Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Red Cross/delete Icon Instead Of C Drive Icon


  • Please log in to reply
30 replies to this topic

#1 3lpete

3lpete

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 22 February 2008 - 04:45 AM

I got infected with some malware. I'm not sure which one it was. I had popup ads coming up on my computer all the time, and error messages with bad grammar on them.

I installed Mc Afee, Ad Aware, Spybot search and Destroy, vundo remover and run them all. I also ran Mc Afee Stinger as suggested on here. Each of them removed some malware.

I still have a Red x (like a delete icon) instead of the hard drive icon when I look at my hard drive in My Computer. Also if I disconnect the internet from my PC I get IE "Work Offline - No connection to the internet is currently available" messages come up, even though I don't use IE!!! Sygate firewall is reporting that windows explorer is trying to connect to the internet as well, I don't know if that's part of it or what.

Can someone decipher my HijackThis log and/or help me out? Cheers!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:03 PM, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\Mark!\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Mark!\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.135.158.128:80
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mark!\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Mark!\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8493 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:15 AM

Posted 01 March 2008 - 12:20 PM

Hello 3lpete and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It's clean. Let's try a different scanner and see what we can see.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 3lpete

3lpete
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 01 March 2008 - 02:40 PM

WinPFind35 logfile created on: 01/03/2008 6:05:57 PM

WinPFind35U Version 1.0.3.0	 Folder = C:\Documents and Settings\Mark!\Desktop\WinPFind35u

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

255.48 Mb Total Physical Memory | 137.38 Mb Available Physical Memory | 53.77% Memory free

506.33 Mb Paging File | 189.79 Mb Available in Paging File | 37.48% Paging File free

Paging file location(s): C:\pagefile.sys 256 2048;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.78 Gb Total Space | 33.31 Gb Free Space | 29.80% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 38.15 Gb Total Space | 12.38 Gb Free Space | 32.46% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: MARKSPC

Current User Name: Mark!

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

smc.exe -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 7:40:56 PM | Attr =	]

ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 17/02/2008 10:23:58 PM | Attr =	]

appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 17/02/2008 10:05:03 PM | Attr =	]

aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 1:27:08 PM | Attr =	]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 15/01/2008 2:40:04 AM | Attr =	]

aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 17/02/2008 10:10:14 PM | Attr =	]

wlservice.exe -> %ProgramFiles%\Belkin\Belkin Wireless Network Utility\WLService.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 29/03/2004 4:08:16 PM | Attr =	]

wlancfgg.exe -> %ProgramFiles%\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe ->  [Ver = 1, 0, 7, 4 | Size = 827392 bytes | Modified Date = 13/06/2005 3:45:54 PM | Attr =	]

kservice.exe -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 23/04/2007 11:22:14 AM | Attr =	]

soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.18 | Size = 47104 bytes | Modified Date = 10/02/2003 7:59:48 AM | Attr = R  ]

incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Copyright (C) ahead software gmbh and its licensors [Ver = 3.33.0 | Size = 1048576 bytes | Modified Date = 10/07/2002 9:32:58 AM | Attr =	]

pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 31/10/2003 6:42:40 PM | Attr =	]

ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe ->  [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 07/01/2006 1:36:10 AM | Attr =	]

khost.exe -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 23/04/2007 11:23:14 AM | Attr =	]

ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 15/01/2008 3:22:56 AM | Attr =	]

ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 84640 bytes | Modified Date = 17/02/2008 9:43:39 PM | Attr =	]

googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe -> Google Inc. [Ver = 1.0.0.0 | Size = 21488 bytes | Modified Date = 15/02/2008 7:53:09 AM | Attr =	]

lgsyncmanager.exe -> %ProgramFiles%\LG PC Suite\LG PC Sync\LGSyncManager.exe -> LG Electronics Inc. [Ver = 1, 0, 2, 0 | Size = 225280 bytes | Modified Date = 16/07/2004 2:32:56 PM | Attr =	]

utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 04/02/2008 11:07:26 PM | Attr =	]

youtubeuploader.exe -> %UserProfile%\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe -> YouTube, LLC [Ver = 1.0.24.0 | Size = 71152 bytes | Modified Date = 09/11/2007 1:33:08 PM | Attr =	]

ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 3:22:44 AM | Attr =	]

symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1251720 bytes | Modified Date = 19/02/2008 8:49:17 AM | Attr =	]

winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.0 | Size = 310784 bytes | Modified Date = 01/03/2008 1:06:42 AM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 1:27:08 PM | Attr =	]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 15/01/2008 2:40:04 AM | Attr =	]

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 17/02/2008 10:10:14 PM | Attr =	]

(Belkin Wireless USB Network Adapter Service) Belkin Wireless USB Network Adapter [Win32_Own | Auto | Running] -> %ProgramFiles%\Belkin\Belkin Wireless Network Utility\WLService.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 29/03/2004 4:08:16 PM | Attr =	]

(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 17/02/2008 10:23:58 PM | Attr =	]

(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 17/02/2008 10:23:58 PM | Attr =	]

(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 17/02/2008 10:23:58 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 7:56:48 AM | Attr =	]

(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 3:22:44 AM | Attr =	]

(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\isPwdSvc.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 79496 bytes | Modified Date = 17/02/2008 10:28:42 PM | Attr =	]

(KService) KService [Win32_Own | Auto | Running] -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 23/04/2007 11:22:14 AM | Attr =	]

(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 17/02/2008 10:10:14 PM | Attr =	]

(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 17/02/2008 10:23:58 PM | Attr =	]

(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 29/01/2008 5:38:31 PM | Attr =	]

(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe ->  [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 27/07/2004 6:07:08 PM | Attr =	]

(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 24/11/2005 4:03:22 PM | Attr =	]

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 09/03/2006 2:29:00 PM | Attr =	]

(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 24/11/2005 3:57:44 PM | Attr =	]

(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 7:40:56 PM | Attr =	]

(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 24/11/2005 3:47:30 PM | Attr =	]

(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.4.01.13062 | Size = 69632 bytes | Modified Date = 06/01/2006 9:25:12 PM | Attr =	]

(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1251720 bytes | Modified Date = 19/02/2008 8:49:17 AM | Attr =	]

(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 17/02/2008 10:05:03 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found

(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 19/01/2008 6:02:26 PM | Attr =	]

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found

(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5080 | Size = 696284 bytes | Modified Date = 11/02/2003 7:34:52 AM | Attr = R  ]

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 10/09/1999 11:06:00 AM | Attr = R  ]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Modified Date = 04/08/2004 5:29:26 AM | Attr =	]

(BsStor) InCD Storage Helper Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\bsstor.sys -> B.H.A Co.,Ltd. [Ver = 1.0.7 | Size = 9344 bytes | Modified Date = 05/06/2002 11:07:00 PM | Attr =	]

(BsUDF) InCD UDF Driver [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\bsudf.sys -> ahead software [Ver = 3.33.0 | Size = 434944 bytes | Modified Date = 10/07/2002 9:35:14 AM | Attr =	]

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(cel90xbe) cel90xbe [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Mark!\LOCALS~1\Temp\cel90xbe.sys -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04/08/2004 6:07:17 AM | Attr =	]

(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04/08/2004 6:07:16 AM | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 29/08/2002 8:00:00 PM | Attr =	]

(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found

(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 13/02/2008 3:37:46 PM | Attr =	]

(ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyCDFL.sys -> Elaborate Bytes [Ver = 4, 0, 0, 0 | Size = 4480 bytes | Modified Date = 09/04/2002 3:00:10 PM | Attr =	]

(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 4, 0, 0, 0 | Size = 13300 bytes | Modified Date = 04/04/2002 8:40:29 AM | Attr =	]

(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 13/02/2008 3:37:46 PM | Attr =	]

(FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc.			   [Ver = 2.66 | Size = 27165 bytes | Modified Date = 17/08/2001 11:13:08 AM | Attr =	]

(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 2:44:04 PM | Attr =	]

(GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> D:\INSTALL\GMSIPCI.SYS -> File not found

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(IFPUSB) iRiver Internet Audio Player IFP-100 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ifpusb.sys -> iRiver, Inc. [Ver = 1.00 | Size = 12790 bytes | Modified Date = 13/01/2003 6:24:40 AM | Attr = R  ]

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080229.003\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 82256 bytes | Modified Date = 28/02/2008 9:00:00 AM | Attr =	]

(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080229.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 895376 bytes | Modified Date = 28/02/2008 9:00:00 AM | Attr =	]

(NETGEAR_MA111) NETGEAR 802.11b MA111 Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MA111nd5.sys -> NETGEAR, Inc. [Ver = 3.00.08 | Size = 644608 bytes | Modified Date = 29/08/2003 7:39:08 AM | Attr =	]

(NTACCESS) NTACCESS [Kernel | On_Demand | Stopped] -> D:\NTACCESS.sys -> File not found

(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 2826944 bytes | Modified Date = 29/10/2004 4:50:00 PM | Attr =	]

(PCANDIS5) PCANDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCANDIS5.SYS -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.00.13.50 | Size = 16292 bytes | Modified Date = 29/08/2003 7:39:06 AM | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PCIIde) PCIIde [Kernel | Disabled | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRJNDL) PDRJNDL [Kernel | Auto | Running] -> %ProgramFiles%\Dekart\Private Disk Light\pdrjndl.sys ->  [Ver =  | Size = 16512 bytes | Modified Date = 26/09/2002 4:26:08 PM | Attr =	]

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 200 | Size = 14604 bytes | Modified Date = 11/08/2003 10:07:46 AM | Attr =	]

(PRVDISK) PRVDISK [Kernel | Auto | Running] -> %ProgramFiles%\Dekart\Private Disk Light\prvdisk.sys -> Dekart   [Ver = 1.0B | Size = 14080 bytes | Modified Date = 07/11/2002 12:25:22 PM | Attr =	]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 29/08/2002 8:00:00 PM | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 25/04/2005 9:03:00 AM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(RT73) Belkin USB Network Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.00.0000 | Size = 232192 bytes | Modified Date = 02/08/2005 11:00:36 PM | Attr =	]

(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 AM | Attr =	]

(SetupNTGLM7X) SetupNTGLM7X [Kernel | On_Demand | Stopped] -> D:\NTGLM7X.sys -> File not found

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 17/08/2001 12:56:16 PM | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.0.0.107 | Size = 406672 bytes | Modified Date = 17/02/2008 10:12:23 PM | Attr =	]

(SRTSP) SRTSP [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 30/11/2007 11:57:12 PM | Attr =	]

(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 30/11/2007 11:57:12 PM | Attr =	]

(SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 30/11/2007 11:57:12 PM | Attr =	]

(STEC3) STEC3 [Kernel | Auto | Running] -> %SystemRoot%\system32\STEC3.sys -> AntiCracking [Ver = 4.00 | Size = 2368 bytes | Modified Date = 26/04/2005 5:00:13 PM | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found

(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found

(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 12848 bytes | Modified Date = 30/10/2007 7:55:14 PM | Attr =	]

(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 19/02/2008 8:58:45 AM | Attr =	]

(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 145968 bytes | Modified Date = 30/10/2007 7:55:20 PM | Attr =	]

(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 39856 bytes | Modified Date = 30/10/2007 7:55:28 PM | Attr =	]

(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20080227.001\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 14/02/2008 3:13:52 AM | Attr =	]

(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 35120 bytes | Modified Date = 30/10/2007 7:55:24 PM | Attr =	]

(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 27696 bytes | Modified Date = 30/10/2007 7:55:34 PM | Attr =	]

(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 191536 bytes | Modified Date = 30/10/2007 7:55:38 PM | Attr =	]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found

(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 15/10/2004 6:17:02 PM | Attr =	]

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(U81xbus) LGE U8XXX driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xbus.sys -> MCCI [Ver = V4.20 | Size = 52352 bytes | Modified Date = 16/07/2004 1:29:00 PM | Attr = R  ]

(U81xmdfl) LGE U8XXX USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xmdfl.sys -> MCCI [Ver = V4.20 | Size = 6064 bytes | Modified Date = 16/07/2004 1:29:00 PM | Attr = R  ]

(U81xmdm) LGE U8XXX USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xmdm.sys -> MCCI [Ver = V4.20 | Size = 84480 bytes | Modified Date = 16/07/2004 1:29:00 PM | Attr = R  ]

(U81xmgmt) LGE U8XXX USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xmgmt.sys -> MCCI [Ver = V4.20 | Size = 77472 bytes | Modified Date = 16/07/2004 1:29:00 PM | Attr = R  ]

(U81xobex) LGE U8XXX USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xobex.sys -> MCCI [Ver = V4.20 | Size = 75456 bytes | Modified Date = 16/07/2004 1:29:00 PM | Attr = R  ]

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(usbcm) USB Cable Modem 351000 NDIS Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbcm.sys -> Microsystems Corp [Ver = 1.10.35.1000 | Size = 13335 bytes | Modified Date = 11/04/2002 8:21:38 PM | Attr = R  ]

(vsdatant) vsdatant [Kernel | Disabled | Stopped] ->  -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 6:32:38 PM | Attr =	]

(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 6:32:40 PM | Attr =	]

(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 6:32:42 PM | Attr =	]

(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 6:32:44 PM | Attr =	]

(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 15/10/2004 6:18:46 PM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

4oD -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 23/04/2007 11:23:14 AM | Attr =	]

ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 84640 bytes | Modified Date = 17/02/2008 9:43:39 PM | Attr =	]

