Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Stop Pop Ups! Tried Everything - No Viruses


  • Please log in to reply
5 replies to this topic

#1 dane420

dane420

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 08 February 2008 - 01:20 AM

Hi guys, I've tried about everything i can think of. anti spyware, malware programs, pop up blockers dont help
anti virus programs never reveal any viruses. suspect its malware, just cant find it. popups seem to be related to the web page that i am currently on or navigating to. usually at least one pop up per page i visit. thanks for the help. if more info is needed, i'd be glad to repost



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:47 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {497A714D-B0C0-4B0B-A9F3-43552097A703} - C:\WINDOWS\system32\yabaw.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\urqqpno.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .thp: C:\Program Files\Internet Explorer\Plugins\NPLM32.DLL
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O20 - Winlogon Notify: urqqpno - urqqpno.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11276 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:10 AM

Posted 13 February 2008 - 01:00 PM

Hello dane420 and welcome to the BC HijackThis forum. Let's try a different scanner and see what it shows us.

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 dane420

dane420
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 18 February 2008 - 03:37 AM

WinPFind35 logfile created on: 2/18/2008 1:32:18 AM

WinPFind35U Version Beta52	 Folder = C:\Documents and Settings\Dane\Desktop\WinPFind35u

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

511.36 Mb Total Physical Memory | 142.39 Mb Available Physical Memory | 27.85% Memory free

864.33 Mb Paging File | 483.40 Mb Available in Paging File | 55.93% Paging File free

Paging file location(s): C:\pagefile.sys 384 768;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.71 Gb Total Space | 9.68 Gb Free Space | 28.71% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: DANES

Current User Name: Dane

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]

guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 5:31:10 AM | Attr =	]

avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/1/2008 1:07:28 AM | Attr =	]

avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/1/2008 1:07:42 AM | Attr =	]

googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 1/4/2008 11:05:08 PM | Attr =	]

lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.31.1 | Size = 53248 bytes | Modified Date = 6/20/2005 11:10:30 PM | Attr =	]

nvsvc32.exe -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4586 | Size = 77824 bytes | Modified Date = 1/8/2004 1:26:00 PM | Attr =	]

hpzipm12.exe -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 11:14:36 AM | Attr =	]

tivobeacon.exe -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.5 | Size = 867328 bytes | Modified Date = 9/25/2007 10:33:18 AM | Attr =	]

calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 0, 0, 21 | Size = 86606 bytes | Modified Date = 6/2/2005 2:54:34 PM | Attr =	]

bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr =	]

syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.10.8 22Apr04 | Size = 98304 bytes | Modified Date = 4/22/2004 2:23:44 PM | Attr =	]

tfswctrl.exe -> %SystemRoot%\SYSTEM32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.07b | Size = 122933 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611  | Size = 290816 bytes | Modified Date = 4/11/2004 6:15:14 PM | Attr =	]

dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 4/11/2004 9:43:44 AM | Attr =	]

quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe ->  [Ver = 1, 0, 0, 1 | Size = 487424 bytes | Modified Date = 3/4/2004 6:59:30 PM | Attr =	]

winampa.exe -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 33792 bytes | Modified Date = 12/12/2003 5:50:34 PM | Attr =	]

gear511.exe -> %ProgramFiles%\NETGEAR\WG511SCU\Utility\Gear511.exe ->   [Ver = 2, 39, 26, 4 | Size = 475136 bytes | Modified Date = 12/3/2004 2:05:02 PM | Attr =	]

hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/11/2005 10:12:54 PM | Attr =	]

dvdtray.exe -> %ProgramFiles%\Ahead\ODD Toolkit\dvdtray.exe -> Hewlett-Packard Company [Ver = 2.0 | Size = 65536 bytes | Modified Date = 9/3/2004 1:58:48 AM | Attr =	]

ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.3.2.6 | Size = 271672 bytes | Modified Date = 8/15/2007 7:15:24 PM | Attr =	]

avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 2:25:42 AM | Attr =	]

avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/1/2008 11:24:37 AM | Attr =	]

jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 11/19/2003 3:48:14 PM | Attr =	]

exec.exe -> %ProgramFiles%\NetZero\exec.exe -> NetZero [Ver = 4, 3, 0, 0 | Size = 776704 bytes | Modified Date = 11/10/2005 5:57:32 PM | Attr =	]

exec.exe -> %ProgramFiles%\NetZero\exec.exe -> NetZero [Ver = 4, 3, 0, 0 | Size = 776704 bytes | Modified Date = 11/10/2005 5:57:32 PM | Attr =	]

ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.2.6 | Size = 501048 bytes | Modified Date = 8/15/2007 7:15:16 PM | Attr =	]

tivotransfer.exe -> %CommonProgramFiles%\TiVo Shared\Transfer\TiVoTransfer.exe -> TiVo Inc. [Ver = 1.3 | Size = 1195008 bytes | Modified Date = 9/25/2007 10:33:52 AM | Attr =	]

tivonotify.exe -> %ProgramFiles%\TiVo\Desktop\TiVoNotify.exe -> TiVo Inc. [Ver = 1.1 | Size = 384000 bytes | Modified Date = 9/25/2007 10:34:16 AM | Attr =	]

tivoserver.exe -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe -> TiVo Inc. [Ver = 1.4 | Size = 1495040 bytes | Modified Date = 9/25/2007 10:35:44 AM | Attr =	]

x1exec.exe -> %ProgramFiles%\NetZero\qsacc\x1exec.exe -> NetZero, Inc. [Ver = 3.6.00 | Size = 241664 bytes | Modified Date = 6/27/2005 3:36:06 PM | Attr =	]

googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 1/4/2008 11:05:05 PM | Attr =	]

yahoowidgets.exe -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgets.exe -> Yahoo! Inc. [Ver = 4.5.1 | Size = 3746856 bytes | Modified Date = 12/11/2007 3:34:48 PM | Attr =	]

winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/16/2008 1:03:26 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 5:31:10 AM | Attr =	]

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/1/2008 1:07:28 AM | Attr =	]

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/1/2008 1:07:42 AM | Attr =	]

