Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked And Hijackthis


  • Please log in to reply
3 replies to this topic

#1 killemalll

killemalll

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 11 February 2008 - 12:08 PM

I have been recently had one of my game subcriptions hijacked and just got it back prolly from a keylogger .But before I log in and risk of being stolen again from my hijackthis log is there any way to tell if the keylogger is still in my pc ?I usually scan with adaware and spybot and use agv antivirus.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:03:13 PM

Posted 20 February 2008 - 04:15 PM

Hi and welcome,

Sorry for the delay. We are swamped.

If you still need help please do the following:

Create WinPFind35u Log -

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the rootkit section click on Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 killemalll

killemalll
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 27 February 2008 - 04:51 PM

Sorry took so long .Also i was getting a generic0.acfr trojen threat from agv is that a bug ?



WinPFind35 logfile created on: 2/27/2008 3:44:41 PM
WinPFind35U Version 1.0.2.1	 Folder = C:\Documents and Settings\Johnny\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.48 Mb Total Physical Memory | 582.71 Mb Available Physical Memory | 56.93% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.91% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 20.41 Gb Free Space | 27.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNNY-IQUMWWC7
Current User Name: Johnny
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
sdmcp.exe -> %CommonProgramFiles%\Stardock\SDMCP.exe -> Stardock [Ver = 0, 0, 5, 11 | Size = 241664 bytes | Modified Date = 5/10/2005 12:31:22 PM | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/23/2007 1:06:15 AM | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/16/2007 7:36:24 AM | Attr =	]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/21/2007 2:06:41 AM | Attr =	]
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 1:01:00 AM | Attr =	]
ntuneservice.exe -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> NVIDIA [Ver = 5.05.47 | Size = 131072 bytes | Modified Date = 7/3/2007 11:32:16 AM | Attr =	]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =	]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 2/2/2008 9:35:33 PM | Attr =	]
ctdvddet.exe -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/30/2002 1:00:00 AM | Attr =	]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/21/2007 2:06:41 AM | Attr =	]
rivatuner.exe -> %ProgramFiles%\RivaTuner v2.0 Final Release\RivaTuner.exe ->  [Ver = 2, 0, 17, 0 | Size = 2576384 bytes | Modified Date = 12/24/2006 1:15:00 PM | Attr =	]
cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 41 | Size = 17920 bytes | Modified Date = 8/11/2006 1:56:02 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.80.019 | Size = 38912 bytes | Modified Date = 12/18/2003 8:50:00 AM | Attr =	]
ctcmsgo.exe -> %ProgramFiles%\Creative\MediaSource\Go\CTCMSGo.exe -> Creative Technology Ltd [Ver = 1.0.27.0 | Size = 126976 bytes | Modified Date = 2/20/2003 10:30:52 AM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/8/2008 12:19:50 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.2.1 | Size = 310272 bytes | Modified Date = 2/27/2008 10:40:40 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/23/2007 1:06:15 AM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/16/2007 7:36:24 AM | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/21/2007 2:06:41 AM | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 1:01:00 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr =	]
(ecure) FireDaemon Service: ecure [Win32_Own | Auto | Stopped] ->  -> File not found
(nTuneService) nTune Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> NVIDIA [Ver = 5.05.47 | Size = 131072 bytes | Modified Date = 7/3/2007 11:32:16 AM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 2/2/2008 9:35:33 PM | Attr =	]
(svchost1) FireDaemon Service: svchost1 [Win32_Own | Auto | Stopped] ->  -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.3.2 (dnsrv(wmbla).060701-2226) | Size = 36864 bytes | Modified Date = 7/1/2006 9:39:40 PM | Attr =	]
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(AVG Anti-Rootkit) AVG Anti-Rootkit [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\avgarkt.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.13 | Size = 5632 bytes | Modified Date = 1/31/2007 7:33:46 AM | Attr =	]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 10/23/2007 1:06:49 AM | Attr =	]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 1/16/2007 7:36:26 AM | Attr =	]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/24/2007 2:07:04 AM | Attr =	]
(AvgArCln) Avg Anti-Rootkit Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 1/18/2007 6:00:28 AM | Attr =	]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/21/2007 2:06:41 AM | Attr =	]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 1/16/2007 7:36:24 AM | Attr =	]
(CA500AI) Chameleon XP Digital Camera [Kernel | On_Demand | Stopped] -> System32\Drivers\LG_BULK.sys -> File not found
(CA500AV) Chameleon XP Video Camera [Kernel | On_Demand | Stopped] -> system32\DRIVERS\CA500AV.SYS -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Johnny\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(COMMONFX.DLL) COMMONFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\commonfx.dll -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 87552 bytes | Modified Date = 8/11/2006 1:48:08 PM | Attr =	]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(CT20XUT.DLL) CT20XUT.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CT20XUT.DLL -> Creative Technology Ltd. [Ver = 5.12.01.1196-2.09.7540 | Size = 158720 bytes | Modified Date = 8/11/2006 1:48:50 PM | Attr =	]
(ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 502272 bytes | Modified Date = 8/11/2006 1:45:14 PM | Attr =	]
(ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 499584 bytes | Modified Date = 8/11/2006 1:45:38 PM | Attr =	]
(CTAUDFX.DLL) CTAUDFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\ctaudfx.dll -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 536576 bytes | Modified Date = 8/11/2006 1:48:12 PM | Attr =	]
(ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctdvda2k.sys -> Creative Technology Ltd [Ver = 5.13.01.0467-1.56.0970 | Size = 340704 bytes | Modified Date = 11/10/2005 4:06:04 PM | Attr =	]
(CTEAPSFX.DLL) CTEAPSFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\cteapsfx.dll -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 160768 bytes | Modified Date = 8/11/2006 1:48:28 PM | Attr =	]
(CTEDSPFX.DLL) CTEDSPFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTEDSPFX.DLL -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 269824 bytes | Modified Date = 8/11/2006 1:45:40 PM | Attr =	]
(CTEDSPIO.DLL) CTEDSPIO.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTEDSPIO.DLL -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 115200 bytes | Modified Date = 8/11/2006 1:45:50 PM | Attr =	]
(CTEDSPSY.DLL) CTEDSPSY.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTEDSPSY.DLL -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 317952 bytes | Modified Date = 8/11/2006 1:48:06 PM | Attr =	]
(CTERFXFX.DLL) CTERFXFX.DLL [Kernel | On_Demand | Stopped] -> system32\CTERFXFX.DLL -> File not found
(CTEXFIFX.DLL) CTEXFIFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTEXFIFX.dll -> Creative Technology Ltd. [Ver = 5.12.01.1196-2.09.7540 | Size = 1170432 bytes | Modified Date = 8/11/2006 1:48:42 PM | Attr =	]
(CTHWIUT.DLL) CTHWIUT.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTHWIUT.DLL -> Creative Technology Ltd. [Ver = 5.12.01.1196-2.09.7540 | Size = 61952 bytes | Modified Date = 8/11/2006 1:48:52 PM | Attr =	]
(ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 7168 bytes | Modified Date = 8/11/2006 1:45:40 PM | Attr =	]
(CTSBLFX.DLL) CTSBLFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\ctsblfx.dll -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 548352 bytes | Modified Date = 8/11/2006 1:48:32 PM | Attr =	]