CloneCDElbyCDFL -> %ProgramFiles%\Elaborate Bytes\CloneCD\ElbyCheck.exe -> Elaborate Bytes [Ver = 2, 0, 0, 1 | Size = 45056 bytes | Modified Date = 06/12/2001 12:09:08 PM | Attr =	]

InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Copyright (C) ahead software gmbh and its licensors [Ver = 3.33.0 | Size = 1048576 bytes | Modified Date = 10/07/2002 9:32:58 AM | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 15/01/2008 3:22:56 AM | Attr =	]

NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 10:50:42 AM | Attr =	]

NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 09/03/2006 2:29:00 PM | Attr =	]

NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 86016 bytes | Modified Date = 09/03/2006 2:29:00 PM | Attr =	]

nwiz -> %SystemRoot%\system32\nwiz.exe ->  [Ver =  | Size = 1519616 bytes | Modified Date = 09/03/2006 2:29:00 PM | Attr =	]

osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Modified Date = 17/02/2008 9:58:42 PM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 10/01/2008 3:27:36 PM | Attr =	]

RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 31/10/2003 6:42:40 PM | Attr =	]

SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 7:40:56 PM | Attr =	]

SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.18 | Size = 47104 bytes | Modified Date = 10/02/2003 7:59:48 AM | Attr = R  ]

SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe ->  [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 07/01/2006 1:36:10 AM | Attr =	]

Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 29/01/2008 5:38:31 PM | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Google Update -> %UserProfile%\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe -> Google Inc. [Ver = 1.0.0.0 | Size = 21488 bytes | Modified Date = 15/02/2008 7:53:09 AM | Attr =	]

kdx -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 23/04/2007 11:23:14 AM | Attr =	]

SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 AM | Attr = RHS]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 04/11/1999 2:06:48 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 4:44:06 AM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\LG SyncManager.lnk -> %ProgramFiles%\LG PC Suite\LG PC Sync\LGSyncManager.exe -> LG Electronics Inc. [Ver = 1, 0, 2, 0 | Size = 225280 bytes | Modified Date = 16/07/2004 2:32:56 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\µTorrent.lnk -> %ProgramFiles%\uTorrent\uTorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 04/02/2008 11:07:26 PM | Attr =	]

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{93994DE8-8239-4655-B1D1-5F4E91300429} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\DVD Region-Free\DVDShell.dll [] -> Fengtao Software [Ver = 3, 2, 5, 8 | Size = 49152 bytes | Modified Date = 20/12/2003 9:58:02 PM | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMovingBands -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCloseDragDropBands -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetTaskbar -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarsOnTaskbar -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle -> 2 -> 

< HOSTS File > (226635 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://ie.search.msn.com -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4223 domain(s) found. -> 

33 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4318 domain(s) found. -> 

32 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14/12/2004 1:56:50 AM | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 AM | Attr =	]

{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{AF37AA57-D0FD-4598-B795-962CF4190621} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmkhe.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 317440 bytes | Modified Date = 21/02/2008 7:14:53 PM | Attr =	]

{D85530E8-D39D-49D0-9F36-300D594556D2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{E7535E8D-6A47-4A76-BCDF-133A3E6248CD} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnno.dll [Reg Error: Value  does not exist or could not be read.] -> File not found

< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{03646F67-527E-4d2a-8073-092EE87A3DD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

ShellBrowser\\{03646F67-527E-4D2A-8073-092EE87A3DD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{03646F67-527E-4D2A-8073-092EE87A3DD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 AM | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 AM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{200D4FD9-2766-41D7-A7DB-24B3A227AF59} ->	(USB Cable Modem 351000) -> 

{20376C9C-9DDD-4719-8529-33EDE840C815} ->	(Belkin 54g Wireless USB Network Adapter) -> 

{5ED4B9AD-6CEE-4CA1-A725-73E86320025A} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 

{992779B0-802B-43AC-953C-52D7ABFF0A57} ->	(VIA Compatable Fast Ethernet Adapter) -> 

{D1E641C4-6BBC-4656-9290-B963FAFA0025} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{00000075-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/voxacm.CAB[Reg Error: Key does not exist or could not be opened.] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 7:56:43 AM | Attr =	]

C:\WINDOWS\system32\pmkhe.dll -> %SystemRoot%\system32\pmkhe.dll ->  [Ver =  | Size = 317440 bytes | Modified Date = 21/02/2008 7:14:53 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 5:49:30 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 7:56:43 AM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 2:21:15 PM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04/08/2004 7:56:46 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 688 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 7:56:44 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\AUOptions -> 3 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 7:56:44 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 7:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 12186 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 7:56:42 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 7:56:56 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 11:54:56 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 3:10:02 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 7:56:56 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\btdownloadgui.exe -> C:\Program Files\BitTorrent\btdownloadgui.exe [C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa Lite K++\KazaaLite.kpp -> C:\Program Files\Kazaa Lite K++\KazaaLite.kpp [C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rtcshare.exe -> C:\WINDOWS\system32\rtcshare.exe [C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 04/08/2004 7:56:55 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetMeeting\conf.exe -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®] -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 1032192 bytes | Modified Date = 04/08/2004 7:56:48 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DC++\DCPlusPlus.exe -> C:\Program Files\DC++\DCPlusPlus.exe [C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.12.1053 | Size = 204845 bytes | Modified Date = 28/02/2005 5:41:48 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\QuickTime\QuickTimePlayer.exe -> C:\Program Files\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player] -> Apple Inc. [Ver = 7.4 | Size = 7529776 bytes | Modified Date = 10/01/2008 3:28:04 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SEGA\The Typing of The Dead\Tod_e.exe -> C:\Program Files\SEGA\The Typing of The Dead\Tod_e.exe [C:\Program Files\SEGA\The Typing of The Dead\Tod_e.exe:*:Enabled:Tod_e] ->  [Ver =  | Size = 2048000 bytes | Modified Date = 23/11/2000 12:42:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dplaysvr.exe -> C:\WINDOWS\system32\dplaysvr.exe [C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30208 bytes | Modified Date = 04/08/2004 7:56:48 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 04/08/2004 7:56:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe -> C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe [C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd] -> Pocket Soft, Inc. [Ver = 6.50 | Size = 417792 bytes | Modified Date = 27/02/2002 6:50:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 11/02/2008 7:47:08 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IntelliJ\bin\idea.exe -> C:\Program Files\IntelliJ\bin\idea.exe [C:\Program Files\IntelliJ\bin\idea.exe:*:Enabled:LaunchAnywhere GUI] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SpecTcl1.1\bin\wish80.exe -> C:\Program Files\SpecTcl1.1\bin\wish80.exe [C:\Program Files\SpecTcl1.1\bin\wish80.exe:*:Enabled:Wish Application] -> Sun Microsystems, Inc. [Ver = 8.0 | Size = 12288 bytes | Modified Date = 18/09/1997 2:55:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ASP.NET Web Matrix\v0.6.812\WebServer.exe -> C:\Program Files\Microsoft ASP.NET Web Matrix\v0.6.812\WebServer.exe [C:\Program Files\Microsoft ASP.NET Web Matrix\v0.6.812\WebServer.exe:*:Enabled:WebServer] -> Microsoft Corporation [Ver = 0.6.812.0 | Size = 53248 bytes | Modified Date = 29/05/2003 11:00:32 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WSFTP\ws_ftp95.exe -> C:\Program Files\WSFTP\ws_ftp95.exe [C:\Program Files\WSFTP\ws_ftp95.exe:*:Enabled:WS_FTP 95] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 11:54:56 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 3:10:02 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 04/02/2008 11:07:26 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kontiki\KService.exe -> C:\Program Files\Kontiki\KService.exe [C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service] -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 23/04/2007 11:22:14 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 15/01/2008 3:22:48 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetIRC\NetIRC.exe -> C:\Program Files\NetIRC\NetIRC.exe [C:\Program Files\NetIRC\NetIRC.exe:*:Enabled:NetIRC Client By Plucky Ali] -> Plucky Ali [Ver = 1.06.0002 | Size = 630784 bytes | Modified Date = 03/02/2008 7:52:06 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll [139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll [445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll [137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll [138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{992779B0-802B-43AC-953C-52D7ABFF0A57} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{D1E641C4-6BBC-4656-9290-B963FAFA0025} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{200D4FD9-2766-41D7-A7DB-24B3A227AF59} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 7:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 7:56:46 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

Temp -> %SystemDrive%\Temp ->  [Folder | Created Date = 17/02/2008 1:42:59 PM | Attr =	]

2001 C:\*.tmp files -> C:\*.tmp -> 

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 20/02/2008 7:45:45 PM | Attr =	]

SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT ->  [Ver =  | Size = 10740 bytes | Modified Date = 19/02/2008 8:58:45 AM | Attr =	]

SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF ->  [Ver =  | Size = 805 bytes | Modified Date = 19/02/2008 8:58:45 AM | Attr =	]

SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 19/02/2008 8:58:45 AM | Attr =	]

Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 15/10/2004 6:17:02 PM | Attr =	]

wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 6:32:38 PM | Attr =	]

wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 6:32:40 PM | Attr =	]

wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 6:32:42 PM | Attr =	]

wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 6:32:44 PM | Attr =	]

wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 15/10/2004 6:18:46 PM | Attr =	]

coh.cache -> %SystemRoot%\System32\coh.cache ->  [Ver =  | Size = 16 bytes | Modified Date = 18/02/2008 9:18:00 PM | Attr =	]

ehkmp.ini -> %SystemRoot%\System32\ehkmp.ini ->  [Ver =  | Size = 1147 bytes | Modified Date = 01/03/2008 6:06:36 PM | Attr =  HS]

ehkmp.ini2 -> %SystemRoot%\System32\ehkmp.ini2 ->  [Ver =  | Size = 1147 bytes | Modified Date = 01/03/2008 6:03:38 PM | Attr =  HS]

ez2 -> %SystemRoot%\System32\ez2 ->  [Folder | Created Date = 17/02/2008 1:43:47 PM | Attr =	]

2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

kfjcfvuv.ini -> %SystemRoot%\System32\kfjcfvuv.ini ->  [Ver =  | Size = 1248707 bytes | Modified Date = 20/02/2008 7:59:58 AM | Attr =  HS]

nGpxx01 -> %SystemRoot%\System32\nGpxx01 ->  [Folder | Created Date = 17/02/2008 1:42:59 PM | Attr =	]

pmkhe.dll -> %SystemRoot%\System32\pmkhe.dll ->  [Ver =  | Size = 317440 bytes | Modified Date = 21/02/2008 7:14:53 PM | Attr =	]

pu1 -> %SystemRoot%\System32\pu1 ->  [Folder | Created Date = 17/02/2008 1:43:47 PM | Attr =	]

S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 19/02/2008 8:58:45 AM | Attr =	]

SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Modified Date = 15/10/2004 6:32:10 PM | Attr =	]

vuvfcjfk.dll -> %SystemRoot%\System32\vuvfcjfk.dll ->  [Ver =  | Size = 87616 bytes | Modified Date = 18/02/2008 7:58:14 AM | Attr =	]

ZoneAlarmIconUK.ico -> %SystemRoot%\System32\ZoneAlarmIconUK.ico ->  [Ver =  | Size = 9662 bytes | Modified Date = 17/02/2008 1:54:41 PM | Attr =	]

zx8 -> %SystemRoot%\System32\zx8 ->  [Folder | Created Date = 17/02/2008 1:43:47 PM | Attr =	]

Norton AntiVirus - Run Full System Scan - Mark!.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Mark!.job ->  [Ver =  | Size = 530 bytes | Modified Date = 18/02/2008 9:10:14 PM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 17/02/2008 3:26:29 PM | Attr =	]

Rabio -> %AllUsersProfile%\Application Data\Rabio ->  [Folder | Created Date = 17/02/2008 1:46:37 PM | Attr =	]

Symantec -> %UserProfile%\My Documents\Symantec ->  [Folder | Created Date = 18/02/2008 9:08:50 PM | Attr =	]

2000 C:\Documents and Settings\Mark!\My Documents\*.tmp files -> C:\Documents and Settings\Mark!\My Documents\*.tmp -> 

Norton AntiVirus.lnk -> %AllUsersProfile%\Desktop\Norton AntiVirus.lnk ->  [Ver =  | Size = 1898 bytes | Modified Date = 18/02/2008 8:48:25 PM | Attr =	]

ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 01/03/2008 5:45:24 PM | Attr =	]

averttools.aspx -> %UserProfile%\Desktop\averttools.aspx ->  [Ver =  | Size = 19758 bytes | Modified Date = 20/02/2008 10:14:58 PM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 20/02/2008 9:43:11 PM | Attr =	]

HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 20/02/2008 7:50:46 PM | Attr =	]

McafeeRootkitDetective.zip -> %UserProfile%\Desktop\McafeeRootkitDetective.zip ->  [Ver =  | Size = 1721043 bytes | Modified Date = 20/02/2008 10:21:14 PM | Attr =	]

Mozilla Firefox.lnk -> %UserProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1614 bytes | Modified Date = 20/02/2008 8:37:58 PM | Attr =	]

spf.msi -> %UserProfile%\Desktop\spf.msi ->  [Ver =  | Size = 5659648 bytes | Modified Date = 21/02/2008 6:52:58 PM | Attr =	]

spybotsd152.exe -> %UserProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 20/02/2008 7:53:44 PM | Attr =	]

stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 20/02/2008 10:20:44 PM | Attr =	]

stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 22 bytes | Modified Date = 21/02/2008 6:11:49 PM | Attr =	]

topic34773.html -> %UserProfile%\Desktop\topic34773.html ->  [Ver =  | Size = 54675 bytes | Modified Date = 20/02/2008 10:31:27 PM | Attr =	]

topic34773_files -> %UserProfile%\Desktop\topic34773_files ->  [Folder | Created Date = 20/02/2008 10:31:17 PM | Attr =	]

VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 6.07.0008 | Size = 132608 bytes | Modified Date = 20/02/2008 7:45:22 PM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 01/03/2008 5:50:40 PM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482000 bytes | Modified Date = 01/03/2008 5:48:18 PM | Attr =	]

zaSetup_en.exe -> %UserProfile%\Desktop\zaSetup_en.exe -> Check Point Software Technologies LTD [Ver = 7.1.100.000 | Size = 210416 bytes | Modified Date = 21/02/2008 6:16:05 PM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 17/02/2008 3:20:40 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 267964416 bytes | Modified Date = 01/03/2008 11:54:11 AM | Attr =  HS]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 21/02/2008 7:14:20 PM | Attr =	]

2001 C:\*.tmp files -> C:\*.tmp -> 

Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 17/02/2008 1:43:54 PM | Attr =	]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 20/02/2008 10:25:16 PM | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 21/02/2008 7:16:14 PM | Attr =	]

etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 20/02/2008 8:57:51 PM | Attr =	]

hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 226635 bytes | Modified Date = 20/02/2008 8:57:51 PM | Attr = R  ]

SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT ->  [Ver =  | Size = 10740 bytes | Modified Date = 19/02/2008 8:58:45 AM | Attr =	]

SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF ->  [Ver =  | Size = 805 bytes | Modified Date = 19/02/2008 8:58:45 AM | Attr =	]

SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 19/02/2008 8:58:45 AM | Attr =	]

CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 13/02/2008 7:36:20 AM | Attr =	]

2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 29/02/2008 7:36:46 PM | Attr =	]

coh.cache -> %SystemRoot%\System32\coh.cache ->  [Ver =  | Size = 16 bytes | Modified Date = 18/02/2008 9:18:00 PM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 14/02/2008 7:54:47 AM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 21/02/2008 7:15:30 PM | Attr =	]

ehkmp.ini -> %SystemRoot%\System32\ehkmp.ini ->  [Ver =  | Size = 1147 bytes | Modified Date = 01/03/2008 6:06:36 PM | Attr =  HS]

ehkmp.ini2 -> %SystemRoot%\System32\ehkmp.ini2 ->  [Ver =  | Size = 1147 bytes | Modified Date = 01/03/2008 6:06:39 PM | Attr =  HS]

ez2 -> %SystemRoot%\System32\ez2 ->  [Folder | Modified Date = 17/02/2008 5:50:50 PM | Attr =	]

kfjcfvuv.ini -> %SystemRoot%\System32\kfjcfvuv.ini ->  [Ver =  | Size = 1248707 bytes | Modified Date = 20/02/2008 7:59:58 AM | Attr =  HS]

nGpxx01 -> %SystemRoot%\System32\nGpxx01 ->  [Folder | Modified Date = 19/02/2008 8:27:46 PM | Attr =	]

pmkhe.dll -> %SystemRoot%\System32\pmkhe.dll ->  [Ver =  | Size = 317440 bytes | Modified Date = 21/02/2008 7:14:53 PM | Attr =	]

pu1 -> %SystemRoot%\System32\pu1 ->  [Folder | Modified Date = 17/02/2008 1:43:47 PM | Attr =	]

S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 19/02/2008 8:58:45 AM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2422 bytes | Modified Date = 29/02/2008 7:11:51 PM | Attr =	]

ZoneAlarmIconUK.ico -> %SystemRoot%\System32\ZoneAlarmIconUK.ico ->  [Ver =  | Size = 9662 bytes | Modified Date = 17/02/2008 1:54:41 PM | Attr =	]

zx8 -> %SystemRoot%\System32\zx8 ->  [Folder | Modified Date = 17/02/2008 1:43:47 PM | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 13/02/2008 7:36:44 AM | Attr =  H ]

8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 01/03/2008 11:54:19 AM | Attr =   S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 19/02/2008 8:29:58 PM | Attr =   S]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 14/02/2008 7:54:36 AM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 19/02/2008 8:29:57 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 21/02/2008 7:16:14 PM | Attr =  HS]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 17/02/2008 4:01:30 PM | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 01/03/2008 6:05:10 PM | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 01/03/2008 11:57:01 AM | Attr =  H ]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 01/03/2008 6:06:38 PM | Attr =	]

Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 18/02/2008 9:10:14 PM | Attr =   S]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 01/03/2008 5:58:15 PM | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 20/02/2008 7:50:16 AM | Attr =	]

Norton AntiVirus - Run Full System Scan - Mark!.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Mark!.job ->  [Ver =  | Size = 530 bytes | Modified Date = 18/02/2008 9:10:14 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 01/03/2008 11:54:56 AM | Attr =  H ]

hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1310 bytes | Modified Date = 25/08/2003 11:18:51 AM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6848 bytes | Modified Date = 01/03/2008 11:59:09 AM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6848 bytes | Modified Date = 01/03/2008 11:59:14 AM | Attr =	]

data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 28/06/2003 11:57:05 PM | Attr =	]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 03/09/2004 5:17:51 PM | Attr =	]

xvthqlhu.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\xvthqlhu.exe ->  [Ver =  | Size = 42108 bytes | Modified Date = 19/02/2008 8:34:33 AM | Attr =	]

22 C:\Documents and Settings\Mark!\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark!\Local Settings\Temp\*.tmp -> 

install.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.exe -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 609472 bytes | Modified Date = 23/09/2005 7:01:16 AM | Attr =	]

KHost.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\Kontiki4oDInstall\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 23/04/2007 11:23:14 AM | Attr =	]

KService.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\Kontiki4oDInstall\KService.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 23/04/2007 11:22:14 AM | Attr =	]

install.res.1025.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1025.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 23/09/2005 6:29:48 AM | Attr =	]

install.res.1028.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1028.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 23/09/2005 6:32:24 AM | Attr =	]

install.res.1029.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1029.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 82944 bytes | Modified Date = 23/09/2005 6:34:10 AM | Attr =	]

install.res.1030.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1030.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 81920 bytes | Modified Date = 23/09/2005 6:34:12 AM | Attr =	]

install.res.1031.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1031.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 85504 bytes | Modified Date = 23/09/2005 6:34:44 AM | Attr =	]

install.res.1032.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1032.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 87552 bytes | Modified Date = 23/09/2005 6:36:24 AM | Attr =	]

install.res.1033.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1033.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 23/09/2005 3:46:14 AM | Attr =	]

install.res.1035.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1035.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 81408 bytes | Modified Date = 23/09/2005 6:38:26 AM | Attr =	]

install.res.1036.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1036.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 86016 bytes | Modified Date = 23/09/2005 6:38:52 AM | Attr =	]

install.res.1037.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1037.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 23/09/2005 6:40:30 AM | Attr =	]

install.res.1038.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1038.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 83968 bytes | Modified Date = 23/09/2005 6:40:32 AM | Attr =	]

install.res.1040.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1040.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 84480 bytes | Modified Date = 23/09/2005 6:40:56 AM | Attr =	]

install.res.1041.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1041.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 23/09/2005 6:42:58 AM | Attr =	]

install.res.1042.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1042.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 23/09/2005 6:44:58 AM | Attr =	]

install.res.1043.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1043.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 83456 bytes | Modified Date = 23/09/2005 6:46:38 AM | Attr =	]

install.res.1044.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1044.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 81920 bytes | Modified Date = 23/09/2005 6:46:38 AM | Attr =	]

install.res.1045.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1045.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 83456 bytes | Modified Date = 23/09/2005 6:46:40 AM | Attr =	]

install.res.1046.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1046.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 82432 bytes | Modified Date = 23/09/2005 6:47:04 AM | Attr =	]

install.res.1049.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1049.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 82432 bytes | Modified Date = 23/09/2005 6:47:30 AM | Attr =	]

install.res.1053.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1053.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 81920 bytes | Modified Date = 23/09/2005 6:47:32 AM | Attr =	]

install.res.1055.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1055.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 23/09/2005 6:47:32 AM | Attr =	]

install.res.2052.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.2052.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 23/09/2005 6:30:18 AM | Attr =	]

install.res.2070.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.2070.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 84480 bytes | Modified Date = 23/09/2005 6:47:06 AM | Attr =	]

install.res.3076.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.3076.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 23/09/2005 6:29:50 AM | Attr =	]

install.res.3082.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.3082.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 85504 bytes | Modified Date = 23/09/2005 6:36:48 AM | Attr =	]

mscoree.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 23/09/2005 4:30:40 AM | Attr =	]

unicows.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\unicows.dll -> Microsoft Corporation [Ver = 1.0.4018.0 | Size = 245408 bytes | Modified Date = 23/09/2005 7:57:06 AM | Attr = R  ]

Perflib_Perfdata_248.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_248.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/03/2007 11:18:41 PM | Attr =	]

Perflib_Perfdata_25c.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_25c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 18/02/2008 8:00:57 AM | Attr =	]

Perflib_Perfdata_4dc.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_4dc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 14/01/2008 7:02:36 PM | Attr =	]

Perflib_Perfdata_6e0.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_6e0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 20/02/2008 7:28:13 AM | Attr =	]

Perflib_Perfdata_8ec.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_8ec.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 19/02/2008 6:37:17 PM | Attr =	]

Perflib_Perfdata_928.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_928.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 18/02/2008 7:55:23 AM | Attr =	]

Perflib_Perfdata_a4.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_a4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 25/11/2007 11:59:28 AM | Attr =	]

Perflib_Perfdata_d18.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_d18.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 01/03/2008 11:56:38 AM | Attr =	]

SSALiveUpdate.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\SSALiveUpdate.dat ->  [Ver =  | Size = 172 bytes | Modified Date = 18/02/2008 8:44:38 PM | Attr =	]

SymSCLiveUpdate.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\SymSCLiveUpdate.dat ->  [Ver =  | Size = 316 bytes | Modified Date = 17/02/2008 9:02:26 PM | Attr =	]

22 C:\Documents and Settings\Mark!\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark!\Local Settings\Temp\*.tmp -> 

index.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Osiu\index.dat ->  [Ver =  | Size = 421 bytes | Modified Date = 17/02/2008 1:54:41 PM | Attr =	]

4 C:\Documents and Settings\Mark!\Local Settings\Temp\Osiu\*.tmp files -> C:\Documents and Settings\Mark!\Local Settings\Temp\Osiu\*.tmp -> 

Thorpe Park 2004.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Directory 1 for Thorpe Park 2004.zip\Thorpe Park 2004.dat ->  [Ver =  | Size = 3031703 bytes | Modified Date = 10/02/2005 3:47:56 PM | Attr = R  ]

install.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.ini ->  [Ver =  | Size = 4585 bytes | Modified Date = 23/09/2005 7:57:46 AM | Attr =	]

settings.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\NI.UGA6P_5555_N122M0312\settings.ini ->  [Ver =  | Size = 23 bytes | Modified Date = 17/02/2008 1:54:03 PM | Attr =	]

desktop.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 23/05/2005 3:45:27 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Internet Files\Content.IE5\41EZSXIV\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 23/05/2005 3:45:28 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Internet Files\Content.IE5\IMSNP3QJ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 23/05/2005 3:45:28 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Internet Files\Content.IE5\OZWH4RW1\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 23/05/2005 3:45:28 PM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVCLSDMV\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 23/05/2005 3:45:28 PM | Attr =  HS]

Perflib_Perfdata_b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 01/03/2008 11:55:44 AM | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Kontiki -> %AllUsersProfile%\Application Data\Kontiki ->  [Folder | Modified Date = 01/03/2008 6:06:34 PM | Attr =	]

Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 17/02/2008 3:27:55 PM | Attr =	]

Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 17/02/2008 3:27:27 PM | Attr =   S]

Rabio -> %AllUsersProfile%\Application Data\Rabio ->  [Folder | Modified Date = 20/02/2008 9:42:30 PM | Attr =	]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 20/02/2008 9:42:40 PM | Attr =	]

Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 20/02/2008 7:30:10 PM | Attr =	]

Lavasoft -> %AppData%\Lavasoft ->  [Folder | Modified Date = 17/02/2008 3:27:27 PM | Attr =	]

uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 01/03/2008 6:07:15 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 232448 bytes | Modified Date = 18/02/2008 8:00:54 AM | Attr =	]

Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 18/02/2008 8:04:43 PM | Attr =	]

Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Modified Date = 05/02/2008 8:20:11 PM | Attr =	]

2000 C:\Documents and Settings\Mark!\My Documents\*.tmp files -> C:\Documents and Settings\Mark!\My Documents\*.tmp -> 

My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 17/02/2008 4:34:23 PM | Attr = R  ]

My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 577 bytes | Modified Date = 17/02/2008 4:15:02 PM | Attr =	]

Symantec -> %UserProfile%\My Documents\Symantec ->  [Folder | Modified Date = 18/02/2008 9:08:50 PM | Attr =	]

Norton AntiVirus.lnk -> %AllUsersProfile%\Desktop\Norton AntiVirus.lnk ->  [Ver =  | Size = 1898 bytes | Modified Date = 18/02/2008 8:48:25 PM | Attr =	]

ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 01/03/2008 5:45:24 PM | Attr =	]

averttools.aspx -> %UserProfile%\Desktop\averttools.aspx ->  [Ver =  | Size = 19758 bytes | Modified Date = 20/02/2008 10:14:58 PM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 20/02/2008 9:43:11 PM | Attr =	]

HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 20/02/2008 7:50:46 PM | Attr =	]

McafeeRootkitDetective.zip -> %UserProfile%\Desktop\McafeeRootkitDetective.zip ->  [Ver =  | Size = 1721043 bytes | Modified Date = 20/02/2008 10:21:14 PM | Attr =	]

Mozilla Firefox.lnk -> %UserProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1614 bytes | Modified Date = 20/02/2008 8:37:58 PM | Attr =	]

spf.msi -> %UserProfile%\Desktop\spf.msi ->  [Ver =  | Size = 5659648 bytes | Modified Date = 21/02/2008 6:52:58 PM | Attr =	]

spybotsd152.exe -> %UserProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 20/02/2008 7:53:44 PM | Attr =	]

stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 20/02/2008 10:20:44 PM | Attr =	]

stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 22 bytes | Modified Date = 21/02/2008 6:11:49 PM | Attr =	]

topic34773.html -> %UserProfile%\Desktop\topic34773.html ->  [Ver =  | Size = 54675 bytes | Modified Date = 20/02/2008 10:31:27 PM | Attr =	]

topic34773_files -> %UserProfile%\Desktop\topic34773_files ->  [Folder | Modified Date = 20/02/2008 10:31:26 PM | Attr =	]

VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 6.07.0008 | Size = 132608 bytes | Modified Date = 20/02/2008 7:45:22 PM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 01/03/2008 5:50:40 PM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482000 bytes | Modified Date = 01/03/2008 5:48:18 PM | Attr =	]

zaSetup_en.exe -> %UserProfile%\Desktop\zaSetup_en.exe -> Check Point Software Technologies LTD [Ver = 7.1.100.000 | Size = 210416 bytes | Modified Date = 21/02/2008 6:16:05 PM | Attr =	]

Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 29/02/2008 7:33:42 PM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 17/02/2008 3:20:40 PM | Attr =	]



< End of report >

Edited by 3lpete, 01 March 2008 - 02:42 PM.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:15 AM

Posted 02 March 2008 - 10:53 AM

Hi 3lpete. Let's start with the following.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Run ComboFix:
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
--------------------------------------------------------------------

Post logs:
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt"
  • Post a new new WinPFind35 log
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


I will review the information when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 3lpete

3lpete
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 02 March 2008 - 03:30 PM

Hi again. Ran combofix, for some reason the program didn't finish running. It froze on an empty desktop (with no taskbar or icons) for 45 mins so I just reset my pc.

I was not able to install the recovery console either. When I tried to drag the installer onto combofix, combofix worked for a bit, then a dialog box came up saying "C:\Documents and Settings\Mark!\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe is not a valid Win32 application." Then one saying "You didnt select YES Installation is aborted" :S But the EULA didn't come up... I didn't get a chance to press Yes!? :S

Anyway, below is my latest WinPFind log. I'm posting this from a different computer right now as I'm not able to post on here with my infected computer. Don't know why, maybe there's not enough memory?

Will try running combofix again. Here's the contents of c:/combofix/combofix.txt

-----

ComboFix 08-03-01.3 - Mark! 2008-03-02 18:23:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.61 [GMT 0:00]
Running from: C:\Documents and Settings\Mark!\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 4
/wow section not completed

-------

WinPFind35 logfile created on: 2008-03-02 20:05:02
WinPFind35U Version 1.0.3.0	 Folder = C:\Documents and Settings\Mark!\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd
 