(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 0, 0, 21 | Size = 86606 bytes | Modified Date = 6/2/2005 2:54:34 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr =	]

(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 1/4/2008 11:05:08 PM | Attr =	]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]

(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.2.6 | Size = 501048 bytes | Modified Date = 8/15/2007 7:15:16 PM | Attr =	]

(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.31.1 | Size = 53248 bytes | Modified Date = 6/20/2005 11:10:30 PM | Attr =	]

(McTaskManager) McAfee Task Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee\AntiSpyware Enterprise\VsTskMgr.exe -> File not found

(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4586 | Size = 77824 bytes | Modified Date = 1/8/2004 1:26:00 PM | Attr =	]

(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 11:14:36 AM | Attr =	]

(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.5 | Size = 867328 bytes | Modified Date = 9/25/2007 10:33:18 AM | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 11:51:56 AM | Attr =	]

(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:42 PM | Attr =	]

(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 11:52:00 AM | Attr =	]

(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 11:51:58 AM | Attr =	]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 11000 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr =	]

(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/1/2008 1:07:44 AM | Attr =	]

(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/1/2008 1:07:50 AM | Attr =	]

(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/1/2008 1:07:51 AM | Attr =	]

(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr =	]

(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/1/2008 11:24:39 AM | Attr =	]

(AWINDIS5) AWINDIS5 Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\AWINDIS5.SYS -> AMBIT Microsystems Corporation. [Ver = 5.00.13.50 | Size = 16194 bytes | Modified Date = 4/11/2002 4:43:44 PM | Attr =	]

(BASFND) BASFND [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\BASFND.sys -> Broadcom Corporation [Ver = 6.0.0.0 | Size = 6025 bytes | Modified Date = 4/24/2003 2:21:50 PM | Attr =	]

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.60.0.0 built by: WinDDK | Size = 43136 bytes | Modified Date = 6/2/2003 6:02:42 AM | Attr =	]

(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr =	]

(BOCDRIVE) BOClean Kernel Monitor. [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Comodo\CBOClean\BOCDRIVE.sys -> File not found

(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\BVRPMPR5.SYS -> BVRP Software [Ver = 1.00.00.01 | Size = 44224 bytes | Modified Date = 9/16/2005 9:46:30 AM | Attr = R  ]

(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 11:51:54 AM | Attr =	]

(core) core [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\core.sys ->  [Ver =  | Size = 80640 bytes | Modified Date = 12/13/2007 11:50:00 PM | Attr =	]

(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:17 PM | Attr =	]

(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:16 PM | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr =	]

(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.78d | Size = 86160 bytes | Modified Date = 2/13/2004 1:21:00 AM | Attr =	]

(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\drvnddm.sys -> Sonic Solutions [Ver = 2.56.42a | Size = 40480 bytes | Modified Date = 2/27/2004 12:56:00 AM | Attr =	]

(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 10:11:06 AM | Attr =	]

(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 1, 0 | Size = 25160 bytes | Modified Date = 8/7/2007 12:48:33 PM | Attr =	]

(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 1 | Size = 11984 bytes | Modified Date = 2/15/2007 5:56:49 PM | Attr =	]

(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =	]

(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 3/7/2005 9:52:26 PM | Attr = R  ]

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 3/7/2005 9:52:27 PM | Attr = R  ]

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 3/7/2005 9:52:28 PM | Attr = R  ]

(i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 161020 bytes | Modified Date = 8/3/2004 10:29:36 PM | Attr =	]

(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12415 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr =	]

(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12127 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr =	]

(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11775 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr =	]

(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12063 bytes | Modified Date = 8/3/2004 10:29:47 PM | Attr =	]

(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19455 bytes | Modified Date = 8/3/2004 10:29:49 PM | Attr =	]

(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 29311 bytes | Modified Date = 8/3/2004 10:29:41 PM | Attr =	]

(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19551 bytes | Modified Date = 8/3/2004 10:29:42 PM | Attr =	]

(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found

(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 33599 bytes | Modified Date = 8/3/2004 10:29:43 PM | Attr =	]

(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 23615 bytes | Modified Date = 8/3/2004 10:29:45 PM | Attr =	]

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 4/29/2006 9:02:44 PM | Attr =	]

(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 5/8/2006 6:44:38 PM | Attr =	]

(MR97310_USB_DUAL_CAMERA) MR97310 CIF Dual Mode Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\mr97310c.sys -> Mars Semiconductor Corp. [Ver = v1.29 | Size = 129875 bytes | Modified Date = 12/13/2002 1:06:40 AM | Attr = R  ]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 11:52:12 AM | Attr =	]

(NETGEAR_WG511_SERVICE) NETGEAR WG511T Wireless Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\wg511nd5.sys -> Atheros Communications, Inc. [Ver = 3.3.0.156 | Size = 395840 bytes | Modified Date = 8/13/2004 3:37:06 PM | Attr =	]

(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.4586 | Size = 1378636 bytes | Modified Date = 1/8/2004 1:26:00 PM | Attr =	]

(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 2/13/2004 8:46:00 AM | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(Pcouffin) VSO Software pcouffin [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 12/26/2007 7:24:56 PM | Attr =	]

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.27a | Size = 20576 bytes | Modified Date = 1/26/2005 1:03:00 AM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr =	]

(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr =	]

(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 11:52:18 AM | Attr =	]

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:42 PM | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr =	]

(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.84a | Size = 5621 bytes | Modified Date = 1/14/2004 5:18:16 PM | Attr =	]

(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ssrtln.sys -> Sonic Solutions [Ver = 1.10.84a | Size = 23219 bytes | Modified Date = 1/14/2004 5:18:04 PM | Attr =	]

(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\stac97.sys -> SigmaTel, Inc. [Ver = 5.10.3913 | Size = 258704 bytes | Modified Date = 5/12/2004 6:30:14 PM | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 12:07:34 PM | Attr =	]

(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 12:07:36 PM | Attr =	]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 12:07:40 PM | Attr =	]

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 12:07:42 PM | Attr =	]

(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SynTP.sys -> Synaptics, Inc. [Ver = 7.10.8 22Apr04 | Size = 182688 bytes | Modified Date = 4/22/2004 2:18:48 PM | Attr =	]