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 143872 bytes | Modified Date = 8/11/2006 1:45:18 PM | Attr =	]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 12:07:17 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 12:07:16 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(EagleNT) EagleNT [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EagleNT.sys -> File not found
(emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 78336 bytes | Modified Date = 8/11/2006 1:45:18 PM | Attr =	]
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Entech.sys -> EnTech Taiwan [Ver = 1.0 | Size = 21664 bytes | Modified Date = 10/25/2004 7:02:00 PM | Attr =	]
(GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> D:\INSTALL\GMSIPCI.SYS -> File not found
(ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ha10kx2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 766976 bytes | Modified Date = 8/11/2006 1:45:26 PM | Attr =	]
(hap16v2k) Creative P16V HAL Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\haP16v2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 154112 bytes | Modified Date = 8/11/2006 1:45:26 PM | Attr =	]
(hap17v2k) Creative P17V HAL Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\haP17v2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1196-2.09.7540 | Size = 180224 bytes | Modified Date = 8/11/2006 1:45:28 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042PR2.SYS -> Logitech, Inc. [Ver = 9.80.13.0 | Size = 51582 bytes | Modified Date = 12/11/2003 8:50:00 AM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.80.13.0 | Size = 25630 bytes | Modified Date = 12/11/2003 8:50:00 AM | Attr =	]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.80.200.0 | Size = 37916 bytes | Modified Date = 12/11/2003 8:50:00 AM | Attr =	]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.80.13.0 | Size = 70894 bytes | Modified Date = 12/11/2003 8:50:00 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 7435392 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =	]
(NVR0Dev) NVR0Dev [Kernel | On_Demand | Running] -> %SystemRoot%\nvoclock.sys -> NVidia Corp. [Ver = 5.05.47 | Size = 6912 bytes | Modified Date = 7/3/2007 11:33:04 AM | Attr =	]
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.1196-2.09.7540 | Size = 116224 bytes | Modified Date = 8/11/2006 1:45:24 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 7/26/2007 5:06:18 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RivaTuner32) RivaTuner32 [Kernel | On_Demand | Running] -> %ProgramFiles%\RivaTuner v2.0 Final Release\RivaTuner32.sys ->  [Ver =  | Size = 8576 bytes | Modified Date = 12/24/2006 1:15:00 PM | Attr =	]
(RTL8023xp) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.618.1015.2004 built by: WinDDK | Size = 71168 bytes | Modified Date = 10/15/2004 12:52:48 AM | Attr =	]
(SaiH0464) SaiH0464 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SaiH0464.sys -> Saitek [Ver = 4.3.3.1705   | Size = 56576 bytes | Modified Date = 6/11/2004 10:59:44 AM | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr =	]
(SGUARD) SGUARD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SGuard.sys -> File not found
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.1.0.3442 built by: VIA | Size = 27904 bytes | Modified Date = 7/2/2003 4:42:00 AM | Attr =	]
(viamraid) viamraid [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\viamraid.sys -> VIA Technologies inc,.ltd [Ver = 5.1.2600.300 | Size = 73600 bytes | Modified Date = 3/29/2004 7:45:36 AM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 3:13:04 PM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/21/2007 2:06:41 AM | Attr =	]
CTDVDDet -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/30/2002 1:00:00 AM | Attr =	]
CTHelper -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 41 | Size = 17920 bytes | Modified Date = 8/11/2006 1:56:02 PM | Attr =	]
CTxfiHlp -> %SystemRoot%\system32\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 3 | Size = 18944 bytes | Modified Date = 8/11/2006 1:56:04 PM | Attr =	]
CyberLat Ram Cleaner -> %ProgramFiles%\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1,1.exe -> File not found
KAVPersonal50 -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe -> File not found
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.80.013 | Size = 20992 bytes | Modified Date = 12/11/2003 8:50:00 AM | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe ->  [Ver =  | Size = 1626112 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =	]
RivaTuner -> %ProgramFiles%\RivaTuner v2.0 Final Release\RivaTuner.exe ->  [Ver = 2, 0, 17, 0 | Size = 2576384 bytes | Modified Date = 12/24/2006 1:15:00 PM | Attr =	]
RivaTunerStartupDaemon -> %ProgramFiles%\RivaTuner v2.0 Final Release\RivaTuner.exe ->  [Ver = 2, 0, 17, 0 | Size = 2576384 bytes | Modified Date = 12/24/2006 1:15:00 PM | Attr =	]
SBDrvDet -> %ProgramFiles%\Creative\SB Drive Det\SBDrvDet.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 12/3/2002 6:06:52 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Creative MediaSource Go -> %ProgramFiles%\Creative\MediaSource\Go\CTCMSGo.exe -> Creative Technology Ltd [Ver = 1.0.27.0 | Size = 126976 bytes | Modified Date = 2/20/2003 10:30:52 AM | Attr =	]
igndlm.exe -> %ProgramFiles%\IGN\Download Manager\DLM.exe -> IGN Entertainment [Ver = 2.3.6.108 | Size = 1103480 bytes | Modified Date = 3/5/2007 12:57:48 PM | Attr =	]
NVIDIA nTune -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneCmd.exe -> NVIDIA [Ver = 5.05.47 | Size = 81920 bytes | Modified Date = 7/3/2007 11:32:10 AM | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Johnny Startup Folder > -> C:\Documents and Settings\Johnny\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
wbsys.dll -> %SystemRoot%\system32\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 8:27:44 PM | Attr =	]
*MultiFile Done* -> -> 
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Stardock\MCPCore.dll [0aMCPClient] -> Stardock [Ver = 0, 0, 5, 4 | Size = 86016 bytes | Modified Date = 5/10/2005 12:31:20 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
MCPClient -> %CommonProgramFiles%\Stardock\MCPStub.dll -> Stardock [Ver = 0, 0, 5, 2 | Size = 49152 bytes | Modified Date = 1/31/2005 2:13:38 PM | Attr =	]
WBSrv -> %ProgramFiles%\Stardock\Object Desktop\WindowBlinds\WbSrv.dll -> Stardock [Ver = 5, 0, 0, 1 | Size = 176128 bytes | Modified Date = 12/6/2005 8:16:30 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (224069 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> about:blank -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://dial.sbc.yahoo.com/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4190 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4372 domain(s) found. -> 
  .[msn] -> My Computer -> 
free_aol.com [http] -> Trusted sites -> 
34 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 12:56:50 AM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{8468AF3A-8039-441F-BB42-B055E0BD8C19} ->	(Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> 
{FCF815AA-AE66-4439-81D7-EFFEDB6F0639} ->	(1394 Net Adapter) -> 
{FF3BDB3B-638E-4B86-A454-A7EFCA8E6963} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab[Creative Software AutoUpdate] -> 
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}[HKEY_LOCAL_MACHINE] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab[CDownloadCtrl Object] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{B3872502-F9FD-4E96-93FF-0D37298F0689}[HKEY_LOCAL_MACHINE] -> http://swgbetareg.station.sony.com/soesysinfo.cab[SOESysInfo Control] -> 
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_13] -> 
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> 
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab[Creative Software AutoUpdate Support Package] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 760 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> RasMan; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 33165 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 1:56:42 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> 