255.48 Mb Total Physical Memory | 82.93 Mb Available Physical Memory | 32.46% Memory free
490.27 Mb Paging File | 210.09 Mb Available in Paging File | 42.85% Paging File free
Paging file location(s): C:\pagefile.sys 256 2048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 33.28 Gb Free Space | 29.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 38.15 Gb Total Space | 12.38 Gb Free Space | 32.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARKSPC
Current User Name: Mark!
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 2008-02-17 22:23:58 | Attr =	]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 2008-02-17 22:05:03 | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 13:27:08 | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2008-01-15 02:40:04 | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 2008-02-17 22:10:14 | Attr =	]
wlservice.exe -> %ProgramFiles%\Belkin\Belkin Wireless Network Utility\WLService.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 2004-03-29 16:08:16 | Attr =	]
wlancfgg.exe -> %ProgramFiles%\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe ->  [Ver = 1, 0, 7, 4 | Size = 827392 bytes | Modified Date = 2005-06-13 15:45:54 | Attr =	]
kservice.exe -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 2007-04-23 11:22:14 | Attr =	]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.18 | Size = 47104 bytes | Modified Date = 2003-02-10 07:59:48 | Attr = R  ]
incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Copyright (C) ahead software gmbh and its licensors [Ver = 3.33.0 | Size = 1048576 bytes | Modified Date = 2002-07-10 09:32:58 | Attr =	]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 2003-10-31 18:42:40 | Attr =	]
ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe ->  [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 2006-01-07 01:36:10 | Attr =	]
khost.exe -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 2007-04-23 11:23:14 | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 2008-01-15 03:22:56 | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 84640 bytes | Modified Date = 2008-02-17 21:43:39 | Attr =	]
googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe -> Google Inc. [Ver = 1.0.0.0 | Size = 21488 bytes | Modified Date = 2008-02-15 07:53:09 | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2008-01-15 03:22:44 | Attr =	]
lgsyncmanager.exe -> %ProgramFiles%\LG PC Suite\LG PC Sync\LGSyncManager.exe -> LG Electronics Inc. [Ver = 1, 0, 2, 0 | Size = 225280 bytes | Modified Date = 2004-07-16 14:32:56 | Attr =	]
youtubeuploader.exe -> %UserProfile%\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe -> YouTube, LLC [Ver = 1.0.24.0 | Size = 71152 bytes | Modified Date = 2007-11-09 13:33:08 | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.0 | Size = 310784 bytes | Modified Date = 2008-03-01 01:06:42 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 13:27:08 | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2008-01-15 02:40:04 | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 2008-02-17 22:10:14 | Attr =	]
(Belkin Wireless USB Network Adapter Service) Belkin Wireless USB Network Adapter [Win32_Own | Auto | Running] -> %ProgramFiles%\Belkin\Belkin Wireless Network Utility\WLService.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 2004-03-29 16:08:16 | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 2008-02-17 22:23:58 | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 2008-02-17 22:23:58 | Attr =	]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 2008-02-17 22:23:58 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 07:56:48 | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2008-01-15 03:22:44 | Attr =	]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\isPwdSvc.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 79496 bytes | Modified Date = 2008-02-17 22:28:42 | Attr =	]
(KService) KService [Win32_Own | Auto | Running] -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 2007-04-23 11:22:14 | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 2008-02-17 22:10:14 | Attr =	]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 2008-02-17 22:23:58 | Attr =	]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 2008-01-29 17:38:31 | Attr =	]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe ->  [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 2004-07-27 18:07:08 | Attr =	]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 2005-11-24 16:03:22 | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 2006-03-09 14:29:00 | Attr =	]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 2005-11-24 15:57:44 | Attr =	]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 2004-10-15 19:40:56 | Attr =	]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 2005-11-24 15:47:30 | Attr =	]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.4.01.13062 | Size = 69632 bytes | Modified Date = 2006-01-06 21:25:12 | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1251720 bytes | Modified Date = 2008-02-19 08:49:17 | Attr =	]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 2008-02-17 22:05:03 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 2008-01-19 18:02:26 | Attr =	]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5080 | Size = 696284 bytes | Modified Date = 2003-02-11 07:34:52 | Attr = R  ]
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 1999-09-10 11:06:00 | Attr = R  ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Modified Date = 2004-08-04 05:29:26 | Attr =	]
(BsStor) InCD Storage Helper Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\bsstor.sys -> B.H.A Co.,Ltd. [Ver = 1.0.7 | Size = 9344 bytes | Modified Date = 2002-06-05 23:07:00 | Attr =	]
(BsUDF) InCD UDF Driver [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\bsudf.sys -> ahead software [Ver = 3.33.0 | Size = 434944 bytes | Modified Date = 2002-07-10 09:35:14 | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(cel90xbe) cel90xbe [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Mark!\LOCALS~1\Temp\cel90xbe.sys -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-04 06:07:17 | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-04 06:07:16 | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2002-08-29 20:00:00 | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 2008-02-13 15:37:46 | Attr =	]
(ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyCDFL.sys -> Elaborate Bytes [Ver = 4, 0, 0, 0 | Size = 4480 bytes | Modified Date = 2002-04-09 15:00:10 | Attr =	]
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 4, 0, 0, 0 | Size = 13300 bytes | Modified Date = 2002-04-04 08:40:29 | Attr =	]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 2008-02-13 15:37:46 | Attr =	]
(FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc.			   [Ver = 2.66 | Size = 27165 bytes | Modified Date = 2001-08-17 11:13:08 | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 2006-09-19 14:44:04 | Attr =	]
(GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> D:\INSTALL\GMSIPCI.SYS -> File not found
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(IFPUSB) iRiver Internet Audio Player IFP-100 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ifpusb.sys -> iRiver, Inc. [Ver = 1.00 | Size = 12790 bytes | Modified Date = 2003-01-13 06:24:40 | Attr = R  ]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080302.001\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 82256 bytes | Modified Date = 2008-02-28 09:00:00 | Attr =	]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080302.001\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 895376 bytes | Modified Date = 2008-02-28 09:00:00 | Attr =	]
(NETGEAR_MA111) NETGEAR 802.11b MA111 Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MA111nd5.sys -> NETGEAR, Inc. [Ver = 3.00.08 | Size = 644608 bytes | Modified Date = 2003-08-29 07:39:08 | Attr =	]
(NTACCESS) NTACCESS [Kernel | On_Demand | Stopped] -> D:\NTACCESS.sys -> File not found
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 2826944 bytes | Modified Date = 2004-10-29 16:50:00 | Attr =	]
(PCANDIS5) PCANDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCANDIS5.SYS -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.00.13.50 | Size = 16292 bytes | Modified Date = 2003-08-29 07:39:06 | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRJNDL) PDRJNDL [Kernel | Auto | Running] -> %ProgramFiles%\Dekart\Private Disk Light\pdrjndl.sys ->  [Ver =  | Size = 16512 bytes | Modified Date = 2002-09-26 16:26:08 | Attr =	]
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 200 | Size = 14604 bytes | Modified Date = 2003-08-11 10:07:46 | Attr =	]
(PRVDISK) PRVDISK [Kernel | Auto | Running] -> %ProgramFiles%\Dekart\Private Disk Light\prvdisk.sys -> Dekart   [Ver = 1.0B | Size = 14080 bytes | Modified Date = 2002-11-07 12:25:22 | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2002-08-29 20:00:00 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 2005-04-25 09:03:00 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RT73) Belkin USB Network Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.00.0000 | Size = 232192 bytes | Modified Date = 2005-08-02 23:00:36 | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 10:25:53 | Attr =	]
(SetupNTGLM7X) SetupNTGLM7X [Kernel | On_Demand | Stopped] -> D:\NTGLM7X.sys -> File not found
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 2001-08-17 12:56:16 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.0.0.107 | Size = 406672 bytes | Modified Date = 2008-02-17 22:12:23 | Attr =	]
(SRTSP) SRTSP [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 2007-11-30 23:57:12 | Attr =	]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 2007-11-30 23:57:12 | Attr =	]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 2007-11-30 23:57:12 | Attr =	]
(STEC3) STEC3 [Kernel | Auto | Running] -> %SystemRoot%\system32\STEC3.sys -> AntiCracking [Ver = 4.00 | Size = 2368 bytes | Modified Date = 2005-04-26 17:00:13 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 12848 bytes | Modified Date = 2007-10-30 19:55:14 | Attr =	]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 2008-02-19 08:58:45 | Attr =	]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 145968 bytes | Modified Date = 2007-10-30 19:55:20 | Attr =	]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 39856 bytes | Modified Date = 2007-10-30 19:55:28 | Attr =	]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20080227.001\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 2008-02-14 03:13:52 | Attr =	]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 35120 bytes | Modified Date = 2007-10-30 19:55:24 | Attr =	]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 27696 bytes | Modified Date = 2007-10-30 19:55:34 | Attr =	]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 191536 bytes | Modified Date = 2007-10-30 19:55:38 | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 2004-10-15 18:17:02 | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(U81xbus) LGE U8XXX driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xbus.sys -> MCCI [Ver = V4.20 | Size = 52352 bytes | Modified Date = 2004-07-16 13:29:00 | Attr = R  ]
(U81xmdfl) LGE U8XXX USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xmdfl.sys -> MCCI [Ver = V4.20 | Size = 6064 bytes | Modified Date = 2004-07-16 13:29:00 | Attr = R  ]
(U81xmdm) LGE U8XXX USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xmdm.sys -> MCCI [Ver = V4.20 | Size = 84480 bytes | Modified Date = 2004-07-16 13:29:00 | Attr = R  ]
(U81xmgmt) LGE U8XXX USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xmgmt.sys -> MCCI [Ver = V4.20 | Size = 77472 bytes | Modified Date = 2004-07-16 13:29:00 | Attr = R  ]
(U81xobex) LGE U8XXX USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xobex.sys -> MCCI [Ver = V4.20 | Size = 75456 bytes | Modified Date = 2004-07-16 13:29:00 | Attr = R  ]
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(usbcm) USB Cable Modem 351000 NDIS Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbcm.sys -> Microsystems Corp [Ver = 1.10.35.1000 | Size = 13335 bytes | Modified Date = 2002-04-11 20:21:38 | Attr = R  ]
(vsdatant) vsdatant [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 18:32:38 | Attr =	]
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 18:32:40 | Attr =	]
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 18:32:42 | Attr =	]
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 18:32:44 | Attr =	]
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 2004-10-15 18:18:46 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
4oD -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 2007-04-23 11:23:14 | Attr =	]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 84640 bytes | Modified Date = 2008-02-17 21:43:39 | Attr =	]
CloneCDElbyCDFL -> %ProgramFiles%\Elaborate Bytes\CloneCD\ElbyCheck.exe -> Elaborate Bytes [Ver = 2, 0, 0, 1 | Size = 45056 bytes | Modified Date = 2001-12-06 12:09:08 | Attr =	]
InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Copyright (C) ahead software gmbh and its licensors [Ver = 3.33.0 | Size = 1048576 bytes | Modified Date = 2002-07-10 09:32:58 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 2008-01-15 03:22:56 | Attr =	]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 10:50:42 | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 2006-03-09 14:29:00 | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 86016 bytes | Modified Date = 2006-03-09 14:29:00 | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe ->  [Ver =  | Size = 1519616 bytes | Modified Date = 2006-03-09 14:29:00 | Attr =	]
osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Modified Date = 2008-02-17 21:58:42 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 2008-01-10 15:27:36 | Attr =	]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 2003-10-31 18:42:40 | Attr =	]
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 2004-10-15 19:40:56 | Attr =	]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.18 | Size = 47104 bytes | Modified Date = 2003-02-10 07:59:48 | Attr = R  ]
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe ->  [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 2006-01-07 01:36:10 | Attr =	]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 2008-01-29 17:38:31 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Google Update -> %UserProfile%\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe -> Google Inc. [Ver = 1.0.0.0 | Size = 21488 bytes | Modified Date = 2008-02-15 07:53:09 | Attr =	]
kdx -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 2007-04-23 11:23:14 | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 2008-01-28 11:43:40 | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 1999-11-04 14:06:48 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 2004-12-14 04:44:06 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\LG SyncManager.lnk -> %ProgramFiles%\LG PC Suite\LG PC Sync\LGSyncManager.exe -> LG Electronics Inc. [Ver = 1, 0, 2, 0 | Size = 225280 bytes | Modified Date = 2004-07-16 14:32:56 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\µTorrent.lnk -> %ProgramFiles%\uTorrent\uTorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 2008-02-04 23:07:26 | Attr =	]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\DVD Region-Free\DVDShell.dll [] -> Fengtao Software [Ver = 3, 2, 5, 8 | Size = 49152 bytes | Modified Date = 2003-12-20 21:58:02 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMovingBands -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCloseDragDropBands -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetTaskbar -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarsOnTaskbar -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (226635 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://ie.search.msn.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4223 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4317 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 2004-12-14 01:56:50 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr =	]
{76B035A2-C2DD-49F3-8AAC-A82427128354} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmkhe.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 317440 bytes | Modified Date = 2008-02-21 19:14:53 | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{837BA7CE-022C-4606-AB43-AE47323B173E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{D85530E8-D39D-49D0-9F36-300D594556D2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{E7535E8D-6A47-4A76-BCDF-133A3E6248CD} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnno.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{03646F67-527E-4d2a-8073-092EE87A3DD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{03646F67-527E-4D2A-8073-092EE87A3DD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{03646F67-527E-4D2A-8073-092EE87A3DD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{200D4FD9-2766-41D7-A7DB-24B3A227AF59} ->	(USB Cable Modem 351000) -> 
{20376C9C-9DDD-4719-8529-33EDE840C815} ->	(Belkin 54g Wireless USB Network Adapter) -> 
{5ED4B9AD-6CEE-4CA1-A725-73E86320025A} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 
{992779B0-802B-43AC-953C-52D7ABFF0A57} ->	(VIA Compatable Fast Ethernet Adapter) -> 
{D1E641C4-6BBC-4656-9290-B963FAFA0025} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000075-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/voxacm.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 07:56:43 | Attr =	]
C:\WINDOWS\system32\pmkhe.dll -> %SystemRoot%\system32\pmkhe.dll ->  [Ver =  | Size = 317440 bytes | Modified Date = 2008-02-21 19:14:53 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 17:49:30 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 07:56:43 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 14:21:15 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2004-08-04 07:56:46 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 708 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-04 07:56:44 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\AUOptions -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-04 07:56:44 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 07:56:57 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 12263 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 07:56:42 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 07:56:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 2007-01-19 11:54:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 2007-01-04 15:10:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 07:56:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\btdownloadgui.exe -> C:\Program Files\BitTorrent\btdownloadgui.exe [C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa Lite K++\KazaaLite.kpp -> C:\Program Files\Kazaa Lite K++\KazaaLite.kpp [C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rtcshare.exe -> C:\WINDOWS\system32\rtcshare.exe [C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 2004-08-04 07:56:55 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetMeeting\conf.exe -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®] -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 1032192 bytes | Modified Date = 2004-08-04 07:56:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DC++\DCPlusPlus.exe -> C:\Program Files\DC++\DCPlusPlus.exe [C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.12.1053 | Size = 204845 bytes | Modified Date = 2005-02-28 17:41:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\QuickTime\QuickTimePlayer.exe -> C:\Program Files\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player] -> Apple Inc. [Ver = 7.4 | Size = 7529776 bytes | Modified Date = 2008-01-10 15:28:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SEGA\The Typing of The Dead\Tod_e.exe -> C:\Program Files\SEGA\The Typing of The Dead\Tod_e.exe [C:\Program Files\SEGA\The Typing of The Dead\Tod_e.exe:*:Enabled:Tod_e] ->  [Ver =  | Size = 2048000 bytes | Modified Date = 2000-11-23 12:42:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dplaysvr.exe -> C:\WINDOWS\system32\dplaysvr.exe [C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30208 bytes | Modified Date = 2004-08-04 07:56:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 2004-08-04 07:56:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe -> C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe [C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd] -> Pocket Soft, Inc. [Ver = 6.50 | Size = 417792 bytes | Modified Date = 2002-02-27 18:50:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-11 07:47:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IntelliJ\bin\idea.exe -> C:\Program Files\IntelliJ\bin\idea.exe [C:\Program Files\IntelliJ\bin\idea.exe:*:Enabled:LaunchAnywhere GUI] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SpecTcl1.1\bin\wish80.exe -> C:\Program Files\SpecTcl1.1\bin\wish80.exe [C:\Program Files\SpecTcl1.1\bin\wish80.exe:*:Enabled:Wish Application] -> Sun Microsystems, Inc. [Ver = 8.0 | Size = 12288 bytes | Modified Date = 1997-09-18 14:55:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ASP.NET Web Matrix\v0.6.812\WebServer.exe -> C:\Program Files\Microsoft ASP.NET Web Matrix\v0.6.812\WebServer.exe [C:\Program Files\Microsoft ASP.NET Web Matrix\v0.6.812\WebServer.exe:*:Enabled:WebServer] -> Microsoft Corporation [Ver = 0.6.812.0 | Size = 53248 bytes | Modified Date = 2003-05-29 11:00:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WSFTP\ws_ftp95.exe -> C:\Program Files\WSFTP\ws_ftp95.exe [C:\Program Files\WSFTP\ws_ftp95.exe:*:Enabled:WS_FTP 95] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 2007-01-19 11:54:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 2007-01-04 15:10:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 2008-02-04 23:07:26 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kontiki\KService.exe -> C:\Program Files\Kontiki\KService.exe [C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service] -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 2007-04-23 11:22:14 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 2008-01-15 03:22:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetIRC\NetIRC.exe -> C:\Program Files\NetIRC\NetIRC.exe [C:\Program Files\NetIRC\NetIRC.exe:*:Enabled:NetIRC Client By Plucky Ali] -> Plucky Ali [Ver = 1.06.0002 | Size = 630784 bytes | Modified Date = 2008-02-03 19:52:06 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll [139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll [445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll [137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll [138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{992779B0-802B-43AC-953C-52D7ABFF0A57} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{D1E641C4-6BBC-4656-9290-B963FAFA0025} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{200D4FD9-2766-41D7-A7DB-24B3A227AF59} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 07:56:57 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 07:56:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-03-02 18:23:25 | Attr =	]
1 C:\*.tmp files -> C:\*.tmp -> 
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2008-03-02 18:19:31 | Attr =	]
Temp -> %SystemDrive%\Temp ->  [Folder | Created Date = 2008-02-17 13:42:59 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2008-02-20 19:45:45 | Attr =	]
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT ->  [Ver =  | Size = 10740 bytes | Modified Date = 2008-02-19 08:58:45 | Attr =	]
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF ->  [Ver =  | Size = 805 bytes | Modified Date = 2008-02-19 08:58:45 | Attr =	]
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 2008-02-19 08:58:45 | Attr =	]
Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 2004-10-15 18:17:02 | Attr =	]
wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 18:32:38 | Attr =	]
wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 18:32:40 | Attr =	]
wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 18:32:42 | Attr =	]
wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 18:32:44 | Attr =	]
wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 2004-10-15 18:18:46 | Attr =	]
coh.cache -> %SystemRoot%\System32\coh.cache ->  [Ver =  | Size = 16 bytes | Modified Date = 2008-02-18 21:18:00 | Attr =	]
ehkmp.ini -> %SystemRoot%\System32\ehkmp.ini ->  [Ver =  | Size = 1452 bytes | Modified Date = 2008-03-02 20:04:12 | Attr =  HS]
ehkmp.ini2 -> %SystemRoot%\System32\ehkmp.ini2 ->  [Ver =  | Size = 1452 bytes | Modified Date = 2008-03-02 20:04:13 | Attr =  HS]
ez2 -> %SystemRoot%\System32\ez2 ->  [Folder | Created Date = 2008-02-17 13:43:47 | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
grep.exe -> %SystemRoot%\System32\grep.exe ->  [Ver =  | Size = 80412 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
kfjcfvuv.ini -> %SystemRoot%\System32\kfjcfvuv.ini ->  [Ver =  | Size = 1248707 bytes | Modified Date = 2008-02-20 07:59:58 | Attr =  HS]
nGpxx01 -> %SystemRoot%\System32\nGpxx01 ->  [Folder | Created Date = 2008-02-17 13:42:59 | Attr =	]
pmkhe.dll -> %SystemRoot%\System32\pmkhe.dll ->  [Ver =  | Size = 317440 bytes | Modified Date = 2008-02-21 19:14:53 | Attr =	]
pu1 -> %SystemRoot%\System32\pu1 ->  [Folder | Created Date = 2008-02-17 13:43:47 | Attr =	]
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 2008-02-19 08:58:45 | Attr =	]
sed.exe -> %SystemRoot%\System32\sed.exe ->  [Ver =  | Size = 98816 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Modified Date = 2004-10-15 18:32:10 | Attr =	]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
VFind.exe -> %SystemRoot%\System32\VFind.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
zip.exe -> %SystemRoot%\System32\zip.exe ->  [Ver =  | Size = 68096 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
ZoneAlarmIconUK.ico -> %SystemRoot%\System32\ZoneAlarmIconUK.ico ->  [Ver =  | Size = 9662 bytes | Modified Date = 2008-02-17 13:54:41 | Attr =	]
zx8 -> %SystemRoot%\System32\zx8 ->  [Folder | Created Date = 2008-02-17 13:43:47 | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 2008-03-02 18:20:26 | Attr =	]
8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
Norton AntiVirus - Run Full System Scan - Mark!.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Mark!.job ->  [Ver =  | Size = 530 bytes | Modified Date = 2008-02-18 21:10:14 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2008-02-17 15:26:29 | Attr =	]
Rabio -> %AllUsersProfile%\Application Data\Rabio ->  [Folder | Created Date = 2008-02-17 13:46:37 | Attr =	]
Symantec -> %UserProfile%\My Documents\Symantec ->  [Folder | Created Date = 2008-02-18 21:08:50 | Attr =	]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 1579712 bytes | Modified Date = 2008-03-02 18:00:24 | Attr =	]
Mozilla Firefox.lnk -> %UserProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1614 bytes | Modified Date = 2008-02-20 20:37:58 | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Created Date = 2008-03-02 18:01:39 | Attr =	]
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> %UserProfile%\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe ->  [Ver =  | Size = 752908 bytes | Modified Date = 2008-03-02 18:05:31 | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2008-03-01 17:50:40 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2008-02-17 15:20:40 | Attr =	]