(tffsport) M-Systems DiskOnChip 2000 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\tffsport.sys -> M-Systems [Ver = 5.02 | Size = 149376 bytes | Modified Date = 8/3/2004 11:00:04 PM | Attr =	]

(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.07b | Size = 25685 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.07b | Size = 34837 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.07b | Size = 4117 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.07b | Size = 2233 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.07b | Size = 85972 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.07b | Size = 14229 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.07b | Size = 6357 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.07b | Size = 98580 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.07b | Size = 100597 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 8/1/2007 10:47:26 PM | Attr =	]

(TnIDriver) TnIDriver [Kernel | On_Demand | Stopped] -> %UserProfile%\Local Settings\Temp\tni4BB.tmp ->  [Ver =  | Size = 89600 bytes | Modified Date = 12/13/2007 11:49:54 PM | Attr =	]

(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 11:52:22 AM | Attr =	]

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wanatw4.sys -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 2:25:42 AM | Attr =	]

AS00_Gear511 -> %ProgramFiles%\NETGEAR\WG511SCU\Utility\Gear511.exe ->   [Ver = 2, 39, 26, 4 | Size = 475136 bytes | Modified Date = 12/3/2004 2:05:02 PM | Attr =	]

AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/1/2008 11:24:37 AM | Attr =	]

BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr =	]

Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe ->  [Ver = 1, 0, 0, 1 | Size = 487424 bytes | Modified Date = 3/4/2004 6:59:30 PM | Attr =	]

dla -> %SystemRoot%\SYSTEM32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.07b | Size = 122933 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 4/11/2004 9:43:44 AM | Attr =	]

DVDTray -> %ProgramFiles%\Ahead\ODD Toolkit\dvdtray.exe -> Hewlett-Packard Company [Ver = 2.0 | Size = 65536 bytes | Modified Date = 9/3/2004 1:58:48 AM | Attr =	]

HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/11/2005 10:12:54 PM | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.3.2.6 | Size = 271672 bytes | Modified Date = 8/15/2007 7:15:24 PM | Attr =	]

NeroFilterCheck -> %SystemRoot%\SYSTEM32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 10:50:42 AM | Attr =	]

nwiz -> %SystemRoot%\SYSTEM32\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.4586 | Size = 323584 bytes | Modified Date = 1/8/2004 1:26:00 PM | Attr =	]

PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611  | Size = 290816 bytes | Modified Date = 4/11/2004 6:15:14 PM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 11/19/2003 3:48:14 PM | Attr =	]

SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.10.8 22Apr04 | Size = 98304 bytes | Modified Date = 4/22/2004 2:23:44 PM | Attr =	]

UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/18/2003 11:01:00 PM | Attr =	]

WinampAgent -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 33792 bytes | Modified Date = 12/12/2003 5:50:34 PM | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

NetZero_uoltray -> %ProgramFiles%\NetZero\exec.exe -> NetZero [Ver = 4, 3, 0, 0 | Size = 776704 bytes | Modified Date = 11/10/2005 5:57:32 PM | Attr =	]

swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/18/2007 10:16:07 PM | Attr =	]

TivoNotify -> %ProgramFiles%\TiVo\Desktop\TiVoNotify.exe -> TiVo Inc. [Ver = 1.1 | Size = 384000 bytes | Modified Date = 9/25/2007 10:34:16 AM | Attr =	]

TivoServer -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe -> TiVo Inc. [Ver = 1.4 | Size = 1495040 bytes | Modified Date = 9/25/2007 10:35:44 AM | Attr =	]

TivoTransfer -> %CommonProgramFiles%\TiVo Shared\Transfer\TiVoTransfer.exe -> TiVo Inc. [Ver = 1.3 | Size = 1195008 bytes | Modified Date = 9/25/2007 10:33:52 AM | Attr =	]

updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R  ]

< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 

untd_recovery -> %ProgramFiles%\NetZero\qsacc\x1exec.exe -> NetZero, Inc. [Ver = 3.6.00 | Size = 241664 bytes | Modified Date = 6/27/2005 3:36:06 PM | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 1/4/2008 11:05:05 PM | Attr =	]

< Dane Startup Folder > -> C:\Documents and Settings\Dane\Start Menu\Programs\Startup -> 

%UserProfile%\Start Menu\Programs\Startup\Yahoo! Widgets.lnk -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgets.exe -> Yahoo! Inc. [Ver = 4.5.1 | Size = 3746856 bytes | Modified Date = 12/11/2007 3:34:48 PM | Attr =	]

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 5:29:58 AM | Attr =	]

{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urqqpno.dll [] -> File not found

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

urqqpno -> urqqpno.dll -> File not found

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 

< HOSTS File > (726 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://my.netzero.net/s/sp -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://my.netzero.net/s/sp -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr =	]

{497A714D-B0C0-4B0B-A9F3-43552097A703} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\yabaw.dll [Reg Error: Value  does not exist or could not be read.] -> File not found

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 1:03:00 AM | Attr =	]

{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.07b | Size = 118836 bytes | Modified Date = 3/14/2004 11:04:00 PM | Attr =	]

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 5, 0, 1112, 3348 | Size = 3253368 bytes | Modified Date = 1/6/2008 3:16:02 PM | Attr = R  ]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 914, 9778 | Size = 724152 bytes | Modified Date = 1/6/2008 3:16:04 PM | Attr =	]

{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urqqpno.dll [Reg Error: Value  does not exist or could not be read.] -> File not found

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 5, 0, 1112, 3348 | Size = 3253368 bytes | Modified Date = 1/6/2008 3:16:02 PM | Attr = R  ]

SITEguard [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 5, 0, 1112, 3348 | Size = 3253368 bytes | Modified Date = 1/6/2008 3:16:02 PM | Attr = R  ]

WebBrowser\\{70DE7956-479D-4EB7-8641-2B45774C350E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] ->  [Ver = 2, 0, 0, 1 | Size = 292304 bytes | Modified Date = 12/1/2005 4:10:54 PM | Attr =	]

WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] ->  [Ver = 2, 0, 0, 1 | Size = 292304 bytes | Modified Date = 12/1/2005 4:10:54 PM | Attr =	]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found