-> Reg Error: Key does not exist or could not be opened. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8468AF3A-8039-441F-BB42-B055E0BD8C19} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FCF815AA-AE66-4439-81D7-EFFEDB6F0639} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 10:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 1:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 10:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll ->  [Ver = 29825 | Size = 54608 bytes | Modified Date = 1/30/2008 8:02:38 PM | Attr =	]
game.ini -> %SystemRoot%\game.ini ->  [Ver =  | Size = 321 bytes | Modified Date = 2/2/2008 9:05:32 PM | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 2/27/2008 8:51:07 AM | Attr =	]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 3453 bytes | Modified Date = 2/11/2008 12:33:11 PM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/11/2008 12:32:33 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
WinZip -> %AllUsersProfile%\Application Data\WinZip ->  [Folder | Created Date = 2/2/2008 8:26:19 PM | Attr =	]
JKDJFDK.rtf -> %UserProfile%\My Documents\JKDJFDK.rtf ->  [Ver =  | Size = 788 bytes | Modified Date = 2/2/2008 11:31:43 AM | Attr =	]
My Downloads -> %UserProfile%\My Documents\My Downloads ->  [Folder | Created Date = 2/15/2008 10:25:56 PM | Attr =	]
Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk -> %AllUsersProfile%\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk ->  [Ver =  | Size = 1691 bytes | Modified Date = 2/2/2008 9:07:16 PM | Attr =	]
Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk -> %AllUsersProfile%\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk ->  [Ver =  | Size = 1691 bytes | Modified Date = 2/2/2008 9:07:16 PM | Attr =	]
WinZip.lnk -> %AllUsersProfile%\Desktop\WinZip.lnk ->  [Ver =  | Size = 1732 bytes | Modified Date = 2/2/2008 8:26:31 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/27/2008 3:04:07 PM | Attr =	]
DivXWebPlayerInstaller.exe -> %UserProfile%\Desktop\DivXWebPlayerInstaller.exe -> DivX, Inc. [Ver = 6.8.0.19 | Size = 6222376 bytes | Modified Date = 2/9/2008 10:42:45 AM | Attr =	]
Internet.lnk -> %UserProfile%\Desktop\Internet.lnk ->  [Ver =  | Size = 104 bytes | Modified Date = 2/17/2008 9:29:54 AM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/27/2008 3:06:51 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481251 bytes | Modified Date = 2/27/2008 3:06:11 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 2/27/2008 3:07:53 PM | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/26/2008 5:56:05 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/9/2008 10:04:52 AM | Attr =	]
Fraps -> %SystemDrive%\Fraps ->  [Folder | Modified Date = 2/2/2008 3:44:11 PM | Attr =	]
Incomplete -> %SystemDrive%\Incomplete ->  [Folder | Modified Date = 2/12/2008 5:18:15 PM | Attr =	]
My Shared Folder -> %SystemDrive%\My Shared Folder ->  [Folder | Modified Date = 2/24/2008 9:06:14 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/16/2008 7:48:43 AM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2/2/2008 3:46:52 PM | Attr =	]
TEMP -> %SystemDrive%\TEMP ->  [Folder | Modified Date = 2/9/2008 10:10:43 AM | Attr =  H ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/27/2008 8:51:07 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/14/2008 5:15:28 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 224069 bytes | Modified Date = 2/14/2008 5:15:28 PM | Attr = R  ]
hosts.20080214-171528.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080214-171528.backup ->  [Ver =  | Size = 224069 bytes | Modified Date = 2/11/2008 12:38:36 PM | Attr = R  ]
PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys ->  [Ver =  | Size = 22328 bytes | Modified Date = 2/23/2008 10:34:29 PM | Attr =	]
BMXBkpCtrlState-{00000000-00000000-00000008-00001102-00000004-10071102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000000-00000000-00000008-00001102-00000004-10071102}.rfx ->  [Ver =  | Size = 30528 bytes | Modified Date = 2/24/2008 6:58:34 PM | Attr =	]
BMXCtrlState-{00000000-00000000-00000008-00001102-00000004-10071102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000000-00000000-00000008-00001102-00000004-10071102}.rfx ->  [Ver =  | Size = 30528 bytes | Modified Date = 2/24/2008 6:58:34 PM | Attr =	]
BMXState-{00000000-00000000-00000008-00001102-00000004-10071102}.rfx -> %SystemRoot%\System32\BMXState-{00000000-00000000-00000008-00001102-00000004-10071102}.rfx ->  [Ver =  | Size = 31056 bytes | Modified Date = 2/24/2008 6:58:34 PM | Attr =	]
BMXStateBkp-{00000000-00000000-00000008-00001102-00000004-10071102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000000-00000000-00000008-00001102-00000004-10071102}.rfx ->  [Ver =  | Size = 31056 bytes | Modified Date = 2/24/2008 6:58:34 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/2/2008 8:41:05 PM | Attr =	]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/25/2008 9:32:03 PM | Attr =	]
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,1,222,0 | Size = 107888 bytes | Modified Date = 2/2/2008 9:09:00 PM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 2/2/2008 9:08:08 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 3:00:46 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/13/2008 3:00:46 AM | Attr =	]
DVCState-{00000000-00000000-00000008-00001102-00000004-10071102}.rfx -> %SystemRoot%\System32\DVCState-{00000000-00000000-00000008-00001102-00000004-10071102}.rfx ->  [Ver =  | Size = 11564 bytes | Modified Date = 2/24/2008 6:58:35 PM | Attr =	]
PnkBstrA.exe -> %SystemRoot%\System32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 2/2/2008 9:35:33 PM | Attr =	]
PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe ->  [Ver =  | Size = 107832 bytes | Modified Date = 2/23/2008 10:34:21 PM | Attr =	]
settings.sfm -> %SystemRoot%\System32\settings.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 2/24/2008 6:58:35 PM | Attr =	]
settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 2/24/2008 6:58:35 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13744 bytes | Modified Date = 2/25/2008 9:29:15 PM | Attr =	]
@Alternate Data Stream - 228 bytes -> %SystemRoot%\System32\wpa.dbl:KAVICHS
xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll ->  [Ver = 29825 | Size = 54608 bytes | Modified Date = 1/30/2008 8:02:38 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 1:49:33 AM | Attr =  H ]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2/2/2008 9:08:00 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/25/2008 9:28:51 PM | Attr =   S]
@Alternate Data Stream - 228 bytes -> %SystemRoot%\bootstat.dat:KAVICHS
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/27/2008 8:51:30 AM | Attr =   S]
game.ini -> %SystemRoot%\game.ini ->  [Ver =  | Size = 321 bytes | Modified Date = 2/2/2008 9:05:32 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 3:00:44 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 3:00:47 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/26/2008 5:56:05 PM | Attr =  HS]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 2/27/2008 8:51:30 AM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 2/3/2008 5:13:34 AM | Attr =	]
@Alternate Data Stream - 228 bytes -> %SystemRoot%\NeroDigital.ini:KAVICHS
popcinfo.dat -> %SystemRoot%\popcinfo.dat ->  [Ver =  | Size = 26 bytes | Modified Date = 2/5/2008 4:13:25 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/27/2008 3:44:18 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/26/2008 5:55:53 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/25/2008 9:32:01 PM | Attr =   S]
temp -> %SystemRoot%\temp ->  [Folder | Modified Date = 2/27/2008 3:41:14 PM | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 3453 bytes | Modified Date = 2/11/2008 12:33:11 PM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/11/2008 12:32:33 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/1/2008 2:59:00 PM | Attr =	]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 2/27/2008 5:00:45 AM | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/25/2008 9:28:56 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 2/27/2008 12:37:42 AM | Attr =	]
@Alternate Data Stream - 228 bytes -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat:KAVICHS
