148) | Size = 36864 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]
C:\Program Files\Common Files\Microsoft Shared\Speech\1033\ -> C:\Program Files\Common Files\Microsoft Shared\Speech\1033 ->  [Folder | Modified Date = 8/19/2004 3:57:50 PM | Attr =	]
spcplui.dll -> C:\Program Files\Common Files\Microsoft Shared\Speech\1033\spcplui.dll -> Microsoft Corporation [Ver = 5.1.4111.00  (XPClient.010817-1148) | Size = 61440 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr =	]
< End of report >


#12 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:27 AM

Posted 16 February 2008 - 02:58 PM

Hi,

What version of Norton did you used to have? Remember?

Small fix this time. :blink:

Go to add/remove programs and uninstall WinPCap -- rebooting if asked.
Alot of malware installs have been installing this program.
More info about pcap:
http://en.wikipedia.org/wiki/Pcap

Once WinPCap is uninstalled ...

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
NY -> (NetCM) Network Connection Manager [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Speech\svchost.exe
[Driver Services - Non-Microsoft Only]
NY -> (NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys
[Registry - Non-Microsoft Only]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#13 chexmixisgood

chexmixisgood
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 16 February 2008 - 03:14 PM

Norton security center is installed on my computer - i think it came with it. the version is: 2005.1.0.111. Symantec's liveupdate 2.6 is also installed on my computer.

here is the log. i ichecked if the 3 files were deleted on reboot, and i think they are. they did not appear when i looked in the folders after making all hidden files visible.

thanks

[Win32 Services - Non-Microsoft Only]
Service NetCM stopped successfully.
Service NetCM deleted successfully.
File C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe not found.
[Driver Services - Non-Microsoft Only]
Unable to stop service NPF .
Unable to delete service NPF .
File C:\WINDOWS\system32\drivers\npf.sys not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Ian1\Local Settings\Temp\~DF99C3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_790.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b0.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >


#14 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:27 AM

Posted 16 February 2008 - 03:25 PM

Can you uninstall Norton Security Center & live Update?

They would no longer work right being they are a few years old -- and were most likely part of Norton antivirus or Internet Security.
Security Center & Live Update are just part of NIS or NAV.

If they don't want to uninstall --
Head over to this page:

http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Pick the product you had, then choose your Operating system and follow instructions to use the removal tool.

Post fresh hijackthis log when done please.

Let me know if any troubles.

note*
The files in temp that begin with "Perflib_Perfdata" are normal to return --
I had WinPFind empty out the temp folders -- and normally Windows hangs onto those files.
Normal for them to be re-created by the system and usually not malicious.
So if you see similar ones return -- they can be left alone.

thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#15 chexmixisgood

chexmixisgood
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 16 February 2008 - 05:27 PM

i have uninstalled symantec's products and am currently not experiencing any obvious issues with my computer
here's the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:56 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7790 bytes





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users