{669B269B-0D4E-41FB-A3D8-FD67CA94F646}:Exec ->  [ComcastHSI] -> File not found

{8828075D-D097-4055-AA02-2DBFA9D85E8A}:Exec ->  [Support] -> File not found

{97809617-3937-4F84-B335-9BB05EF1A8D4}:Exec ->  [Help] -> File not found

{d81ca86b-ef63-42af-bee3-4502d9a03c2d}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [MUSICMATCH MX Web Player] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} [HKEY_LOCAL_MACHINE] ->  [ComcastHSI] -> File not found

CmdMapping\\{8828075D-D097-4055-AA02-2DBFA9D85E8A} [HKEY_LOCAL_MACHINE] ->  [Support] -> File not found

CmdMapping\\{97809617-3937-4F84-B335-9BB05EF1A8D4} [HKEY_LOCAL_MACHINE] ->  [Help] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

Display All Images with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll -> NetZero, Inc. [Ver = 3.6.00 | Size = 368128 bytes | Modified Date = 6/27/2005 3:38:16 PM | Attr =	]

Display Image with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll -> NetZero, Inc. [Ver = 3.6.00 | Size = 368128 bytes | Modified Date = 6/27/2005 3:38:16 PM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

Extension\.thp -> %ProgramFiles%\Internet Explorer\Plugins\NPLM32.DLL [LiveMath Plugin] -> File not found

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{1A14EC30-7B0A-4320-A11A-2538D0B689E8} ->	(NETGEAR 108 Mbps Wireless PC Card WG511T) -> 

{3C0A6997-5498-44F5-B24E-0B554291B70D} ->	() -> 

{A7607E8B-E343-4D2A-8D9D-96377BC6DA60} ->	(Broadcom 440x 10/100 Integrated Controller) -> 

{CD886A27-2E77-4C11-830C-430A7C76945C} ->	(1394 Net Adapter) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] -> 

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 

{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] -> 

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 

{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab[Windows Live Safety Center Base Module] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab[Java Plug-in 1.4.2_03] -> 

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[Reg Error: Key does not exist or could not be opened.] -> 

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab[Java Plug-in 1.4.2_03] -> 

{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}[HKEY_LOCAL_MACHINE] -> http://www.live365.com/players/play365.cab[Live365Player Class] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab[CTAdjust Class] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:43 AM | Attr =	]

C:\WINDOWS\system32\yabaw.dll -> %SystemRoot%\system32\yabaw.dll -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr =	]

msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:43 AM | Attr =	]

schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:15 AM | Attr =	]

wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 9:37:50 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 608 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 18358 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.12.1053 | Size = 204845 bytes | Modified Date = 10/24/2004 1:13:27 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe -> C:\Program Files\Ares\Ares.exe [C:\Program Files\Ares\Ares.exe:*:Disabled:Ares] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares Lite Edition\Ares.exe -> C:\Program Files\Ares Lite Edition\Ares.exe [C:\Program Files\Ares Lite Edition\Ares.exe:*:Disabled:Ares] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 3:59:52 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\support.com\bin\tgcmd.exe -> C:\Program Files\support.com\bin\tgcmd.exe [C:\Program Files\support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Comcast Rhapsody\rhapsody.exe -> C:\Program Files\Comcast Rhapsody\rhapsody.exe [C:\Program Files\Comcast Rhapsody\rhapsody.exe:*:Enabled:Rhapsody] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\LEXPPS.EXE -> C:\WINDOWS\SYSTEM32\LEXPPS.EXE [C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\HP Software Update\HPWUCli.exe -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client] -> Hewlett-Packard [Ver = 3, 0, 4, 2 | Size = 565248 bytes | Modified Date = 2/15/2005 9:36:40 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\setup\HPZnet01.exe -> D:\setup\HPZnet01.exe [D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\setup\HPONICIFS01.EXE -> D:\setup\HPONICIFS01.EXE [D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/11/2005 10:23:26 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 5/11/2005 11:40:38 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 225280 bytes | Modified Date = 6/3/2005 8:50:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 40960 bytes | Modified Date = 6/3/2005 8:50:14 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 81920 bytes | Modified Date = 6/3/2005 8:45:46 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] ->  [Ver = 3, 2, 0,940 | Size = 200704 bytes | Modified Date = 5/10/2005 8:50:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 5.1.0.940 | Size = 1081344 bytes | Modified Date = 5/10/2005 8:07:26 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 172032 bytes | Modified Date = 6/3/2005 9:12:34 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 2.4 | Size = 151635 bytes | Modified Date = 5/10/2005 8:34:02 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 458752 bytes | Modified Date = 6/3/2005 8:51:06 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] ->  [Ver = 5.0.0.247 | Size = 417792 bytes | Modified Date = 3/15/2005 2:12:10 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] ->   [Ver = 5.0.0.247 | Size = 704512 bytes | Modified Date = 3/15/2005 2:17:50 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 57344 bytes | Modified Date = 6/3/2005 9:06:04 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\spoolsv.exe -> C:\WINDOWS\SYSTEM32\spoolsv.exe [C:\WINDOWS\SYSTEM32\spoolsv.exe:*:Enabled:Spooler SubSystem App] -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 4:53:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.3.2.6 | Size = 15333688 bytes | Modified Date = 8/15/2007 7:15:18 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -> C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service] -> TiVo Inc. [Ver = 1.5 | Size = 867328 bytes | Modified Date = 9/25/2007 10:33:18 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe -> C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service] -> TiVo Inc. [Ver = 1.3 | Size = 1195008 bytes | Modified Date = 9/25/2007 10:33:52 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TiVo\Desktop\TiVoServer.exe -> C:\Program Files\TiVo\Desktop\TiVoServer.exe [C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service] -> TiVo Inc. [Ver = 1.4 | Size = 1495040 bytes | Modified Date = 9/25/2007 10:35:44 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TiVo\Desktop\TiVoDesktop.exe -> C:\Program Files\TiVo\Desktop\TiVoDesktop.exe [C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface] -> TiVo Inc. [Ver = 2.4 | Size = 2114048 bytes | Modified Date = 9/25/2007 10:37:32 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 2/1/2008 11:24:37 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/1/2008 1:07:28 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/1/2008 11:24:37 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5353:UDP -> 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7288:TCP -> 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7288 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7289:TCP -> 7289:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7289 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7290:TCP -> 7290:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7290 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7291:TCP -> 7291:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7291 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7292:TCP -> 7292:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7292 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7293:TCP -> 7293:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7293 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7294:TCP -> 7294:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7294 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7295:TCP -> 7295:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7295 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7296:TCP -> 7296:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7296 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7297:TCP -> 7297:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7297 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{3366F8BE-D76A-4AC5-AF65-92ECD0FFE5FF} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{CAF51213-8946-4BEA-A91B-8FA5C0E33BFD} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 2/7/2008 10:43:37 PM | Attr = RH ]

avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/1/2008 1:07:44 AM | Attr =	]

avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/1/2008 1:07:50 AM | Attr =	]

avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/1/2008 1:07:51 AM | Attr =	]

AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr =	]

avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/1/2008 11:24:39 AM | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/1/2008 11:24:32 AM | Attr =	]

tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 8/1/2007 10:47:26 PM | Attr =	]

ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 2/7/2008 7:35:58 PM | Attr =	]

2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr =	]

Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/7/2008 7:36:03 PM | Attr =	]

jpicpl32.cpl -> %SystemRoot%\System32\jpicpl32.cpl -> Sun Microsystems [Ver = 1, 4, 2, 30 | Size = 61555 bytes | Modified Date = 11/19/2003 3:48:12 PM | Attr =	]

pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/7/2008 7:36:02 PM | Attr =	]

Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/7/2008 7:36:03 PM | Attr =	]

ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Modified Date = 3/25/2003 6:53:50 PM | Attr =	]

LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 2/13/2008 7:29:20 PM | Attr =	]

3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Created Date = 2/13/2008 1:03:17 PM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/6/2008 1:31:18 AM | Attr =	]

AVG7 -> %AppData%\AVG7 ->  [Folder | Created Date = 2/1/2008 1:08:13 AM | Attr =	]

Grisoft -> %AppData%\Grisoft ->  [Folder | Created Date = 1/25/2008 11:47:13 PM | Attr =	]

?icrosoft.NET -> %AppData%\Мicrosoft.NET ->  [Folder | Modified Date = 12/14/2007 8:19:16 PM | Attr =	]

AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk ->  [Ver =  | Size = 1532 bytes | Modified Date = 2/1/2008 1:07:53 AM | Attr =	]

AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 849 bytes | Modified Date = 1/25/2008 11:46:53 PM | Attr =	]

Java Web Start.lnk -> %AllUsersProfile%\Desktop\Java Web Start.lnk ->  [Ver =  | Size = 1684 bytes | Modified Date = 2/7/2008 7:51:10 PM | Attr =	]

ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/14/2008 12:10:23 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier

avgas-setup-7.5.1.43-3339.exe -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe ->  [Ver =  | Size = 14113576 bytes | Modified Date = 1/25/2008 11:45:25 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe:Zone.Identifier

backup -> %UserProfile%\Desktop\backup ->  [Folder | Created Date = 1/23/2008 11:11:48 PM | Attr =	]

Coupon.pdf -> %UserProfile%\Desktop\Coupon.pdf ->  [Ver =  | Size = 44703 bytes | Modified Date = 2/17/2008 10:54:51 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Coupon.pdf:Zone.Identifier

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/7/2008 10:12:55 PM | Attr =	]

kngdom -> %UserProfile%\Desktop\kngdom ->  [Folder | Created Date = 2/8/2008 9:38:14 PM | Attr =	]

popups -> %UserProfile%\Desktop\popups ->  [Folder | Created Date = 2/5/2008 11:11:09 PM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/18/2008 1:29:54 AM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480802 bytes | Modified Date = 2/18/2008 1:29:09 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier



[Files/Folders - Modified Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 2/7/2008 10:43:46 PM | Attr = RH ]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/7/2008 7:59:13 PM | Attr =  H ]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 536264704 bytes | Modified Date = 2/18/2008 12:24:05 AM | Attr =  HS]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/7/2008 10:12:55 PM | Attr = R  ]

RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2/1/2008 11:14:29 PM | Attr =  HS]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/17/2008 10:25:43 PM | Attr =	]

avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/1/2008 1:07:44 AM | Attr =	]

avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/1/2008 1:07:50 AM | Attr =	]

avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/1/2008 1:07:51 AM | Attr =	]

avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/1/2008 11:24:39 AM | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/1/2008 11:24:32 AM | Attr =	]

ETC -> %SystemRoot%\System32\drivers\ETC ->  [Folder | Modified Date = 2/7/2008 9:48:05 PM | Attr =	]

abc2 -> %SystemRoot%\System32\abc2 ->  [Folder | Modified Date = 1/27/2008 12:22:14 AM | Attr =	]

2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 2/7/2008 7:44:40 PM | Attr =	]

CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/17/2008 10:25:57 PM | Attr =	]

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/17/2008 10:26:28 PM | Attr =	]

DRIVERS -> %SystemRoot%\System32\DRIVERS ->  [Folder | Modified Date = 2/7/2008 9:36:10 PM | Attr =	]

Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/7/2008 7:36:03 PM | Attr =	]

nvModes.001 -> %SystemRoot%\System32\nvModes.001 ->  [Ver =  | Size = 16874 bytes | Modified Date = 2/18/2008 12:24:52 AM | Attr =	]

nvModes.dat -> %SystemRoot%\System32\nvModes.dat ->  [Ver =  | Size = 16874 bytes | Modified Date = 2/1/2008 10:50:31 PM | Attr =	]

pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/7/2008 7:36:02 PM | Attr =	]

Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/7/2008 7:36:03 PM | Attr =	]

WPA.DBL -> %SystemRoot%\System32\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 2/18/2008 12:26:51 AM | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 1:03:56 PM | Attr =  H ]

3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/18/2008 12:24:24 AM | Attr =   S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/7/2008 8:05:52 PM | Attr =   S]

INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 2/17/2008 10:26:29 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/7/2008 7:59:16 PM | Attr =  HS]

LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 2/13/2008 7:29:22 PM | Attr =	]

LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Modified Date = 2/13/2008 1:03:17 PM | Attr =	]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 2/7/2008 11:27:03 PM | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/18/2008 1:30:46 AM | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/18/2008 12:27:20 AM | Attr =  H ]

SYSTEM -> %SystemRoot%\SYSTEM ->  [Folder | Modified Date = 2/1/2008 1:06:34 AM | Attr =	]

SYSTEM32 -> %SystemRoot%\SYSTEM32 ->  [Folder | Modified Date = 2/17/2008 11:05:49 PM | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/17/2008 11:05:49 PM | Attr =	]

WIN.INI -> %SystemRoot%\WIN.INI ->  [Ver =  | Size = 697 bytes | Modified Date = 2/7/2008 7:44:47 PM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 353 bytes | Modified Date = 2/1/2008 5:30:21 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/18/2008 12:24:38 AM | Attr =  H ]

hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 257866 bytes | Modified Date = 9/16/2004 11:59:51 PM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5502 bytes | Modified Date = 2/18/2008 12:25:44 AM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5502 bytes | Modified Date = 2/18/2008 12:25:44 AM | Attr =	]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11742 bytes | Modified Date = 1/31/2006 11:53:44 PM | Attr =	]

jre-6u3-windows-i586-p-iftw_2cd32978.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 382352 bytes | Modified Date = 9/25/2007 3:42:01 PM | Attr =	]

snapsnet.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\snapsnet.exe ->  [Ver =  | Size = 111764 bytes | Modified Date = 12/13/2007 11:52:07 PM | Attr =	]

vmgrremok.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\vmgrremok.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 98380 bytes | Modified Date = 1/4/2007 2:38:06 PM | Attr =	]

vmpremov.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\vmpremov.exe -> Viewpoint Corporation [Ver = 3, 5, 0, 16 | Size = 98304 bytes | Modified Date = 1/18/2007 7:53:06 AM | Attr =	]

winvsnet.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\winvsnet.exe ->  [Ver =  | Size = 299040 bytes | Modified Date = 12/13/2007 11:47:30 PM | Attr =	]

ywe_setup.2007.12.11.01.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\ywe_setup.2007.12.11.01.exe -> Yahoo! Inc. [Ver = 2007.12.11.01 | Size = 7796536 bytes | Modified Date = 1/6/2008 4:47:07 PM | Attr =	]

1829 C:\Documents and Settings\Dane\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dane\Local Settings\Temp\*.tmp -> 

auto_run.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\HPIZBackup\auto_run.exe -> Hewlett-Packard [Ver = 1, 0, 0, 9 | Size = 24576 bytes | Modified Date = 5/11/2005 11:40:02 PM | Attr =	]

auto_run.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\HPIZBackup\HP Image Zone Backups\auto_run.exe -> Hewlett-Packard [Ver = 1, 0, 0, 9 | Size = 24576 bytes | Modified Date = 5/11/2005 11:40:02 PM | Attr =	]

ie6wzd.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\IXP000.TMP\ie6wzd.exe -> Microsoft Corporation [Ver = 6.00.2800.1411 | Size = 193024 bytes | Modified Date = 3/17/2004 1:26:26 PM | Attr =	]

UNNeroVision.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\nro.tmp\UNNeroVision.exe -> Nero AG [Ver = 1, 2, 3, 96 | Size = 2977792 bytes | Modified Date = 7/29/2005 8:12:45 AM | Attr =	]

UNNMP.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\nro.tmp\UNNMP.exe -> Nero AG [Ver = 1, 2, 3, 70 | Size = 2920448 bytes | Modified Date = 5/23/2005 7:34:10 AM | Attr =	]

SZSetup.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\STOPzilla!\SZSetup.exe -> iS3, Inc. [Ver = 4, 4, 9, 0 | Size = 292024 bytes | Modified Date = 12/14/2007 8:48:46 PM | Attr =	]

migload.exe -> C:\Documents and Settings\Dane\Local Settings\Temp\usmt\migload.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 98816 bytes | Modified Date = 8/17/2001 10:36:48 PM | Attr =	]

InstHelp.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\InstHelp.dll ->  [Ver =  | Size = 57344 bytes | Modified Date = 10/12/2004 10:14:18 AM | Attr =	]

1829 C:\Documents and Settings\Dane\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dane\Local Settings\Temp\*.tmp -> 

isxdl.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\is-NA28S.tmp\isxdl.dll -> Bjørnar Henden [Ver = 5, 1, 0, 0 | Size = 59392 bytes | Modified Date = 3/11/2005 7:42:14 PM | Attr =	]

_shfoldr.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\is-NA28S.tmp\_shfoldr.dll -> Microsoft Corporation [Ver = 5.50.4807.2300 | Size = 23312 bytes | Modified Date = 5/16/2007 7:52:28 PM | Attr =	]

AdvrCntr2.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\nro.tmp\AdvrCntr2.dll -> Nero AG [Ver = 3,15,7, 7000 | Size = 2904064 bytes | Modified Date = 7/14/2006 7:51:04 PM | Attr =	]

System.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\nsi4BD.tmp\System.dll ->  [Ver =  | Size = 9216 bytes | Modified Date = 12/13/2007 11:49:56 PM | Attr =	]

InstallOptions.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\nsu2AD.tmp\InstallOptions.dll ->  [Ver =  | Size = 12288 bytes | Modified Date = 11/27/2006 6:35:29 AM | Attr =	]

StartMenu.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\nsu2AD.tmp\StartMenu.dll ->  [Ver =  | Size = 6656 bytes | Modified Date = 11/27/2006 6:35:36 AM | Attr =	]

System.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\nsu2AD.tmp\System.dll ->  [Ver =  | Size = 9216 bytes | Modified Date = 11/27/2006 6:35:29 AM | Attr =	]

InstallOptions.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\nsw32.tmp\InstallOptions.dll ->  [Ver =  | Size = 12288 bytes | Modified Date = 11/27/2006 4:40:11 PM | Attr =	]