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6696 bytes | Modified Date = 2/27/2008 12:37:42 AM | Attr =	]
@Alternate Data Stream - 228 bytes -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat:KAVICHS
_Setup.dll -> C:\Documents and Settings\Johnny\Local Settings\Temp\{41D4FEBC-B96B-454C-9406-268D45E8ABEE}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 1/23/2008 5:39:23 PM | Attr = R  ]
Perflib_Perfdata_208.dat -> C:\WINDOWS\temp\Perflib_Perfdata_208.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/25/2008 9:29:05 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AVG7 -> %AllUsersProfile%\Application Data\AVG7 ->  [Folder | Modified Date = 2/27/2008 5:00:04 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/11/2008 12:38:29 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/2/2008 3:43:43 PM | Attr =	]
@Alternate Data Stream - 507 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
WinZip -> %AllUsersProfile%\Application Data\WinZip ->  [Folder | Modified Date = 2/9/2008 6:27:25 PM | Attr =	]
AdobeUM -> %AppData%\AdobeUM ->  [Folder | Modified Date = 2/20/2008 3:55:52 PM | Attr =	]
GetRightToGo -> %AppData%\GetRightToGo ->  [Folder | Modified Date = 2/16/2008 5:24:25 AM | Attr =	]
IGN_DLM -> %AppData%\IGN_DLM ->  [Folder | Modified Date = 2/2/2008 7:50:10 PM | Attr =	]
InstallShield -> %AppData%\InstallShield ->  [Folder | Modified Date = 2/27/2008 8:44:40 AM | Attr =	]
PnkBstrK.sys -> %AppData%\PnkBstrK.sys ->  [Ver =  | Size = 22328 bytes | Modified Date = 2/2/2008 9:05:55 PM | Attr =	]
Xfire -> %AppData%\Xfire ->  [Folder | Modified Date = 2/24/2008 10:16:14 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 44544 bytes | Modified Date = 2/11/2008 5:33:08 PM | Attr =	]
@Alternate Data Stream - 228 bytes -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
JKDJFDK.rtf -> %UserProfile%\My Documents\JKDJFDK.rtf ->  [Ver =  | Size = 788 bytes | Modified Date = 2/2/2008 11:31:43 AM | Attr =	]
My Downloads -> %UserProfile%\My Documents\My Downloads ->  [Folder | Modified Date = 2/16/2008 7:42:09 AM | Attr =	]
My eBooks -> %UserProfile%\My Documents\My eBooks ->  [Folder | Modified Date = 2/27/2008 3:06:21 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 2/3/2008 5:16:55 AM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/24/2008 11:30:32 PM | Attr = R  ]
raquel's.rtf -> %UserProfile%\My Documents\raquel's.rtf ->  [Ver =  | Size = 59300 bytes | Modified Date = 2/18/2008 6:35:49 PM | Attr =	]
Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk -> %AllUsersProfile%\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk ->  [Ver =  | Size = 1691 bytes | Modified Date = 2/2/2008 9:07:16 PM | Attr =	]
Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk -> %AllUsersProfile%\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk ->  [Ver =  | Size = 1691 bytes | Modified Date = 2/2/2008 9:07:16 PM | Attr =	]
WinZip.lnk -> %AllUsersProfile%\Desktop\WinZip.lnk ->  [Ver =  | Size = 1732 bytes | Modified Date = 2/2/2008 8:26:31 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/27/2008 3:04:07 PM | Attr =	]
backups -> %UserProfile%\Desktop\backups ->  [Folder | Modified Date = 2/2/2008 8:27:13 PM | Attr =	]
DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk ->  [Ver =  | Size = 1432 bytes | Modified Date = 2/9/2008 10:43:08 AM | Attr =	]
DivXWebPlayerInstaller.exe -> %UserProfile%\Desktop\DivXWebPlayerInstaller.exe -> DivX, Inc. [Ver = 6.8.0.19 | Size = 6222376 bytes | Modified Date = 2/9/2008 10:42:45 AM | Attr =	]
Internet.lnk -> %UserProfile%\Desktop\Internet.lnk ->  [Ver =  | Size = 104 bytes | Modified Date = 2/17/2008 9:29:54 AM | Attr =	]
j -> %UserProfile%\Desktop\j ->  [Folder | Modified Date = 2/2/2008 3:42:52 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 2/11/2008 12:33:51 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/27/2008 3:41:14 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481251 bytes | Modified Date = 2/27/2008 3:06:11 PM | Attr =	]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"PendingFileRenameOperations"=str(7):"\x6264\2\x8e18!\xed26\x5d78\xffe8\xffff\x686c\1\x37a0\2#\0\x8fd8$\x273c\x71a2\xff98\xffff\x6b6e \x7cb6\x43ec\x5ffa\x1c8\0\0\x7350!\1\0\0\0\x7498!\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\b\0\0\0\0\0\0\0\0\0\26\0\x7541\x6874\x726f\x7a69\x6465\x7041\x6c70\x6369\x7461\x6f69\x736e\0\xffe0\xffff\x6b76\ab\0\x3530z\1\0\1o\x3331\x3a38\x4455P\xffe8\xffffLogitech\0\x4e4d\xffe0\xffff\x6b76\bd\0\x8aa0z\1\0\1.\x3832\x3936\x543a\x5043\xfff0\xffff\x686c\1\x2538\30\x5050<\xffd8\xffff\x6b76\f\4\x8000\xa0\0\4\0\1\0\x6143\x6170\x6962\x696c\x6974\x7365\xa228\0\xfff8\xffff\x9438!\xffe0\xffff\x6b76\ab\0\x7298!\1\0\1z\x3331\x3a37\x4455\x5050\xffd8\xffff\x6b76\20\4\x8000\0\0\3\0\1 \x704f\x6e65\x4c41\x5731\x7661\x5365\x6174\x6574\xffe8\xffffusbehci\0\x54d8\5\xfff8\xffff\xa780!\xffe0\xffff\x6b76\5L\0\x4880H\1\0\1|\x4c43\x4953\x7944e\xffe8\xffffisapnp\0\0\x6750\5\xfff0\xffffNO\00010/\xfff0\xffffNDIS\0\36\xffe8\xffffSystem\0\0\0\0\xfff8\xffff\xac90!\xfff8\xffff\xaf38!\xffe8\xffffKeyboard\0e\xffd8\xffff\x6240 \x6268 \x62b0 \x62d8 \x93d8 \x9978 \x96c0 \x96e0 \x8308!\xffe8\xffff\x6b76\0\30\0\x8108"\1\0\0\0\xffa8\xffff\x6b6e \xfb6a\xf802\x3813\x1c5\0\0\x6620D\1\0\0\0\x8c98!\xffff\xffff\1\0\x7698!\x218\0\xffff\xffff<\0\0\0\34\0\4\0\3\0\5\0\x6553\x7574\xf670\0\xffd8\xffff\x6b76\16\4\x8000\1\0\4\0\1d\x6553\x7672\x6369\x5565\x6770\x6172\x6564e\xfff8\xffff\x7670!\xfff8\xffff\x7600!\xffe8\xffff\x686c\1\x3960\2\xacca\xf4d0\x9060$\xdf9a\xbc86\xffd8\xffffRPCSS\0Eventlog\0\0\0\0\xffe0\xffff\x6b76\b\xa8\0\x4540H\3\0\1\0\x6553\x7563\x6972\x7974\xff88\xffff\x6b6e \xf622\x3e75\x3816\x1c5\0\0\xa020!\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\0\0\0\0\0\0\0\0\1\0&\0\x367b\x3939\x6134\x3064\x2d34\x3339\x6665\x312d\x6431\x2d30\x3361\x6363\x302d\x6130\x6330\x3239\x3332\x3931\x7d360\xff88\xffff\x6b6e \x316e\x3e71\x3816\x1c5\0\0\xa020!\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\0\0\0\0\0\0\0\0\2\0&\0\x647b\x6666\x3232\x6630\x2d33\x3766\x6630\x312d\x6431\x2d30\x3962\x3731\x302d\x6130\x6330\x3239\x3332\x3931\x7d36B\xff88\xffff\x6b6e \x7f8a\x3e7f\x3816\x1c5\0\0\xa060D\1\0\0\0\x8890!\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\f\0\0\0\0\0\0\0\b\0&\0\x387b\x3063\x6437\x3564\x2d30\x6137\x6438\x312d\x6431\x2d32\x6638\x6338\x302d\x6330\x3430\x6266\x3866\x6566\x7d660\xffc8\xffffNT AUTHORITY\LocalService\0\xfff8\xffff\x7ea0!\xffa8\xffff\x6b6e \x8f2\x3e89\x3816\x1c5\0\0\x77f8!\3\0\0\0\x9098\26\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffffL\0\0\0\0\0\0\0\0\0\6\0\x6d64\x7375\x6369m\xff88\xffff\x6b6e \x7f8a\x3e7f\x3816\x1c5\0\0\x78b0!\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\0\0\0\0\0\0\0\0\0\0&\0\x327b\x6265\x3730\x6165\x2d30\x6537\x3037\x312d\x6431\x2d30\x3561\x3664\x322d\x6438\x3062\x6334\x3031\x3030\x7d30&\xffe0\xffff\x6b76\5\4\x8000\3\0\4\0\1\0\x7453\x7261t\0\xffe0\xffff\x6b76\2\4\x8000\xec6a\x47c5\4\0\1\16\x3154\16\xef60\36\xffd8\xffffNetworkProvider\0\0\0\xff78\xffffWindows Driver Foundation - User-mode Driver Framework Reflector\0e\xffd8\xffff\x6b76\f\xde\0\xd0c8S\1\0\1i\x7953\x626d\x6c6f\x6369\x694c\x6b6epv\xffd8\xffff\x6b76\16x\0\xd1b0S\1\0\1=\x6544\x6976\x6563\x6e49\x7473\x6e61\x65636\xffd8\xffff\x6b76\f\xde\0\xd230S\1\0\1}\x7953\x626d\x6c6f\x6369\x694c\x6b6e\x3344\x4f44\xffe8\xffff\x686c\1\x3a58\2#\0\x8fd8$\x273c\x71a2\xff90\xffff\x6b6e \x6dd2\x28f7\xb72e\x1c7\0\0\x7618!\0\0\0\0\xffff\xffff\xffff\xffff\3\0\x2670\37\x218\0\xffff\xffff\0\0\0\0L\0\4\0\0\0\36\0\x6e49\x6574\x6672\x6361\x7365\x6e55\x6966\x6572\x6177\x6c6c\x6465\x7441\x7055\x6164\x6574\0\xffc0\xffff\x6b76&\4\x8000\1\0\4\0\1\17\x387b\x3634\x4138\x3346\x2d41\x3038\x3933\x342d\x3134\x2d46\x4242\x3234\x422d\x3530\x4535\x4230\x3844\x3143\x7d39\4\xffc0\xffff\x6b76&\4\x8000\1\0\4\0\1C\x467b\x4643\x3138\x4135\x2d41\x4541\x3636\x342d\x3334\x2d39\x3138\x3744\x452d\x4646\x4445\x3642\x3046\x3336\x7d39\17\xffd8\xffff\x6b76\r\2\x8000\0\0\a\0\1\0\x6544\x6570\x646e\x6e4f\x7247\x756fp\0\xffe0\xffffLocalSystem\0\0\0\xffe0\xffff\x6b76\5\4\x8000\3\0\4\0\1#\x7453\x7261\xf274#\xffd8\xffff\x6b76\n\30\0\x7c80!\1\0\1v\x624f\x656a\x7463\x614e\x656dsto\xffe0\xffffLocalSystem\0r.