[Files/Folders - Modified Within 30 days]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-03-02 18:26:44 | Attr =	]
1 C:\*.tmp files -> C:\*.tmp -> 
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 267964416 bytes | Modified Date = 2008-03-02 19:53:25 | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-03-02 18:24:01 | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2008-03-02 18:21:15 | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2008-03-02 19:55:00 | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 2008-03-02 18:24:01 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2008-02-20 22:25:16 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-03-02 18:26:48 | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2008-02-20 20:57:51 | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 226635 bytes | Modified Date = 2008-02-20 20:57:51 | Attr = R  ]
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT ->  [Ver =  | Size = 10740 bytes | Modified Date = 2008-02-19 08:58:45 | Attr =	]
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF ->  [Ver =  | Size = 805 bytes | Modified Date = 2008-02-19 08:58:45 | Attr =	]
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 2008-02-19 08:58:45 | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2008-02-13 07:36:20 | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2008-03-02 18:07:11 | Attr =	]
coh.cache -> %SystemRoot%\System32\coh.cache ->  [Ver =  | Size = 16 bytes | Modified Date = 2008-02-18 21:18:00 | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2008-02-14 07:54:47 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2008-03-02 18:23:50 | Attr =	]
ehkmp.ini -> %SystemRoot%\System32\ehkmp.ini ->  [Ver =  | Size = 1452 bytes | Modified Date = 2008-03-02 20:04:12 | Attr =  HS]
ehkmp.ini2 -> %SystemRoot%\System32\ehkmp.ini2 ->  [Ver =  | Size = 1452 bytes | Modified Date = 2008-03-02 20:04:13 | Attr =  HS]
ez2 -> %SystemRoot%\System32\ez2 ->  [Folder | Modified Date = 2008-02-17 17:50:50 | Attr =	]
kfjcfvuv.ini -> %SystemRoot%\System32\kfjcfvuv.ini ->  [Ver =  | Size = 1248707 bytes | Modified Date = 2008-02-20 07:59:58 | Attr =  HS]
nGpxx01 -> %SystemRoot%\System32\nGpxx01 ->  [Folder | Modified Date = 2008-02-19 20:27:46 | Attr =	]
pmkhe.dll -> %SystemRoot%\System32\pmkhe.dll ->  [Ver =  | Size = 317440 bytes | Modified Date = 2008-02-21 19:14:53 | Attr =	]
pu1 -> %SystemRoot%\System32\pu1 ->  [Folder | Modified Date = 2008-02-17 13:43:47 | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2008-03-02 19:55:00 | Attr =	]
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 2008-02-19 08:58:45 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2422 bytes | Modified Date = 2008-03-02 17:47:51 | Attr =	]
ZoneAlarmIconUK.ico -> %SystemRoot%\System32\ZoneAlarmIconUK.ico ->  [Ver =  | Size = 9662 bytes | Modified Date = 2008-02-17 13:54:41 | Attr =	]
zx8 -> %SystemRoot%\System32\zx8 ->  [Folder | Modified Date = 2008-02-17 13:43:47 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-02-13 07:36:44 | Attr =  H ]
8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-03-02 19:53:29 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-02-19 20:29:58 | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-03-02 18:20:26 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2008-02-14 07:54:36 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2008-02-19 20:29:57 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-02-21 19:16:14 | Attr =  HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 2008-02-17 16:01:30 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-03-02 18:26:41 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-03-02 19:56:41 | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2008-03-02 18:26:20 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2008-02-18 21:10:14 | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2008-03-02 19:55:25 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2008-02-20 07:50:16 | Attr =	]
Norton AntiVirus - Run Full System Scan - Mark!.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Mark!.job ->  [Ver =  | Size = 530 bytes | Modified Date = 2008-02-18 21:10:14 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-03-02 19:54:19 | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1310 bytes | Modified Date = 2003-08-25 11:18:51 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6848 bytes | Modified Date = 2008-03-02 19:57:40 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6848 bytes | Modified Date = 2008-03-02 19:57:41 | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 2003-06-28 23:57:05 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 2004-09-03 17:17:51 | Attr =	]
xvthqlhu.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\xvthqlhu.exe ->  [Ver =  | Size = 42108 bytes | Modified Date = 2008-02-19 08:34:33 | Attr =	]
22 C:\Documents and Settings\Mark!\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark!\Local Settings\Temp\*.tmp -> 
install.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.exe -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 609472 bytes | Modified Date = 2005-09-23 07:01:16 | Attr =	]
KHost.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\Kontiki4oDInstall\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 2007-04-23 11:23:14 | Attr =	]
KService.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\Kontiki4oDInstall\KService.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 2007-04-23 11:22:14 | Attr =	]
install.res.1025.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1025.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 2005-09-23 06:29:48 | Attr =	]
install.res.1028.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1028.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 2005-09-23 06:32:24 | Attr =	]
install.res.1029.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1029.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 82944 bytes | Modified Date = 2005-09-23 06:34:10 | Attr =	]
install.res.1030.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1030.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 81920 bytes | Modified Date = 2005-09-23 06:34:12 | Attr =	]
install.res.1031.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1031.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 85504 bytes | Modified Date = 2005-09-23 06:34:44 | Attr =	]
install.res.1032.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1032.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 87552 bytes | Modified Date = 2005-09-23 06:36:24 | Attr =	]
install.res.1033.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1033.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 2005-09-23 03:46:14 | Attr =	]
install.res.1035.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1035.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 81408 bytes | Modified Date = 2005-09-23 06:38:26 | Attr =	]
install.res.1036.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1036.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 86016 bytes | Modified Date = 2005-09-23 06:38:52 | Attr =	]
install.res.1037.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1037.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 2005-09-23 06:40:30 | Attr =	]
install.res.1038.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1038.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 83968 bytes | Modified Date = 2005-09-23 06:40:32 | Attr =	]
install.res.1040.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1040.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 84480 bytes | Modified Date = 2005-09-23 06:40:56 | Attr =	]
install.res.1041.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1041.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 2005-09-23 06:42:58 | Attr =	]
install.res.1042.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1042.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 2005-09-23 06:44:58 | Attr =	]
install.res.1043.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1043.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 83456 bytes | Modified Date = 2005-09-23 06:46:38 | Attr =	]
install.res.1044.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1044.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 81920 bytes | Modified Date = 2005-09-23 06:46:38 | Attr =	]
install.res.1045.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1045.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 83456 bytes | Modified Date = 2005-09-23 06:46:40 | Attr =	]
install.res.1046.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1046.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 82432 bytes | Modified Date = 2005-09-23 06:47:04 | Attr =	]
install.res.1049.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1049.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 82432 bytes | Modified Date = 2005-09-23 06:47:30 | Attr =	]
install.res.1053.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1053.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 81920 bytes | Modified Date = 2005-09-23 06:47:32 | Attr =	]
install.res.1055.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.1055.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 2005-09-23 06:47:32 | Attr =	]
install.res.2052.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.2052.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 2005-09-23 06:30:18 | Attr =	]
install.res.2070.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.2070.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 84480 bytes | Modified Date = 2005-09-23 06:47:06 | Attr =	]
install.res.3076.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.3076.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 80896 bytes | Modified Date = 2005-09-23 06:29:50 | Attr =	]
install.res.3082.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.res.3082.dll -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 85504 bytes | Modified Date = 2005-09-23 06:36:48 | Attr =	]
mscoree.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 2005-09-23 04:30:40 | Attr =	]
unicows.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\unicows.dll -> Microsoft Corporation [Ver = 1.0.4018.0 | Size = 245408 bytes | Modified Date = 2005-09-23 07:57:06 | Attr = R  ]
Perflib_Perfdata_248.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_248.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2007-03-12 23:18:41 | Attr =	]
Perflib_Perfdata_25c.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_25c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-02-18 08:00:57 | Attr =	]
Perflib_Perfdata_4dc.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_4dc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-01-14 19:02:36 | Attr =	]
Perflib_Perfdata_6e0.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_6e0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-02-20 07:28:13 | Attr =	]
Perflib_Perfdata_8ec.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_8ec.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-02-19 18:37:17 | Attr =	]
Perflib_Perfdata_928.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_928.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-02-18 07:55:23 | Attr =	]
Perflib_Perfdata_944.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_944.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-03-02 19:55:41 | Attr =	]
Perflib_Perfdata_a4.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_a4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2007-11-25 11:59:28 | Attr =	]
Perflib_Perfdata_c64.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_c64.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-03-02 17:49:15 | Attr =	]
SSALiveUpdate.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\SSALiveUpdate.dat ->  [Ver =  | Size = 172 bytes | Modified Date = 2008-02-18 20:44:38 | Attr =	]
SymSCLiveUpdate.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\SymSCLiveUpdate.dat ->  [Ver =  | Size = 316 bytes | Modified Date = 2008-02-17 21:02:26 | Attr =	]
22 C:\Documents and Settings\Mark!\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark!\Local Settings\Temp\*.tmp -> 
index.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Osiu\index.dat ->  [Ver =  | Size = 421 bytes | Modified Date = 2008-02-17 13:54:41 | Attr =	]
4 C:\Documents and Settings\Mark!\Local Settings\Temp\Osiu\*.tmp files -> C:\Documents and Settings\Mark!\Local Settings\Temp\Osiu\*.tmp -> 
Thorpe Park 2004.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Directory 1 for Thorpe Park 2004.zip\Thorpe Park 2004.dat ->  [Ver =  | Size = 3031703 bytes | Modified Date = 2005-02-10 15:47:56 | Attr = R  ]
install.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\IS1F.tmp\install.ini ->  [Ver =  | Size = 4585 bytes | Modified Date = 2005-09-23 07:57:46 | Attr =	]
settings.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\NI.UGA6P_5555_N122M0312\settings.ini ->  [Ver =  | Size = 23 bytes | Modified Date = 2008-02-17 13:54:03 | Attr =	]
desktop.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2005-05-23 15:45:27 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Internet Files\Content.IE5\41EZSXIV\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2005-05-23 15:45:28 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Internet Files\Content.IE5\IMSNP3QJ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2005-05-23 15:45:28 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Internet Files\Content.IE5\OZWH4RW1\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2005-05-23 15:45:28 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVCLSDMV\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2005-05-23 15:45:28 | Attr =  HS]
Perflib_Perfdata_454.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_454.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-03-02 19:55:12 | Attr =	]
Perflib_Perfdata_7bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7bc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-03-02 17:48:18 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Kontiki -> %AllUsersProfile%\Application Data\Kontiki ->  [Folder | Modified Date = 2008-03-02 20:04:55 | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2008-02-17 15:27:55 | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 2008-02-17 15:27:27 | Attr =   S]
Rabio -> %AllUsersProfile%\Application Data\Rabio ->  [Folder | Modified Date = 2008-02-20 21:42:30 | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2008-02-20 21:42:40 | Attr =	]
Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 2008-02-20 19:30:10 | Attr =	]
Lavasoft -> %AppData%\Lavasoft ->  [Folder | Modified Date = 2008-02-17 15:27:27 | Attr =	]
uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 2008-03-02 20:01:54 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 232448 bytes | Modified Date = 2008-02-18 08:00:54 | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 2008-02-18 20:04:43 | Attr =	]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Modified Date = 2008-02-05 20:20:11 | Attr =	]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2008-02-17 16:34:23 | Attr = R  ]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 577 bytes | Modified Date = 2008-02-17 16:15:02 | Attr =	]
Symantec -> %UserProfile%\My Documents\Symantec ->  [Folder | Modified Date = 2008-02-18 21:08:50 | Attr =	]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 1579712 bytes | Modified Date = 2008-03-02 18:00:24 | Attr =	]
Mozilla Firefox.lnk -> %UserProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1614 bytes | Modified Date = 2008-02-20 20:37:58 | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Modified Date = 2008-03-02 18:01:39 | Attr =	]
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe -> %UserProfile%\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe ->  [Ver =  | Size = 752908 bytes | Modified Date = 2008-03-02 18:05:31 | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2008-03-02 20:04:34 | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 2008-03-02 19:54:32 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2008-02-17 15:20:40 | Attr =	]

< End of report >

Edited by 3lpete, 02 March 2008 - 03:42 PM.


#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:15 AM

Posted 02 March 2008 - 03:53 PM

Hi 3lpete. Rerun ComboFix and just let it run. I've seen it take a couple of days on machines infected as heavily infected as this one. There are currently thousands of infected files on that system and they cannot be removed instantly. Let CF run until it completes.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 3lpete

3lpete
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 02 March 2008 - 04:23 PM

Hi 3lpete. Rerun ComboFix and just let it run. I've seen it take a couple of days on machines infected as heavily infected as this one. There are currently thousands of infected files on that system and they cannot be removed instantly. Let CF run until it completes.

Cheers.

OT


Lol, thanks OT. That's good to know. On the screen it said it'd take 10 mins so I just assumed that 45 mins was excessively long. I'll leave it going this time.

#8 3lpete

3lpete
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 06 March 2008 - 05:40 AM

Ok, I ran it for four days, and it didn't complete. Last time I ran it my desktop was empty but this time I just had my normal desktop with all the icons and taskbar there. Like nothing was even happening. There wasn't even any disk access sounds coming from my PC. Also, I checked the task manager and there didn't seem to be a combofix.exe running :thumbsup: . Is this what it's meant to be like?

I remembered that when I started running combofix I had only set norton antivirus to turn off for 5 hours. I don't know, maybe Norton interfered with it or something? In case it had I decided to just click it and run it again.

Edited by 3lpete, 06 March 2008 - 05:45 AM.


#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:15 AM

Posted 06 March 2008 - 10:30 AM

Hi 3lpete. Yeah, it doesn't always work. Let's do this the old fashioned way lol.