System.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\nsw32.tmp\System.dll ->  [Ver =  | Size = 9216 bytes | Modified Date = 11/27/2006 4:40:11 PM | Attr =	]

InstallOptions.dll -> C:\Documents and Settings\Dane\Local Settings\Temp\nsy35.tmp\InstallOptions.dll ->  [Ver =  | Size = 12288 bytes | Modified Date = 11/27/2006 4:40:54 PM | Attr =	]

Perflib_Perfdata_14c.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_14c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/21/2007 9:19:22 PM | Attr =	]

Perflib_Perfdata_150.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_150.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/8/2007 6:25:46 PM | Attr =	]

Perflib_Perfdata_3b8.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_3b8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/4/2007 8:05:54 PM | Attr =	]

Perflib_Perfdata_4ac.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_4ac.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/17/2007 6:58:16 PM | Attr =	]

Perflib_Perfdata_6fc.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_6fc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/5/2006 9:01:17 PM | Attr =	]

Perflib_Perfdata_75c.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_75c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/11/2007 8:56:15 PM | Attr =	]

Perflib_Perfdata_980.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_980.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/10/2007 6:21:45 PM | Attr =	]

Perflib_Perfdata_a2c.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_a2c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/26/2007 6:09:11 PM | Attr =	]

Perflib_Perfdata_b3c.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_b3c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/18/2008 12:27:58 AM | Attr =	]

Perflib_Perfdata_c98.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_c98.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/18/2008 12:28:16 AM | Attr =	]

Perflib_Perfdata_cc8.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_cc8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/6/2007 1:51:05 PM | Attr =	]

Perflib_Perfdata_cf8.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_cf8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/13/2007 8:33:05 PM | Attr =	]

Perflib_Perfdata_d0c.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_d0c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/26/2007 6:09:57 PM | Attr =	]

Perflib_Perfdata_d3c.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_d3c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/16/2007 3:10:38 PM | Attr =	]

Perflib_Perfdata_d40.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_d40.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/31/2007 5:18:44 PM | Attr =	]

Perflib_Perfdata_e34.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_e34.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/21/2007 9:17:34 PM | Attr =	]

Perflib_Perfdata_e68.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_e68.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/13/2007 11:53:19 PM | Attr =	]

Perflib_Perfdata_e74.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_e74.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/1/2006 3:17:54 PM | Attr =	]

Perflib_Perfdata_ed0.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_ed0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/8/2007 6:25:08 PM | Attr =	]

Perflib_Perfdata_f38.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_f38.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/2/2007 2:31:34 PM | Attr =	]

Perflib_Perfdata_f44.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_f44.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/16/2007 3:11:40 PM | Attr =	]

Perflib_Perfdata_f84.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Perflib_Perfdata_f84.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/13/2007 8:33:51 PM | Attr =	]

1829 C:\Documents and Settings\Dane\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dane\Local Settings\Temp\*.tmp -> 

index.dat -> C:\Documents and Settings\Dane\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 163840 bytes | Modified Date = 10/6/2006 2:26:16 AM | Attr =	]

Manifest.ini -> C:\Documents and Settings\Dane\Local Settings\Temp\Manifest.ini ->  [Ver =  | Size = 396 bytes | Modified Date = 3/20/2007 1:43:27 AM | Attr =	]

1829 C:\Documents and Settings\Dane\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dane\Local Settings\Temp\*.tmp -> 

ioSpecial.ini -> C:\Documents and Settings\Dane\Local Settings\Temp\nsu2AD.tmp\ioSpecial.ini ->  [Ver =  | Size = 861 bytes | Modified Date = 11/27/2006 6:35:51 AM | Attr =	]

ioSpecial.ini -> C:\Documents and Settings\Dane\Local Settings\Temp\nsw32.tmp\ioSpecial.ini ->  [Ver =  | Size = 688 bytes | Modified Date = 11/27/2006 4:40:15 PM | Attr =	]

ioSpecial.ini -> C:\Documents and Settings\Dane\Local Settings\Temp\nsy35.tmp\ioSpecial.ini ->  [Ver =  | Size = 511 bytes | Modified Date = 11/27/2006 4:41:02 PM | Attr =	]

desktop.ini -> C:\Documents and Settings\Dane\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/5/2006 11:44:55 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dane\Local Settings\Temp\Temporary Internet Files\Content.IE5\1TOH0CC2\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/5/2006 11:44:55 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dane\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPHQ8OL8\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/5/2006 11:44:55 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dane\Local Settings\Temp\Temporary Internet Files\Content.IE5\NBS5RVE1\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/5/2006 11:44:55 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dane\Local Settings\Temp\Temporary Internet Files\Content.IE5\QEGGILBT\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/5/2006 11:44:55 PM | Attr =  HS]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

.zreglib -> %AllUsersProfile%\Application Data\.zreglib ->  [Ver =  | Size = 43 bytes | Modified Date = 2/8/2008 6:17:21 PM | Attr =  HS]

Avg7 -> %AllUsersProfile%\Application Data\Avg7 ->  [Folder | Modified Date = 2/1/2008 12:39:13 PM | Attr =	]

Google Updater -> %AllUsersProfile%\Application Data\Google Updater ->  [Folder | Modified Date = 2/17/2008 10:30:53 PM | Attr =	]

Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 1/25/2008 11:46:42 PM | Attr =	]

Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/6/2008 1:31:50 AM | Attr =	]

Viewpoint -> %AllUsersProfile%\Application Data\Viewpoint ->  [Folder | Modified Date = 2/8/2008 1:40:47 AM | Attr =	]

AVG7 -> %AppData%\AVG7 ->  [Folder | Modified Date = 2/1/2008 12:39:08 PM | Attr =	]

Grisoft -> %AppData%\Grisoft ->  [Folder | Modified Date = 1/25/2008 11:47:13 PM | Attr =	]

U3 -> %AppData%\U3 ->  [Folder | Modified Date = 2/1/2008 5:56:59 PM | Attr =	]

?icrosoft.NET -> %AppData%\Мicrosoft.NET ->  [Folder | Modified Date = 12/14/2007 8:19:16 PM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 1580094 bytes | Modified Date = 1/20/2008 1:43:03 AM | Attr =  H ]

Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 1/25/2008 10:49:11 PM | Attr =	]

TiVo Desktop -> %UserProfile%\Local Settings\Application Data\TiVo Desktop ->  [Folder | Modified Date = 1/29/2008 7:25:02 PM | Attr =	]

AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk ->  [Ver =  | Size = 1532 bytes | Modified Date = 2/1/2008 1:07:53 AM | Attr =	]

AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 849 bytes | Modified Date = 1/25/2008 11:46:53 PM | Attr =	]

CloneDVD2.lnk -> %AllUsersProfile%\Desktop\CloneDVD2.lnk ->  [Ver =  | Size = 852 bytes | Modified Date = 1/23/2008 10:15:20 PM | Attr =	]

Java Web Start.lnk -> %AllUsersProfile%\Desktop\Java Web Start.lnk ->  [Ver =  | Size = 1684 bytes | Modified Date = 2/7/2008 7:51:10 PM | Attr =	]

ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/14/2008 12:10:23 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier

avgas-setup-7.5.1.43-3339.exe -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe ->  [Ver =  | Size = 14113576 bytes | Modified Date = 1/25/2008 11:45:25 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe:Zone.Identifier

backup -> %UserProfile%\Desktop\backup ->  [Folder | Modified Date = 1/23/2008 11:11:56 PM | Attr =	]

Coupon.pdf -> %UserProfile%\Desktop\Coupon.pdf ->  [Ver =  | Size = 44703 bytes | Modified Date = 2/17/2008 10:54:51 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Coupon.pdf:Zone.Identifier

DVDFab HD Decrypter 4.lnk -> %UserProfile%\Desktop\DVDFab HD Decrypter 4.lnk ->  [Ver =  | Size = 740 bytes | Modified Date = 1/23/2008 9:40:25 PM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/7/2008 10:12:55 PM | Attr =	]

ill traks -> %UserProfile%\Desktop\ill traks ->  [Folder | Modified Date = 2/1/2008 11:30:44 PM | Attr =	]

kngdom -> %UserProfile%\Desktop\kngdom ->  [Folder | Modified Date = 2/8/2008 9:39:08 PM | Attr =	]

popups -> %UserProfile%\Desktop\popups ->  [Folder | Modified Date = 2/7/2008 10:12:31 PM | Attr =	]

taxes -> %UserProfile%\Desktop\taxes ->  [Folder | Modified Date = 1/25/2008 6:21:10 PM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/18/2008 1:29:54 AM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480802 bytes | Modified Date = 2/18/2008 1:29:09 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/6/2008 1:30:26 AM | Attr =	]



< End of report >


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:10 AM

Posted 18 February 2008 - 10:40 AM

Hi dane420. Ok, let's see if we can't get rid of this thing. First, copy these directions into Notepad and save them on your desktop. We will be booting to Safe Mode and you will need this information and the ability to copy/paste some of it during the fix.

Now please follow these steps in order:

Step #1

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #2

Now we will need to disable the driver for this thing. Please do the following:
  • Click Start, click Control Panel, click Performance and Maintenance, and then click System.
  • On the Hardware tab, click Device Manager.
  • Click the View menu and if there is no checkmark in front of Show hidden devices then click on it to activate it.
  • Scroll down the list of devices and double-click Non-Plug and Play Drivers.
  • Locate the core device and right click it and then click the Properties option.
  • Click the Driver] tab.
  • In the Startup section select Disable from the drop-down list.
  • Click General tab.
  • In the Device Usage drop-down list select Do not use this device (disable).
  • Click the Ok button and you should be prompted to reboot. CHOOSE NO OR CANCEL AT THIS TIME.
  • Repeat the above steps to locate and disable the device: TnIDriver
  • When it ask you to reboot this time, choose Yes and reboot normally.
Step #3

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (core) core [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\core.sys
YY -> (TnIDriver) TnIDriver [Kernel | On_Demand | Stopped] -> %UserProfile%\Local Settings\Temp\tni4BB.tmp
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urqqpno.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> urqqpno -> urqqpno.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {497A714D-B0C0-4B0B-A9F3-43552097A703} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\yabaw.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urqqpno.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> SITEguard [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{70DE7956-479D-4EB7-8641-2B45774C350E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\yabaw.dll -> %SystemRoot%\system32\yabaw.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe -> C:\Program Files\Ares\Ares.exe [C:\Program Files\Ares\Ares.exe:*:Disabled:Ares]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares Lite Edition\Ares.exe -> C:\Program Files\Ares Lite Edition\Ares.exe [C:\Program Files\Ares Lite Edition\Ares.exe:*:Disabled:Ares]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\support.com\bin\tgcmd.exe -> C:\Program Files\support.com\bin\tgcmd.exe [C:\Program Files\support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Comcast Rhapsody\rhapsody.exe -> C:\Program Files\Comcast Rhapsody\rhapsody.exe [C:\Program Files\Comcast Rhapsody\rhapsody.exe:*:Enabled:Rhapsody]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\LEXPPS.EXE -> C:\WINDOWS\SYSTEM32\LEXPPS.EXE [C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\setup\HPZnet01.exe -> D:\setup\HPZnet01.exe [D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\setup\HPONICIFS01.EXE -> D:\setup\HPONICIFS01.EXE [D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ?icrosoft.NET -> %AppData%\Мicrosoft.NET
[Files/Folders - Modified Within 30 days]
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> ?icrosoft.NET -> %AppData%\Мicrosoft.NET
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally. If you are not asked to reboot, cLick the Ok button on the finished message and Notepad will open with a log of actions taken during the fix. Post that information back here. My guess is that we will still need to use Avenger again to remove the left-over files but it should not give us the problems it did previously.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 dane420

dane420
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 27 February 2008 - 01:15 AM

hey oldtimer,
just wanted to give a big thanks!
all seems good now
took me months trying to figure out how to fix this thing
thanks again

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:10 AM

Posted 27 February 2008 - 11:16 AM

Hi dane420. Can you post back the fix log from wpf35 (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )?

Run the system for a couple of days and see if everything remains stable and then get back to me so we can do some final cleanup.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users