\xffe0\xffff\x9490!\x9a58!\x9a78!\x9aa0!\x9b10!\x7c58!\x7cc0!\xffd8\xffff\x6b76\v\xb4\0\x7ce8!\1\0\1,\x6544\x6373\x6972\x7470\x6f69ndl\xff48\xffffProvides system and desktop level support to the NVIDIA display driver (Omega 1.6693) (P)\0\xfff0\xffffSrv\0\x95c8\v\xffd8\xffff\x6b76\tN\0\x60d8D\1\0\1\0\x6c43\x7361\x4773\x4955D\0\x100\0\xfff0\xffff\xa7c0g\xeb88o\xbe70c\xffe8\xffffoem35.inf\0\xffe0\xffffE90f_p-4.ICM\0\0\xffa8\xffffHID\Vid_046d&Pid_c01d\6&1c347ef5&0&0000\0\x4f88G\xffe0\xffff\x6b76\a\n\0\x5480\31\1\0\1\0\x6553\x7672\x6369\xff65\xfff8\xffff\x93d8!\xffe8\xffff\x6b76\0\22\0\x7fe8!\1\0\0\0\xffd0\xffff\x8b18\26\x8b80\26\x8bc8\26\x8fd8\26\x7c90\35\x6f30 \x8048!\x8b68!\xa2d8!\xa458!\x9788!\xfff8\xffff\xa208!\xfff0\xffff\xf10%\xf40%5\0\xffd8\xffff\x20d0\35\xaa20!\x8c68!\xaa88!\xa260!\xa188!\xa1b0!\xa1d8!\x7f28!\xffd8\xffff\x6b76\v\x88\0\x7f50!\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xff70\xffffProvides performance library information from WMI HiPerf providers.\0\0\0\xfff8\xffff\x76e8!\xffe8\xffffSRC IMAP\0\26\x6268\x6e69\x8000!\x1000\0\0\0\0\0\0\0\0\0\0\0\xffd8\xffff\x6b76\v^\0\x8290!\1\0\18\x6944\x7073\x616c\x4e79\x6d61eD-\xffd8\xffff\x6b76\17\20\0\x8c18\26\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xffe0\xffffLocalSystem\0\x4433\x474f\xfff0\xffff\x686c\1\x8808!\xcbf4\x1404\xfff0\xffff\1\x8b8\1\5\0\0\xfea0\xffffEnables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.\0\xff\xff\xffd8\xffff\x6b76\vr\0\xa948!\1\0\1p\x6544\x6373\x6972\x7470\x6f69\x416e\x9fb5\xc91a\xffc0\xffff\x9180\34\x3208\36\x2758\37\x2780\37\x39e0 \x3a08 \x9318!\xa828!\x9580!\x79a0!\xa910!\x9858!\x1120\26\x3ac0r\x8b90!\xfff0\xffff\x686c\1\x9c40!\xe2d0\xe465\xfff8\xffff\x9b38!\xff98\xffffMicrosoft WINMM WDM Audio Compatibility Driver\0\0\0\0\xfff0\xffff\x686c\1\x8eb0!\xcbf4\x1404\xffd8\xffff\x6b76\16$\0\x8b40!\3\0\1\xf761\x6146\x6c69\x7275\x4165\x7463\x6f69\x736e\x7676\xff98\xffff%SystemRoot%\System32\svchost.exe -k LocalService\0\xffd8\xffff\x6b76\vh\0\x96d8!\1\0\1\x500\x6544\x6373\x6972\x7470\x6f69\x6c6e\x18d\2\xffe0\xffff\x6f98 \x6fb8 \x8b90!\xa758!\xa568!\x9270!tn\xffd8\xffff\x6b76\f\xdc\0\xd318S\1\0\1\xa044\x7953\x626d\x6c6f\x6369\x694c\x6b6e\xb87a\xaaa6\xffd8\xffff\x6b76\f\4\x80000\0\4\0\1\0\x6143\x6170\x6962\x696c\x6974\x7365\17\0\xffe0\xffff\x6b76\a\22\0\xa2c0!\1\0\1\0\x6e49\x5066\x7461h\xffd8\xffff\x6b76\n\22\0\xa440!\1\0\1\24\x6e49\x5366\x6365\x6974\x6e6f\x500\v\0\xffd8\xffff\x6b76\f4\0\x84a0!\1\0\1\0\x7250\x766f\x6469\x7265\x614e\x656d\0\x500\xffc8\xffffNVIDIA (Omega 1.6693) (P)\0\xffd8\xffff\x6b76\16\b\0\xa638!\3\0\1\0\x7244\x7669\x7265\x6144\x6574\x6144\x6174\x500\xffd8\xffff\x6b76\n\26\0\x8528!\1\0\1\x500\x7244\x7669\x7265\x6144\x6574\x1000\x101\0\xffe0\xffff10-29-2004\0\0\xad3f\x6214\xffe0\xffff\x6b76\a\6\0\x8590!\1\0\1!\x6553\x7672\x6369e\xffd8\xffff\x6b76\r\20\0\xaba0!\1\0\1\x2b3b\x7244\x7669\x7265\x6556\x7372\x6f69n\0\xfff0\xffffnv\0\x2b3b\x201\0\xffe8\xffff\x686c\1\x3d10\2#\0\x8fd8$\x273c\x71a2\xffd8\xffff\x6b76\16P\0\xb0f8!\1\0\1\xcdcd\x6544\x6976\x6563\x6e49\x7473\x6e61\x6563\xcdcd\xfff8\xffff\x7a70!\xffe0\xffff\x6b76\a\n\0\x7480\30\1\0\1C\x6553\x7672\x6369e\xffd8\xffffPrimary Channel\0\x108\1\xfff0\xffffSrv\0\0\0\xffc8\xffff\x6b76\e\x4894\0\x73b0!\a\0\1v\x6550\x646e\x6e69\x4667\x6c69\x5265\x6e65\x6d61\x4f65\x6570\x6172\x6974\x6e6fs,n\xffc0\xffff\x6b76! \0\x9060!\3\0\1k\x6148\x6472\x6177\x6572\x6e49\x6f66\x6d72\x7461\x6f69\x2e6e\x6441\x7061\x6574\x5372\x7274\x6e69\x6a67n\xf970m\xffe0\xffff\x6b76\6X\0\xb958k\1\0\1\0\x7244\x7669\x7265\0\xffd8\xffff\x6b76\tN\0\x60c8S\1\0\1\0\x6c43\x7361\x4773\x4955D\0\0\0\xffc8\xffff\x6b76\34 \0\xa3f8 \3\0\1l\x6148\x6472\x6177\x6572\x6e49\x6f66\x6d72\x7461\x6f69\x2e6e\x6843\x7069\x7954\x6570\x6c67\x545f\xffd8\xffff\x6b76\n.\0\x7c8#\a\0\1\f\x6148\x6472\x6177\x6572\x4449\0\1\0\xffd0\xffff\x6b76\23B\0\x5570S\1\0\1\1\x6f4c\x6163\x6974\x6e6f\x6e49\x6f66\x6d72\x7461\x6f69n\1\0\xff88\xffff\x6b6e \xf4b4\x3e94\x3816\x1c5\0\0\xa060D\1\0\0\0\x8090!\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffffL\0\0\0\0\0\0\0\2\0&\0\x327b\x3466\x3231\x6261\x2d35\x6465\x6133\x342d\x3935\x2d30\x6261\x3432\x622d\x6330\x3265\x6161\x3737\x3364\x7d63C\xff88\xffff\x6b6e \xb968\x3e99\x3816\x1c5\0\0\x8790!\2\0\0\0\x8db0!\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffffL\0\0\0\0\0\0\0\0\0&\0\x397b\x3342\x3536\x3938\x2d30\x3631\x4635\x312d\x4431\x2d30\x3141\x3539\x302d\x3230\x4130\x4446\x3531\x4536\x7d34\b\xfff0\xffff\x686c\1\xa020!\xcbf4\x1404\xfff0\xffff\x686c\1\x78b0!\x9a1d\x21ec\xfdf8\xffffMaintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.\r\n\0ysm\xffa0\xffff%SystemRoot%\System32\svchost.exe -k netsvcs\0t\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xfff0\xffff\xfd8%\xd020$\0\0\xffd8\xffff\5\0\0\0\0\0\2\0d \1\0\xea60\0\1\0\xea60\0\xffd8\xffff\x6b76\r\2\x8000\0\0\a\0\1\0\x6544\x6570\x646e\x6e4f\x7247\x756fp\0\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1t\x7245\x6f72\x4372\x6e6f\x7274\x6c6fSP\xffa8\xffffSysSetup.Dll,LegacyDriverPropPageProvider\0\xfff0\xffffHTTP\0\0\xffb8\xffffC:\WINDOWS\system32\MsPMSPSv.exe\0\0\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xfff8\xffff\x7a98!\xfff0\xffff\x686c\1\x7b00!\xd856\x4a5e\xfff8\xffff\xa930!\xfff0\xffff\xd0c8$\xd0f8$\0\0\xff88\xffff\x6b6e \xb968\x3e99\x3816\x1c5\0\0\x8808!\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\0\0\0\0\0\0\0\0\0\0&\0\x367b\x3939\x6134\x3064\x2d34\x3339\x6665\x312d\x6431\x2d30\x3361\x6363\x302d\x6130\x6330\x3239\x3332\x3931\x7d36}\xff88\xffff\x6b6e \xf4b4\x3e94\x3816\x1c5\0\0\x8808!\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\0\0\0\0\0\0\0\0\1\0&\0\x397b\x6165\x3333\x6631\x2d61\x3962\x6231\x342d\x6635\x2d38\x3239\x3538\x622d\x3264\x6362\x3737\x6661\x6463\x7d65P\xffe8\xffff\x686c\2\x8cc0!\xfed0\xb761\x8d38!\x4f1c\xc9b4\xffd8\xffff\x6b76\t8\0\x9020!\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffd8\xffff\x686c\3\xa098!\xd673\xd120\x7708!\xfed0\xb761\x7780!\xfc59\xb838\2\0\1\0\xfff0\xffff\x2020L\xa020L\xd673\xd120\xfff0\xffff\xd1a0$\xd1d0$\0\0\xff88\xffff\x6b6e \xd1f0\x3e30\x3816\x1c5\0\0\xa060D\1\0\0\0\x82f8!\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffffL\0\0\0\0\0\0\0\3\0&\0\x347b\x3432\x6635\x3766\x2d33\x6431\x3462\x312d\x6431\x2d32\x3638\x3465\x392d\x6138\x3265\x3530\x3432\x3531\x7d33=\xff88\xffff\x6b6e \x59ea\x3e59\x3816\x1c5\0\0\x8e38!\3\0\0\0\x9f38!\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffffL\0\0\0\0\0\0\0\0\0&\0\x397b\x3342\x3536\x3938\x2d30\x3631\x4635\x312d\x4431\x2d30\x3141\x3539\x302d\x3230\x4130\x4446\x3531\x4536\x7d34=\xff88\xffff\x6b6e \xd1f0\x3e30\x3816\x1c5\0\0\x8eb0!\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\0\0\0\0\0\0\0\0\0\0&\0\x327b\x6265\x3730\x6165\x2d30\x6537\x3037\x312d\x6431\x2d30\x3561\x3664\x322d\x6438\x3062\x6334\x3031\x3030\x7d301\xfff8\xffff\x70a0!\xffe8\xffff\x6b76\0\36\0\x2ec0#\1\0\0\0\xffe0\xffff\x99a0 \x7980!\x8b08!\x8dc8!\x98b0!\x9fd8!tr\xffe0\xffff\x6b76\4\4\x8000 \0\4\0\1o\x7954\x6570\S\x6268\x6e69\x9000!\x1000\0\0\0\xd262\xb76b\x3803\x1c5\??\\xffc0\xffffSystem32\DRIVERS\wanarp.sys\0\0\0\xffd8\xffffGeForce 6800 GT\0,O\xffe8\xffffSystem\0\0\0\0\xffd8\xffff\x6b76\tN\0\x3040W\1\0\1B\x6c43\x7361\x4773\x4955DAA8\xfff8\xffff\x7ac0!\xffd8\xffffIntegrated RAMDAC\0\xffd8\xffff\x6b76\tN\0\x4da0#\1\0\1\x69cf\x6c43\x7361\x4773\x4955\x9944\b\x4218\x69cf\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\0\x6143\x6170\x6962\x696c\x6974\x7365\0\0\xffe8\xffffMicrosoft\0\xffe8\xffff\x1458?\xc840E\xc0d0!\xc9c8!\xf050S\xffd8\xffff\x6b76\nZ\0\x6ba8S\1\0\1\0\x6544\x6976\x6563\x6544\x6373\x97e7\x37ce\x1c5\xffd0\xffff\x6b76\23B\0\xb058S\1\0\1\0\x6f4c\x6163\x6974\x6e6f\x6e49\x6f66\x6d72\x7461\x6f69n\0\0\xffe8\xffff\x6b76\0\22\0\xa618!\1\0\0\0\xfff0\xffff\xc000\x76d8\x8a36\x1c4\x7053\x6361\xffd8\xffff\x6b76\r\4\x8000\1\0\4\0\1\0\x6e49\x7570\x5074\x6f72\x6976\x6564r\0\xffd8\xffff\x4798\36\x47c8\36\x3b88\36\x46b0\36\x6518 \x3450 \x6f78 \x8398!Re\xffd8\xffffWMDM PMSP Service\0\xffd8\xffff\x6b76\n\30\0\x8070!\1\0\1#\x624f\x656a\x7463\x614e\x656d\x443a\x4433\x474f\xffa0\xffff%SystemRoot%\System32\svchost.exe -k netsvcs\0\0\xffe0\xffff\x6b76\4\4\x8000 \0\4\0\1\r\x7954\x6570\xd040\r\xffd8\xffff\x6b76\n\34\0\x98d8!