First we need to disable TeaTimer so it does not interfere with the changes we are going to make.
  • Start Spybot-S&D.
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools and then click on Resident.
  • Uncheck Resident TeaTimer and choose OK for any further prompts.
  • Restart your computer.
Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
cel90xbe
Files to delete:
%SystemDrive%\DOCUME~1\Mark!\LOCALS~1\Temp\cel90xbe.sys
%SystemRoot%\System32\coh.cache
%SystemRoot%\System32\ehkmp.ini
%SystemRoot%\System32\ehkmp.ini2
%SystemRoot%\System32\kfjcfvuv.ini
%SystemRoot%\system32\pmkhe.dll
%SystemRoot%\system32\pmkhe.dll 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Mark!\Local Settings\Temp\xvthqlhu.exe
Folders to delete:
%SystemDrive%\ComboFix
%SystemRoot%\System32\ez2
%SystemRoot%\System32\nGpxx01
%SystemRoot%\System32\pu1
%SystemRoot%\System32\zx8

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (cel90xbe) cel90xbe [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Mark!\LOCALS~1\Temp\cel90xbe.sys
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {76B035A2-C2DD-49F3-8AAC-A82427128354} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmkhe.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {837BA7CE-022C-4606-AB43-AE47323B173E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {D85530E8-D39D-49D0-9F36-300D594556D2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {E7535E8D-6A47-4A76-BCDF-133A3E6248CD} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnno.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {03646F67-527E-4d2a-8073-092EE87A3DD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{03646F67-527E-4D2A-8073-092EE87A3DD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{03646F67-527E-4D2A-8073-092EE87A3DD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\pmkhe.dll -> %SystemRoot%\system32\pmkhe.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\btdownloadgui.exe -> C:\Program Files\BitTorrent\btdownloadgui.exe [C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa Lite K++\KazaaLite.kpp -> C:\Program Files\Kazaa Lite K++\KazaaLite.kpp [C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DC++\DCPlusPlus.exe -> C:\Program Files\DC++\DCPlusPlus.exe [C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IntelliJ\bin\idea.exe -> C:\Program Files\IntelliJ\bin\idea.exe [C:\Program Files\IntelliJ\bin\idea.exe:*:Enabled:LaunchAnywhere GUI]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WSFTP\ws_ftp95.exe -> C:\Program Files\WSFTP\ws_ftp95.exe [C:\Program Files\WSFTP\ws_ftp95.exe:*:Enabled:WS_FTP 95]
[Files/Folders - Created Within 30 days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> coh.cache -> %SystemRoot%\System32\coh.cache
NY -> ehkmp.ini -> %SystemRoot%\System32\ehkmp.ini
NY -> ehkmp.ini2 -> %SystemRoot%\System32\ehkmp.ini2
NY -> ez2 -> %SystemRoot%\System32\ez2
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> kfjcfvuv.ini -> %SystemRoot%\System32\kfjcfvuv.ini
NY -> nGpxx01 -> %SystemRoot%\System32\nGpxx01
NY -> pmkhe.dll -> %SystemRoot%\System32\pmkhe.dll
NY -> pu1 -> %SystemRoot%\System32\pu1
NY -> zx8 -> %SystemRoot%\System32\zx8
NY -> 8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> ComboFix -> %SystemDrive%\ComboFix
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> coh.cache -> %SystemRoot%\System32\coh.cache
NY -> ehkmp.ini -> %SystemRoot%\System32\ehkmp.ini
NY -> ehkmp.ini2 -> %SystemRoot%\System32\ehkmp.ini2
NY -> ez2 -> %SystemRoot%\System32\ez2
NY -> kfjcfvuv.ini -> %SystemRoot%\System32\kfjcfvuv.ini
NY -> nGpxx01 -> %SystemRoot%\System32\nGpxx01
NY -> pmkhe.dll -> %SystemRoot%\System32\pmkhe.dll
NY -> pu1 -> %SystemRoot%\System32\pu1
NY -> zx8 -> %SystemRoot%\System32\zx8
NY -> 8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> xvthqlhu.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\xvthqlhu.exe
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 3lpete

3lpete
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 March 2008 - 09:36 AM

Hi OldTimer. My wireless router is broken :thumbsup: so I'm not going to be able to run the online scan on the infected computer... I will post back when it's sorted out. Thanks for all your help so far.

Edited by 3lpete, 11 March 2008 - 09:37 AM.


#11 3lpete

3lpete
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 03 May 2008 - 05:25 AM

Hi OldTimer! I know it's been a while but I'm back. Hope you can still help me out.


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "cel90xbe" deleted successfully.

Error: file "C:\DOCUME~1\Mark!\LOCALS~1\Temp\cel90xbe.sys" not found!
Deletion of file "C:\DOCUME~1\Mark!\LOCALS~1\Temp\cel90xbe.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\System32\coh.cache" deleted successfully.
File "C:\WINDOWS\System32\ehkmp.ini" deleted successfully.
File "C:\WINDOWS\System32\ehkmp.ini2" deleted successfully.
File "C:\WINDOWS\System32\kfjcfvuv.ini" deleted successfully.
File "C:\WINDOWS\system32\pmkhe.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\pmkhe.dll" not found!
Deletion of file "C:\WINDOWS\system32\pmkhe.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat" deleted successfully.
File "C:\Documents and Settings\Mark!\Local Settings\Temp\xvthqlhu.exe" deleted successfully.
Folder "C:\ComboFix" deleted successfully.
Folder "C:\WINDOWS\System32\ez2" deleted successfully.
Folder "C:\WINDOWS\System32\nGpxx01" deleted successfully.
Folder "C:\WINDOWS\System32\pu1" deleted successfully.
Folder "C:\WINDOWS\System32\zx8" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.










-----


F secure online scan:

Scanning Report
Wednesday, April 30, 2008 18:53:06 - 06:55:59

Computer name: MARKSPC
Scanning type: Scan system for malware, rootkits
Target: C:\ F:\
Result: 2 malware found
Trojan-Clicker.JS.gen (virus)

* F:\SYSTEM VOLUME INFORMATION\_RESTORE{01E0D898-15BC-481D-8E15-90CD260A8D81}\RP7\A0002241.HTA (Renamed)

not-virus:Hoax.Win32.CardGen.g (virus)

* C:\DOCUMENTS AND SETTINGS\MARK!\MY DOCUMENTS\MY CODE\FILES\MY DOCUMENTS\ZEBULUN\CMASTER4\CMASTER4.EXE

Statistics
Scanned:

* Files: 171931
* System: 4394
* Not scanned: 15

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{54DA9755-20A8-4788-8BA9-8A294732F30B}.BIN
* C:\RECYCLER\NPROTECT\00000462.LNK
* C:\RECYCLER\NPROTECT\00000868.LNK
* C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
* C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSYS.DLL
* C:\AVENGER\PMKHE.DLL
* C:\AVENGER\ZX8\LIOPUD89104.EXE
* C:\AVENGER\PU1\HIBA3133.EXE

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-04-30
* F-Secure AVP: 7.0.171, 2008-04-30
* F-Secure Pegasus: 1.20.0, 2008-02-28
* F-Secure Blacklight: 1.0.64

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.



-----



WinPFind35 logfile created on: 2008-05-03 10:04:24
WinPFind35U Version 1.0.3.0	 Folder = C:\Documents and Settings\Mark!\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd
 
255.48 Mb Total Physical Memory | 132.92 Mb Available Physical Memory | 52.03% Memory free
1000.71 Mb Paging File | 747.76 Mb Available in Paging File | 74.72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;F:\pagefile.sys 0 0;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 32.94 Gb Free Space | 29.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 38.15 Gb Total Space | 12.01 Gb Free Space | 31.47% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARKSPC
Current User Name: Mark!
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 2008-02-17 23:23:58 | Attr =	]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 2008-02-17 23:05:03 | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 14:27:08 | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2008-01-15 03:40:04 | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 2008-02-17 23:10:14 | Attr =	]
wlservice.exe -> %ProgramFiles%\Belkin\Belkin Wireless Network Utility\WLService.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 2004-03-29 17:08:16 | Attr =	]
wlancfgg.exe -> %ProgramFiles%\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe ->  [Ver = 1, 0, 7, 4 | Size = 827392 bytes | Modified Date = 2005-06-13 16:45:54 | Attr =	]
kservice.exe -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 2007-04-23 12:22:14 | Attr =	]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.18 | Size = 47104 bytes | Modified Date = 2003-02-10 08:59:48 | Attr = R  ]
ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe ->  [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 2006-01-07 02:36:10 | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 84640 bytes | Modified Date = 2008-02-17 22:43:39 | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.0 | Size = 310784 bytes | Modified Date = 2008-03-01 02:06:42 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 14:27:08 | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2008-01-15 03:40:04 | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 2008-02-17 23:10:14 | Attr =	]
(Belkin Wireless USB Network Adapter Service) Belkin Wireless USB Network Adapter [Win32_Own | Auto | Running] -> %ProgramFiles%\Belkin\Belkin Wireless Network Utility\WLService.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 2004-03-29 17:08:16 | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 2008-02-17 23:23:58 | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 2008-02-17 23:23:58 | Attr =	]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 2008-02-17 23:23:58 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 08:56:48 | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2008-01-15 04:22:44 | Attr =	]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\isPwdSvc.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 79496 bytes | Modified Date = 2008-02-17 23:28:42 | Attr =	]
(KService) KService [Win32_Own | Auto | Running] -> %ProgramFiles%\Kontiki\KService.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 3068352 bytes | Modified Date = 2007-04-23 12:22:14 | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 2008-02-17 23:10:14 | Attr =	]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 2008-02-17 23:23:58 | Attr =	]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 2008-01-29 18:38:31 | Attr =	]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe ->  [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 2004-07-27 19:07:08 | Attr =	]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 2005-11-24 17:03:22 | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 2006-03-09 15:29:00 | Attr =	]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 2005-11-24 16:57:44 | Attr =	]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 2004-10-15 20:40:56 | Attr =	]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 2005-11-24 16:47:30 | Attr =	]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.4.01.13062 | Size = 69632 bytes | Modified Date = 2006-01-06 22:25:12 | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1251720 bytes | Modified Date = 2008-02-19 09:49:17 | Attr =	]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 2008-02-17 23:05:03 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 2008-01-19 19:02:26 | Attr =	]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5080 | Size = 696284 bytes | Modified Date = 2003-02-11 08:34:52 | Attr = R  ]
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 1999-09-10 12:06:00 | Attr = R  ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Modified Date = 2004-08-04 06:29:26 | Attr =	]
(BsStor) InCD Storage Helper Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\bsstor.sys -> B.H.A Co.,Ltd. [Ver = 1.0.7 | Size = 9344 bytes | Modified Date = 2002-06-06 00:07:00 | Attr =	]
(BsUDF) InCD UDF Driver [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\bsudf.sys -> ahead software [Ver = 3.33.0 | Size = 434944 bytes | Modified Date = 2002-07-10 10:35:14 | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-04 07:07:17 | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-04 07:07:16 | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2002-08-29 21:00:00 | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 2008-02-13 16:37:46 | Attr =	]
(ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyCDFL.sys -> Elaborate Bytes [Ver = 4, 0, 0, 0 | Size = 4480 bytes | Modified Date = 2002-04-09 16:00:10 | Attr =	]
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 4, 0, 0, 0 | Size = 13300 bytes | Modified Date = 2002-04-04 09:40:29 | Attr =	]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 2008-02-13 16:37:46 | Attr =	]
(F-Secure Standalone Minifilter) F-Secure Standalone Minifilter [Kernel | On_Demand | Stopped] -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk.sys ->  [Ver =  | Size = 65024 bytes | Modified Date = 2008-03-09 23:27:40 | Attr =	]
(FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc.			   [Ver = 2.66 | Size = 27165 bytes | Modified Date = 2001-08-17 12:13:08 | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 2006-09-19 15:44:04 | Attr =	]
(GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> D:\INSTALL\GMSIPCI.SYS -> File not found
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(IFPUSB) iRiver Internet Audio Player IFP-100 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ifpusb.sys -> iRiver, Inc. [Ver = 1.00 | Size = 12790 bytes | Modified Date = 2003-01-13 07:24:40 | Attr = R  ]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080502.004\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 82256 bytes | Modified Date = 2008-04-17 09:00:00 | Attr =	]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080502.004\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 895408 bytes | Modified Date = 2008-04-17 09:00:00 | Attr =	]
(NETGEAR_MA111) NETGEAR 802.11b MA111 Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MA111nd5.sys -> NETGEAR, Inc. [Ver = 3.00.08 | Size = 644608 bytes | Modified Date = 2003-08-29 08:39:08 | Attr =	]
(NTACCESS) NTACCESS [Kernel | On_Demand | Stopped] -> D:\NTACCESS.sys -> File not found
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 2826944 bytes | Modified Date = 2004-10-29 17:50:00 | Attr =	]
(PCANDIS5) PCANDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCANDIS5.SYS -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.00.13.50 | Size = 16292 bytes | Modified Date = 2003-08-29 08:39:06 | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRJNDL) PDRJNDL [Kernel | Auto | Running] -> %ProgramFiles%\Dekart\Private Disk Light\pdrjndl.sys ->  [Ver =  | Size = 16512 bytes | Modified Date = 2002-09-26 17:26:08 | Attr =	]
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 200 | Size = 14604 bytes | Modified Date = 2003-08-11 11:07:46 | Attr =	]
(PRVDISK) PRVDISK [Kernel | Auto | Running] -> %ProgramFiles%\Dekart\Private Disk Light\prvdisk.sys -> Dekart   [Ver = 1.0B | Size = 14080 bytes | Modified Date = 2002-11-07 13:25:22 | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2002-08-29 21:00:00 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 2005-04-25 10:03:00 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RT73) Belkin USB Network Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.00.0000 | Size = 232192 bytes | Modified Date = 2005-08-03 00:00:36 | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 11:25:53 | Attr =	]
(SetupNTGLM7X) SetupNTGLM7X [Kernel | On_Demand | Stopped] -> D:\NTGLM7X.sys -> File not found
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 2001-08-17 13:56:16 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.0.0.107 | Size = 406672 bytes | Modified Date = 2008-02-17 23:12:23 | Attr =	]
(SRTSP) SRTSP [File_System | System | Running] -> %SystemRoot%\system32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 2007-12-01 00:57:12 | Attr =	]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 2007-12-01 00:57:12 | Attr =	]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 2007-12-01 00:57:12 | Attr =	]
(STEC3) STEC3 [Kernel | Auto | Running] -> %SystemRoot%\system32\STEC3.sys -> AntiCracking [Ver = 4.00 | Size = 2368 bytes | Modified Date = 2005-04-26 18:00:13 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 12848 bytes | Modified Date = 2007-10-30 20:55:14 | Attr =	]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 2008-02-19 09:58:45 | Attr =	]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 145968 bytes | Modified Date = 2007-10-30 20:55:20 | Attr =	]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 39856 bytes | Modified Date = 2007-10-30 20:55:28 | Attr =	]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20080429.001\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 2008-02-14 04:13:52 | Attr =	]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 35120 bytes | Modified Date = 2007-10-30 20:55:24 | Attr =	]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 27696 bytes | Modified Date = 2007-10-30 20:55:34 | Attr =	]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 191536 bytes | Modified Date = 2007-10-30 20:55:38 | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 2004-10-15 19:17:02 | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(U81xbus) LGE U8XXX driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xbus.sys -> MCCI [Ver = V4.20 | Size = 52352 bytes | Modified Date = 2004-07-16 14:29:00 | Attr = R  ]
(U81xmdfl) LGE U8XXX USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xmdfl.sys -> MCCI [Ver = V4.20 | Size = 6064 bytes | Modified Date = 2004-07-16 14:29:00 | Attr = R  ]
(U81xmdm) LGE U8XXX USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xmdm.sys -> MCCI [Ver = V4.20 | Size = 84480 bytes | Modified Date = 2004-07-16 14:29:00 | Attr = R  ]
(U81xmgmt) LGE U8XXX USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xmgmt.sys -> MCCI [Ver = V4.20 | Size = 77472 bytes | Modified Date = 2004-07-16 14:29:00 | Attr = R  ]
(U81xobex) LGE U8XXX USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\U81xobex.sys -> MCCI [Ver = V4.20 | Size = 75456 bytes | Modified Date = 2004-07-16 14:29:00 | Attr = R  ]
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(usbcm) USB Cable Modem 351000 NDIS Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbcm.sys -> Microsystems Corp [Ver = 1.10.35.1000 | Size = 13335 bytes | Modified Date = 2002-04-11 21:21:38 | Attr = R  ]
(vsdatant) vsdatant [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 19:32:38 | Attr =	]
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 19:32:40 | Attr =	]
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 19:32:42 | Attr =	]
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 2004-10-15 19:32:44 | Attr =	]
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 2004-10-15 19:18:46 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
4oD -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 2007-04-23 12:23:14 | Attr =	]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 84640 bytes | Modified Date = 2008-02-17 22:43:39 | Attr =	]
CloneCDElbyCDFL -> %ProgramFiles%\Elaborate Bytes\CloneCD\ElbyCheck.exe -> Elaborate Bytes [Ver = 2, 0, 0, 1 | Size = 45056 bytes | Modified Date = 2001-12-06 13:09:08 | Attr =	]
InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Copyright (C) ahead software gmbh and its licensors [Ver = 3.33.0 | Size = 1048576 bytes | Modified Date = 2002-07-10 10:32:58 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 2008-01-15 04:22:56 | Attr =	]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 11:50:42 | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 2006-03-09 15:29:00 | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 86016 bytes | Modified Date = 2006-03-09 15:29:00 | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe ->  [Ver =  | Size = 1519616 bytes | Modified Date = 2006-03-09 15:29:00 | Attr =	]
osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Modified Date = 2008-02-17 22:58:42 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 2008-01-10 16:27:36 | Attr =	]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 2003-10-31 19:42:40 | Attr =	]
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 2004-10-15 20:40:56 | Attr =	]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.18 | Size = 47104 bytes | Modified Date = 2003-02-10 08:59:48 | Attr = R  ]
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe ->  [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 2006-01-07 02:36:10 | Attr =	]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 2008-01-29 18:38:31 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Google Update -> %UserProfile%\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe -> Google Inc. [Ver = 1.0.0.0 | Size = 21488 bytes | Modified Date = 2008-02-15 08:53:09 | Attr =	]
kdx -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.11.704.230 | Size = 1032640 bytes | Modified Date = 2007-04-23 12:23:14 | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 2008-01-28 12:43:40 | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 1999-11-04 15:06:48 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 2004-12-14 05:44:06 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\LG SyncManager.lnk -> %ProgramFiles%\LG PC Suite\LG PC Sync\LGSyncManager.exe -> LG Electronics Inc. [Ver = 1, 0, 2, 0 | Size = 225280 bytes | Modified Date = 2004-07-16 15:32:56 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\µTorrent.lnk -> %ProgramFiles%\uTorrent\uTorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 2008-02-05 00:07:26 | Attr =	]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\DVD Region-Free\DVDShell.dll [] -> Fengtao Software [Ver = 3, 2, 5, 8 | Size = 49152 bytes | Modified Date = 2003-12-20 22:58:02 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMovingBands -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCloseDragDropBands -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetTaskbar -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarsOnTaskbar -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (226635 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4223 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4317 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 2004-12-14 02:56:50 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 12:43:28 | Attr =	]
{7964AB85-3D86-43DA-B1A6-D062722F92A1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmkhe.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{A06260FB-B9F6-42E7-94DE-3A652E6E2D7E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 12:43:28 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 12:43:28 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{200D4FD9-2766-41D7-A7DB-24B3A227AF59} ->	(USB Cable Modem 351000) -> 
{20376C9C-9DDD-4719-8529-33EDE840C815} ->	(Belkin 54g Wireless USB Network Adapter) -> 
{5ED4B9AD-6CEE-4CA1-A725-73E86320025A} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 
{992779B0-802B-43AC-953C-52D7ABFF0A57} ->	(VIA Compatable Fast Ethernet Adapter) -> 
{D1E641C4-6BBC-4656-9290-B963FAFA0025} ->	(NETGEAR MA111 802.11b Wireless USB Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000075-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/voxacm.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 