\1\0\1\0\x6844\x7063\x6553\x7672\x7265\0\x281\0\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1\0\x7453\x7261t\0\xffd8\xffff\x6b76\f\4\x8000\x45f4\x7c88\3\0\1n\x3344\x5f44\x3332\x3331\x3832\x3735\x9610n\xfff0\xffff\x1950t\x1a38t\x5fd0l\xffd8\xffff\x6b76\n2\0\xc918K\1\0\0011\x6544\x6976\x6563\x6544\x6373CI\\xffe8\xffffSystem\0\0\0\0\xffe8\xffff\x6b76\0\2\x8000\0\0\1\0\0\x27c0\xffd8\xffff\x6b76\16\4\x8000\2\0\3\0\1i\x7250\x6d69\x7261\x4479\x7665\x614d\x6b73i\xffe0\xffff\x6b76\3\16\0\xc1c0\36\1\0\1e\x664d\x7667\x6369e\xffd8\xffff\x6b76\f\xa6\0\xc170"\1\0\1\xcdcd\x7953\x626d\x6c6f\x6369\x694c\x6b6e\xcdcd\xcdcd\xffe0\xffff\x6b76\0034\0\x248k\1\0\1\0\x664dg\0\0\xfff0\xffffClass\xcdcd\xffe0\xffff\x6b76\4\4\x8000\20\0\4\0\1\f\x7954\x6570\1\0\xffe8\xffffMRxDAV\0B42\xffa0\xffff%systemroot%\system32\svchost.exe -k netsvcs\0\0\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\x80\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\x8080\x80\xfff8\xffff\xa500!\xffd8\xffff\x6b76\17 \0\x76c0!\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xffd0\xffff\x6b76\21\4\x8000\xd049\x47c5\4\0\1\0\x654c\x7361\x4f65\x7462\x6961\x656e\x5464\x6d69e\0\0\0\xffd8\xffffRpcSs\0Ndisuio\0\0\x5ca8\xfb49\x9582\xfff8\xffff\x83e0!\xffb0\xffffWindows Management Instrumentation\0\0\0\0\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xfff0\xffff\x50c8e\xcc98g\x9a80Y\xffe0\xffffE90f_p-4.ICM\0\0\xffd8\xffff\x5180\1\0\0\0\0\2\0\3\3\1\0\xea60\0\1\0\xea60\0\xffd8\xffff\x6b76\v\x272\0\xb7f8!\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xff90\xffffProvide communciation services for UMDF components.\0\0\0\xffe0\xffff\x6b76\a\4\x8000\1\0\4\0\1\0\x6e45\x6261\x656cd\xffc0\xffffRemote Access IP ARP Driver\0\0\0\xffe0\xffff\x6b76\a@\0\x3538>\1\0\1\0\x6c44\x4e6c\x6d61e\xffe8\xffff\x686c\2\xd8c0G\x4e64\x29c4\xcc98G\xe918\xb548\xffd8\xffff\x6b76\17\36\0\x9808!\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xffd8\xffffRpcSs\0winmgmt\0\0\0\0\0\xffd8\xffff\x6b76\n\30\0\xaf18!\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xffd0\xffff\x6b76\23\4\x8000\x88b\x47c6\4\0\1\16\x654c\x7361\x5465\x7265\x696d\x616e\x6574\x5473\x6d69e\xb230\36\xffd8\xffff\x6b76\tZ\0\xa7c8!\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffd8\xffff\x6b76\v8\0\x9768!\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffd8\xffff68.114.37.166\0005\0t\0\xffd8\xffff\x6b76\n\30\0\x7c18!\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xffe0\xffff\x6b76\3<\0\xd518|\1\0\1\0\x664dg\0\0\xffe8\xffff\x6b76\0L\0\x2ee8#\1\0\0\0\xffe8\xffffSystem\0\0\0\0\xffd0\xffffVersion 5.40.02.22.00\0\xffd0\xffff\x6b76\23B\0\xea8&\1\0\1\0\x6f4c\x6163\x6974\x6e6f\x6e49\x6f66\x6d72\x7461\x6f69n\0\0\xffd8\xffff\x6b76\n2\0\x1f88L\1\0\1\x6374\x6544\x6976\x6563\x6544\x63730\0\0\xffa8\xffff\x6b6e \x1dae\xe3fb\x4151\x1c5\0\0\x4130\t\1\0\0\0\x8278!\xffff\xffff\a\0\x7ca0!\x218\0\xffff\xffff\20\0\0\0\30\0\xb4\0\xa3\0\5\0\x564e\x7653c?\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1S\x7453\x7261ts\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1o\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\\xffd8\xffff\x6b76\tD\0\x9ac8!\2\0\1W\x6d49\x6761\x5065\x7461h692\xffb8\xffff%SystemRoot%\system32\nvsvc32.exe\0\xffd8\xffff\x6b76\vb\0\x9bd8!\1\0\1n\x6944\x7073\x616c\x4e79\x6d61er.\xffe0\xffff\x6b76\b\xa8\0\x9c98!\3\0\1\0\x6553\x7563\x6972\x7974\xffe0\xffff\x6b76\5L\0\x1dc8L\1\0\1\0\x4c43\x4953D\0\xfff0\xffff\x686c\1\xa298\x81\x1346\x5fae\xffe0\xffff\x6b76\0034\0\x9eb0m\1\0\1\0\x664dg\0\0\xffe0\xffff\x6b76\5N\0\x6fa8\1\0\1 \x4c43\x4953\x5544\x5044\xfff0\xffffClass\xcdcd\xff98\xffffNVIDIA Display Driver Service (Omega 1.6693) (P)\0D\xffa8\xffff\x6b6e \x5d44\xe399\x4151\x1c5\0\0\x9a00!\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8288!\x4d08\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x616c\x4e79\b\0\x90a0!\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffd8\xffff\x6b76\r\2\x8000\0\0\a\0\1_\x6544\x6570\x646e\x6e4f\x7247\x756fp\0\xffe0\xffffLocalSystem\0\x8eaa\x1480\xffe8\xffff\x686c\1\x3f40\2#\0\x8fd8$\x273c\x71a2\xffa0\xffff\26\0\16\0\1\0\2\0\3\0\4\0\5\0\6\0\a\0\b\0\t\0\n\0\v\0\f\0\r\0\17\0\20\0\21\0\22\0\23\0\24\0\25\0\26\0\xfff0\xffff0\0\0\36\xab3b\1\xff88\xffff\x6b6e \xf8fe\x3e37\x3816\x1c5\0\0\x8eb0!\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\0\0\0\0\0\0\0\0\1\0&\0\x367b\x3939\x6134\x3064\x2d34\x3339\x6665\x312d\x6431\x2d30\x3361\x6363\x302d\x6130\x6330\x3239\x3332\x3931\x7d369\xff88\xffff\x6b6e \x59ea\x3e59\x3816\x1c5\0\0\x8eb0!\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\0\0\0\0\0\0\0\0\2\0&\0\x627b\x3966\x3336\x3864\x2d30\x3563\x3935\x312d\x6431\x2d30\x6138\x6232\x302d\x6130\x6330\x3239\x3535\x6361\x7d31\0\xffd8\xffff\x686c\3\x8f28!\xd673\xd120\x9e48!\xfed0\xb761\x9ec0!\x1869\xfb78 \0Sp\xff88\xffff\x6b6e \x6cba\x3e6c\x3816\x1c5\0\0\xa060D\1\0\0\0\x8880!\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffffL\0\0\0\0\0\0\0\6\0&\0\x367b\x3163\x3962\x3666\x2d30\x3063\x3961\x312d\x6431\x2d30\x3639\x3864\x302d\x6130\x3061\x3530\x6531\x3135\x7d64=\xffd8\xffff\x6b76\v8\0\xa220!\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\x6268\x6e69\xa000!\x1000\0\0\0\0\0\0\0\0\0\0\0\xff88\xffff\x6b6e \xf622\x3e75\x3816\x1c5\0\0\x9f60!\3\0\0\0\x8df0!\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffffL\0\0\0\0\0\0\0\0\0&\0\x397b\x3342\x3536\x3938\x2d30\x3631\x4635\x312d\x4431\x2d30\x3141\x3539\x302d\x3230\x4130\x4446\x3531\x4536\x7d34}\xff88\xffff\x6b6e \x6cba\x3e6c\x3816\x1c5\0\0\xa020!\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\0\0\0\0\0\0\0\0\0\0&\0\x327b\x6265\x3730\x6165\x2d30\x6537\x3037\x312d\x6431\x2d30\x3561\x3664\x322d\x6438\x3062\x6334\x3031\x3030\x7d30\x7461\xfff0\xffff0\0\0\0\x1c98\0\xffe8\xffffSystem\0\b\xa330\b\xffd8\xffff\x6b76\16$\0\x9688!\3\0\1\0\x6146\x6c69\x7275\x4165\x7463\x6f69\x736e\0\xfff0\xffff0\0\0ppp\xffe8\xffff\x6b76\0J\0\x2f38#\1\0\0\0\xffd8\xffff\x6b76\17\16\0\x8f50\26\a\0\1\0\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369e\xffd8\xffff\x6b76\r\2\x8000\0\0\a\0\1\0\x6544\x6570\x646e\x6e4f\x7247\x756fp\0\xffd8\xffff\x6b76\n\30\0\xacb8!\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\b\0\x8738!\xffe8\xffff\x6b76\0\32\0\xf9c0%\1\0\0\x5930\xffc0\xffffRemote Access IP ARP Driver\0\0\0\xffd8\xffff\x6b76\v0\0\xa288!\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffc8\xffffWMI Performance Adapter\0\0\0\xffe8\xffffoem4.inf\0\0\xffd8\xffff\x6b76\n4\0\x7870!\1\0\1\0\x624f\x656a\x7463\x614e\x656d\0\0\0\xfff0\xffffBase\0\0\xffe8\xffffVIAAGP1\0\0\0\xffd8\xffff\x6b76\vl\0\xa350!\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xff90\xffffMonitors system security settings and configurations.\0\xffd8\xffff\x6b76\tZ\0\xa590!\2\0\1\0\x6d49\x6761\x5065\x7461\xc068\xc0\x8080\x80\b\0\x8738!\xffd8\xffff\x6b76\v \0\xae10!\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffd8\xffffAutomatic Updates\0\xffe8\xffffnv4_NV3x\0\0\xffd8\xffff\x6b76\v\x1e2\0\xb328!\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xffe0\xffff\x6b76\5\b\0\x8c30\26\1\0\1\0\x7247\x756fpr\xffd8\xffff\x6b76\vF\0\x95e0!\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\b\0\x8738!\xffe0\xffffLegacyDriver\0\0\xfff0\xffff\x8000\xc562\x1c0\x01c1fs\xffd8\xffff\x6b76\f\xde\0\xd3f8S\1\0\1\x500\x7953\x626d\x6c6f\x6369\x694c\x6b6e\0\0\xffd8\xffff\x6b76\20\4\x8000\2\0\3\0\1i\x7473\x4372\x7275\x6957\x446e\x7665\x6369\x7365\xffe8\xffff*PNP0600\0\0\xffd8\xffff\x6b76\v$\0\x9248!\1\0\1 \x6944\x7073\x616c\x4e79\x6d61eap\xffa0\xffff%systemroot%\system32\svchost.exe -k netsvcs\0\0\xffd8\xffff\x6b76\v$\0\xa418!\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xffe8\xffffMonitors\0\0\b\0\xa780!\xfff0\xffff\x8000\x3bb2\xbd4a\x1c4\xa910!\b\0\x90a8!\xffc0\xffffWireless Zero Configuration\0\0\0\xffc0\xffff\x6b76&n\0\x9700"\1\0\1 \x3a43\x505c\x6f72\x7267\x6d61\x4620\x6c69\x7365\x565c\x6c61\x6576\x535c\x6574\x6d61\x535c\x6574\x6d61\x652e\x6578\16\b\0\x9ba8!\xffe8\xffff\x6b76\0\36\0\x2f88#\1\0\0\0\xffd0\xffff\x7f48\35\x39f8\36\x6f50 \xab28!\xa4a0!\x9558!\x7bf0!\x9900!\xa138!\x96b0!\x96b8!\xffe8\xffff*PNP0501\0\0\xfff0\xffffBase\0\0\xfff0\xffff\xea88"\xe518"\x768"\xffd8\xffff\x6b76\tB\0\x8c20!\2\0\0012\x6d49\x6761\x5065\x7461hppl\xffd8\xffff\x6b76\f\xde\0\xce20S\1\0\1o\x7953\x626d\x6c6f\x6369\x694c\x6b6eon\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1\0\x7453\x7261t\0\xffa0\xffff%SystemRoot%\System32\svchost.exe -k netsvcs\0\0\xffe0\xffff\x6b76\5\4\x8000\x3842\0\4\0\1\16\x654c\x7361\xef65\36\xffd8\xffff\x8fe0!\xaab0!\x9d50!\xacd8!\xa3f0!\x97e0!\x9830!\xa328!\x6b76\3\xffd8\xffff\x6b76\n\30\0\xaa40!\1\0\1\24\x624f\x656a\x7463\x614e\x656d\x500\22\0\xffd8\xffff\x6b76\v\x158\0\x80b0!\1\0\1\xc0\x6544\x6373\x6972\x7470\x6f69n\x8080\x80\xfff0\xffffBase\0\0\xffe8\xffffComputer\0\5\xffd8\xffff\x6b76\n\30\0\x9da0!\1\0\1\x8e85\x624f\x656a\x7463\x614e\x656d(\0m\xffe0\xffff\x6b76\2\4\x8000\x182\x47c6\4\0\1\0\x3254\0\0\0\xffe8\xffff\x6b76\0\24\0\xd690!\1\0\0002\xff88\xffffProvides automatic configuration for the 802.11 adapters\0_\xffd0\xffff\x5ea0\e\x9340!\x9630!\x9888!\xae58!\xa480!\xaeb0!\x9d78!\xa8e8!\x8210!a \xffe0\xffff\x6b76\5\16\0\x5820\31\1\0\1\b\x6c43\x7361\x8a73\b\xfff0\xffff\x2ac0#\x46b8#\xe128"\xffe0\xffff\x6b76\5\4\x8000\3\0\4\0\1\0\x7453\x7261t\0\xffe0\xffffLocalSystem\0\x1ff\17\xffd8\xffff\x6b76\f\xdc\0\xcd40S\1\0\1s\x7953\x626d\x6c6f\x6369\x694c\x6b6e\x6972\x7470\xffd8\xffff\x6b76\tL\0\xab50!\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffe0\xffff\x6b76\5\4\x8000\2\0\4\0\1u\x7453\x7261tE\xffa8\xffff\x6b6e \xac42\xe4bc\x161d\x1c7\0\0\x6e68 \0\0\0\0\xffff\xffff\xffff\xffff\1\0\x7fe0!\x4d08\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xffd8\xffff\x6b76\tZ\0\x94c8!\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffb0\xffffC:\WINDOWS\System32\wbem\wmiapsrv.exe\0\xffe8\xffff6.6.9.3\0e\0\xffc8\xffff\x6b76 \4\x8000\1\0\4\0\1\0\x6c41\x6f6c\x4e77\x6e6f\x7473\x6e61\x6164\x6472\x6f4d\x6564\x6f43\x626d\x6e69\x7461\x6f69\x736e\xffd0\xffff\x6b76\22\4\x8000\2\0\4\0\1\0\x7243\x736f\x5373\x7469\x5365\x6e79\x4663\x616c\x7367\0\0\0\xffc8\xffff\x6b76\31\4\x8000\17\0\4\0\1\0\x6552\x6f73\x766c\x5065\x6565\x4272\x6361\x6f6b\x6666\x694d\x756e\x6574s\0\0\0\xffc8\xffff\x6b76\32\4\x8000\a\0\4\0\1\0\x6552\x6f73\x766c\x5065\x6565\x4272\x6361\x6f6b\x6666\x614d\x5478\x6d69\x7365\0\0\0\xffd8\xffff\x6b76\f\xdc\0\xcf08S\1\0\1\x49c3\x7953\x626d\x6c6f\x6369\x694c\x6b6e\xb87a\xaaa6\xffe0\xffffLocalSystem\0\0\0\xffd8\xffff\x6b76\tZ\0\x9298!\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0\xffa0\xffff{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\0TI\xffd8\xffff\x6b76\v\4\x8000\0\0\3\0\1\0\x764e\x7043\x4c6c\x636f\x7461\x6f65\x736e\0\xfff0\xffffbase\0\0\xffd8\xffff\x6b76\20\a\0\x698\26\3\0\1W\x4f50\x5f53\x5243\x5f54\x3030\x3030\x3030\x3230\xffe0\xffffms_pschedmp\0\0\0\xffe8\xffff*PNP09FF\0\0\xffe8\xffff\x686c\1\x41a8\2#\0\x8fd8$\x273c\x71a2\xffd8\xffffSecurity Center\0\0\0\xffe0\xffff\x92f8!\xa7a8!\x9528!\xa3c0!\xa5f0!\xa870!\xa898!\xffd8\xffff\x6b76\v8\0\xa650!\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0\xfff0\xffff\xc000\x76d8\x8a36\x1c4\x9468n\xffe0\xffff2&daba3ff&0\0\x3731\x305f\xffd8\xffff\x6b76\17\36\0\x95b0!\a\0\1n\x6544\x6570\x646e\x6e4f\x6553\x7672\x6369\xd665\xffd8\xffff\x6b76\n.\0\xd358"\a\0\1e\x6148\x6472\x6177\x6572\x4449pnp\b\0\x5050<\xfff0\xffff\xd278$\xd2a8$\0\0\xffe0\xffffLocalSystem\0\0\0\xffd8\xffff\x6b76\f\xda\0\xcfe8S\1\0\1\0\x7953\x626d\x6c6f\x6369\x694c\x6b6e\0\0\xffe0\xffff\x6b76\6\xb12\0\x8c20w\3\0\1\t\x6f43\x666e\x6769\t\xffe0\xffff\x6b76\3\24\0\xe240\31\1\0\1\b\x664dg\x70b8\b\xffd8\xffff\x6b76\t\x96\0\x46a0H\1\0\1!\x3031\x3432\x3a33\x4354\xaf50!\xaa60!\b\0\x6369e\xffe8\xffff7-1-2001\0\0\xfff0\xffff\x2b30#\x9f90#\0\0\b\0\x7298!\x6268\x6e69\xb000!\x1000\0\0\0\0\0\0\0\0\0\0\0\xffd0\xffff\x6b76\23\4\x8000\x4038\x86ff\3\0\1p\x766e\x6544\x7562\x4467\x7665\x6369\x4865\x6e61\x6c64e\x4c58l\xfff0\xffff\x686c\1\xeef8!\x5897\x2703\xffb0\xffff\x6b765\4\x8000\x11a8\0\3\0\1k\x6d5f\x686f\x625f\x6572\x6b61\x6874\x6f72\x6775\x5f68\x6564\x6f6d\x652e\x6578\x4f3a\x6c67\x455f\x7478\x6e65\x6973\x6e6f\x7453\x6972\x676e\x6556\x7372\x6f69\x6d6en\xffc8\xffff\x6b76\36\4\x8000\2\0\3\0\1n\x6d5f\x686f\x6161\x6564\x6f6d\x652e\x6578\x443a\x4433\x474f\x5f4c\x3736\x3032\x3537\x3635n\xfff0\xffff\x6590e\xf020h\x9a80Y\xffa8\xffffHID\Vid_046d&Pid_c01d\6&1c347ef5&0&0000\0\xcdcd\xcdcd\xfff0\xffff-21\0\0U\xffd8\xffff\x6b76\f\xdc\0\xd4e0S\1\0\1i\x7953\x626d\x6c6f\x6369\x694c\x6b6e\x2140&\xffd8\xffff\x6b76\f\xe0\0\xd5c0S\1\0\1\x3537\x7953\x626d\x6c6f\x6369\x694c\x6b6e\x6c67\x545f\xfff8\xffff\xb188!\xffc0\xffff\x6b76"\4\x8000\2\0\3\0\1n\x6d5f\x686f\x735f\x6570\x7261\x6568\x6461\x652e\x6578\x443a\x4433\x474f\x5f4c\x3736\x3032\x3537\x3635n\xa5b8n\xffb8\xffff\x6b76,\4\x8000\2\0\3\0\1k\x6d5f\x686f\x735f\x6570\x7261\x6568\x6461\x645f\x6d65\x2e6f\x7865\x3a65\x674f\x5f6c\x6554\x4378\x616c\x706d\x6542\x6168\x6976\x726f\x6b68n\xffe0\xffff\x6b76\5\16\0\xbb80K\1\0\1n\x6c43\x7361sc\xfff0\xffff\xd350$\xd380$Ro\xffd8\xffff\x6b76\17\4\x8000\1\x1000\3\0\1e\x3344\x4f44\x4c47\x375f\x3034\x3539\x31323\xffe8\xffffMicrosoft\0\xfff0\xffff\x686c\1\xecf0!\xe2d0\xe465\xfff8\xffff\xe7e8!\xffe8\xffff\x686c\2\x4340\2\x114\xb224\x41c8\26\x34a\x79d0\xffd8\xffff\x6b76\17\4\x8000\0\0\3\0\0011\x3344\x4f44\x4c47\x305f\x3333\x3538\x33351\xffe8\xffffDivX.dll\0\r\xfff8\xffff\xb720!\xfe18\xffffEnables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.\0\0\xffd8\xffff\x6b76\n4\0\x2928"\1\0\1 \x624f\x656a\x7463\x614e\x656d\0\x6b76\5\xffc8\xffff\x6b76\e$\0\x90d0!\3\0\0010\x6148\x6472\x6177\x6572\x6e49\x6f66\x6d72\x7461\x6f69\x2e6e\x6144\x5463\x7079e,+\xfff0\xffffTDI\0\x1ef8\r\xffe8\xffff\x6b76\0 \0\xd060!\1\0\0\xffff\xffe8\xffff\x6b76\0 \0\xe270!\1\0\0 \xffd8\xffffWmiOpenPerfData\0\0\0\xffe0\xffff\x6b76\a&\0\xb5f8!\1\0\1\0\x6f43\x6c6c\x6365t\xffd0\xffffWmiCollectPerfData\0\0\0\0\xffc8\xffff\x6b76\36\4\x8000\0\x1000\3\0\1k\x6148\x6472\x6177\x6572\x6e49\x6f66\x6d72\x7461\x6f69\x2e6e\x654d\x6f6d\x7972\x6953\x657an\xffe0\xffff\x6b76\6\4\x8000\1\0\4\0\1\0\x654c\x6167\x7963\0\xfff0\xffff\x686c\1\xe1d8!\xe2d0\xe465\xffe0\xffff\x6b76\aL\0\xd238!\1\0\1\0\x694c\x7262\x7261y\xffd8\xffffAC97 Front Out\0\Jo\xffe0\xffffAC97 Rear Out\0\xffe0\xffffAudio Scaler\0\0\xfff8\xffff\xe1c0!\xffd8\xffff\x6b76\nB\0\x9f78"\2\0\1\b\x6553\x7672\x6369\x4465\x6c6c\b\xf770\16\xffd0\xffff\x6b76\27\4\x8000\2\0\3\0\1\x6c65\x6d5f\x686f\x6170\x652e\x6578\x443a\x4433\x355f\x3833\x3339\x36310\xffd8\xffff\x6b76\t6\0\xb7a0!\2\0\1d\x6d49\x6761\x5065\x7461h\0\x7cf8=\xffc0\xffffsystem32\drivers\MSPQM.sys\0005D-\xfff8\xffff\xb580!\xfff0\xffff\x6420#\x6448#\x6de0#\xfd88\xffffProvides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.\0\0\xffd8\xffff\x6b76\f\4\x8000\1\0\3\0\1:\x3344\x5f44\x3439\x3131\x3638\x3633WS\xffe8\xffff7-1-2001\0\0\xffd8\xffff\x6b76\t>\0\x28e0"\2\0\18\x6d49\x6761\x5065\x7461h\0we\xfff0\xffff\x8000\xc562\x1c0\x1c1\0\0\xff88\xffff\x6b6e \xc6e6\x9291\x3e01\x1c5\0\0\x4808D\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xbb60!\xc990\36\xffff\xffff\0\0\0\0\0\0 \0\e\0&\0\x307b\x4431\x4130\x4244\x2d34\x4644\x3033\x342d\x4342\x2d45\x3738\x3233\x392d\x3636\x3636\x3642\x3334\x3538\x7d36\0\xfff8\xffff\xb598!\xffe0\xffff\x6b76\b\xa8\0\xcec0!\3\0\1y\x6553\x7563\x6972\x7974\xffd0\xffff\x6b76\27\4\x8000\1\0\3\0\1n\x455f\x2e54\x7865\x3a65\x3344\x4f44\x4c47\x365f\x3237\x3730\x35356\xffa8\xffff\x6b6e \x15ea\x9938\x3e01\x1c5\0\0\x1f38?\1\0\0\0\xbd88!\xffff\xffff\5\0\x90\35\x218\0\xffff\xffff\20\0\0\0\30\0<\0z\0\b\0\x6168\x3170\x7637\x6b32\xffa8\xffff\x6b6e \x3e6e\x459a\x381a\x1c5\0\0\x6790\0\0\0\0\0\xffff\xffff\xffff\xffff\t\0\xd320G\x218\0\xffff\xffff"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 14291
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF 507 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Johnny\Desktop\80sClassics.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\Johnny\Desktop\j\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Johnny\Desktop\K\100HPIMG\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Johnny\Favorites\Microsoft Download Center.url:favicon 3638 bytes
C:\Documents and Settings\Johnny\My Documents\My Pictures\j\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Johnny\My Documents\My Pictures\Picture\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Johnny\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Johnny\My Documents\MySpaceIM Pics\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 523

< End of report >


#4 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:03:13 PM

Posted 29 February 2008 - 03:55 PM

Hi,

Sorry for delay. Thanks for the log.

The warnings from your AVG were occuring when you were working with WinPFind35u? If so ---
That detection by your antivirus is most likely false positive -- most of the AV companies for whatever reason do not like catchme.exe (which is a rootkit detector/killer)
Because of how it must work to do its job --- most AV don't like it.

Log looks like there is just some leftover stuff from previously uninstalled programs and a couple leftover services from FeireDaemon -- looking how they are named -- it appears you did have at one time or another a backdoor.

Disconnect from internet and disable AVG.
We need to do this so catchme can remove the leftover ADS (alternate data streams) left over from Kaspersky.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
NY -> (ecure) FireDaemon Service: ecure [Win32_Own | Auto | Stopped] -> 
NY -> (svchost1) FireDaemon Service: svchost1 [Win32_Own | Auto | Stopped] -> 
[Driver Services - Non-Microsoft Only]
NY -> (GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> D:\INSTALL\GMSIPCI.SYS
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> CyberLat Ram Cleaner -> %ProgramFiles%\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1,1.exe
YN -> KAVPersonal50 -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 33 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN ->   .[msn] -> My Computer
YN -> free_aol.com [http] -> Trusted sites
YN -> 34 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Modified Within 30 days]
NY -> @Alternate Data Stream - 228 bytes -> %SystemRoot%\System32\wpa.dbl:KAVICHS
NY -> @Alternate Data Stream - 228 bytes -> %SystemRoot%\NeroDigital.ini:KAVICHS
NY -> @Alternate Data Stream - 228 bytes -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat:KAVICHS
NY -> @Alternate Data Stream - 228 bytes -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat:KAVICHS
NY -> _Setup.dll -> C:\Documents and Settings\Johnny\Local Settings\Temp\{41D4FEBC-B96B-454C-9406-268D45E8ABEE}\_Setup.dll
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 507 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
NY -> @Alternate Data Stream - 228 bytes -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

Don't forget to turn AVG back on!

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users