[Files/Folders - Created Within 30 days]
COH_Mon.cat -> %SystemRoot%\System32\drivers\COH_Mon.cat ->  [Ver =  | Size = 10537 bytes | Modified Date = 2008-03-06 21:32:09 | Attr =	]
COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf ->  [Ver =  | Size = 706 bytes | Modified Date = 2008-03-06 21:32:09 | Attr =	]
COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23904 bytes | Modified Date = 2008-03-06 21:32:09 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 2008-04-30 21:27:42 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 267964416 bytes | Modified Date = 2008-05-03 09:23:02 | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2008-05-02 22:03:03 | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2008-05-03 03:06:28 | Attr =	]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2008-05-02 20:17:23 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 64576 bytes | Modified Date = 2008-04-17 19:50:36 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 409562 bytes | Modified Date = 2008-04-17 19:50:36 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 481850 bytes | Modified Date = 2008-04-17 19:50:36 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2422 bytes | Modified Date = 2008-05-02 19:27:15 | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-05-03 09:23:10 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-05-01 09:01:40 | Attr =   S]
DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI ->  [Ver =  | Size = 67 bytes | Modified Date = 2008-04-28 21:30:20 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 49 bytes | Modified Date = 2008-04-28 21:08:31 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-05-03 09:18:24 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-05-03 09:27:18 | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2008-04-17 19:50:36 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2008-05-03 09:24:59 | Attr =	]
Norton AntiVirus - Run Full System Scan - Mark!.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Mark!.job ->  [Ver =  | Size = 530 bytes | Modified Date = 2008-05-02 20:00:42 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-05-03 09:24:31 | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1310 bytes | Modified Date = 2003-08-25 12:18:51 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2008-03-09 18:20:32 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2008-03-09 18:20:32 | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 2003-06-29 00:57:05 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 2004-09-03 18:17:51 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 2008-03-09 23:28:18 | Attr =	]
fssm32.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 2008-03-09 23:28:19 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 2008-03-09 23:28:18 | Attr =	]
fssm32.exe -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 2008-03-09 23:28:19 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 2008-03-09 23:28:17 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 2008-03-09 23:28:18 | Attr =	]
daas_s.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2008-02-27 16:59:28 | Attr =	]
fm4av.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 2008-04-30 18:52:16 | Attr =	]
fpinor.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 2008-03-09 23:28:18 | Attr =	]
fsbl.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 2008-03-09 23:28:18 | Attr =	]
fsbld.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 2008-03-09 23:27:44 | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 2008-03-09 23:28:18 | Attr =	]
fsmart.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 28 | Size = 147456 bytes | Modified Date = 2008-04-30 18:52:06 | Attr =	]
fspe32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 2008-03-09 23:27:41 | Attr =	]
fsup32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll ->  [Ver =  | Size = 126976 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14133 | Size = 880640 bytes | Modified Date = 2008-04-30 18:52:07 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 2008-03-09 23:26:31 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 2008-03-09 23:28:17 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 2008-03-09 23:28:18 | Attr =	]
fm4av.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 2008-04-30 18:52:16 | Attr =	]
fpinor.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 2008-03-09 23:28:18 | Attr =	]
fsbl.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 2008-03-09 23:28:18 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 2008-03-09 23:28:18 | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fspe32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsup32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll ->  [Ver =  | Size = 126976 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
fsmart.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 28 | Size = 147456 bytes | Modified Date = 2008-04-30 18:52:06 | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14133 | Size = 880640 bytes | Modified Date = 2008-04-30 18:52:07 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 2008-03-09 23:26:31 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 2008-03-09 23:27:41 | Attr =	]
fsblu.dll -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 2008-03-09 23:27:44 | Attr =	]
Perflib_Perfdata_d38.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\Perflib_Perfdata_d38.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-04-30 18:12:35 | Attr =	]
2 C:\Documents and Settings\Mark!\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark!\Local Settings\Temp\*.tmp -> 
ext.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 2008-04-30 18:48:24 | Attr =	]
fsedb.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 795562 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
perf.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 2008-04-30 18:53:31 | Attr =	]
sae.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 2008-04-30 18:48:24 | Attr =	]
sai.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 2008-04-30 18:48:24 | Attr =	]
ext.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 2008-04-30 18:48:24 | Attr =	]
sae.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 2008-04-30 18:48:24 | Attr =	]
sai.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 2008-04-30 18:48:24 | Attr =	]
fsedb.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 795562 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 2008-04-30 18:51:40 | Attr =	]
FS@av.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 2008-04-30 18:48:24 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 2008-04-30 18:47:26 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 2008-03-09 23:27:44 | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 2008-04-30 18:52:16 | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 2008-04-30 18:52:06 | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 2008-03-09 23:27:40 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 2008-04-30 18:50:18 | Attr =	]
verdicts.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 2008-04-30 18:47:32 | Attr =	]
FS@av.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 2008-04-30 18:48:24 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 2008-04-30 18:47:26 | Attr =	]
verdicts.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 2008-04-30 18:47:32 | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 2008-04-30 18:52:16 | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 2008-04-30 18:51:39 | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 2008-04-30 18:52:06 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 2008-04-30 18:50:18 | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 2008-03-09 23:27:40 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Mark!\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 2008-03-09 23:27:44 | Attr =	]
Perflib_Perfdata_1b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1b4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-05-03 09:24:56 | Attr =	]
Perflib_Perfdata_720.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_720.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-04-30 18:05:20 | Attr =	]
3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Kontiki -> %AllUsersProfile%\Application Data\Kontiki ->  [Folder | Modified Date = 2008-05-03 10:03:45 | Attr =	]
Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 2008-05-02 20:17:29 | Attr =	]
uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 2008-05-03 09:48:07 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 236032 bytes | Modified Date = 2008-04-28 21:00:40 | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 2107968 bytes | Modified Date = 2008-04-29 00:06:59 | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 2008-04-28 21:02:24 | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 2008-05-02 20:17:19 | Attr =	]

< End of report >

Attached Files



#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:15 AM

Posted 03 May 2008 - 09:53 AM

Hi 3lpete. The logs all look good. There are only a couple of left-over entries we will take care of below. How are things running now? Any more problems?

To remove the remaining entries do the following:

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7964AB85-3D86-43DA-B1A6-D062722F92A1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmkhe.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {A06260FB-B9F6-42E7-94DE-3A652E6E2D7E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 3lpete

3lpete
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 03 May 2008 - 01:42 PM

OK, the scan completed fine.

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7964AB85-3D86-43DA-B1A6-D062722F92A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7964AB85-3D86-43DA-B1A6-D062722F92A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A06260FB-B9F6-42E7-94DE-3A652E6E2D7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A06260FB-B9F6-42E7-94DE-3A652E6E2D7E}\ not found.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.3.0 fix logfile created on 05032008_190839

Thank you very much!!!

Only thing left is that the c drive icon is still the red cross, do you know how to change it back?

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:15 AM

Posted 03 May 2008 - 05:38 PM

Hi 3lpete. Yes we can fix that but you will need the latest version. The WinPFind series was retired a couple of months ago and a new version is now in-use. Delete the current WinPFind35u.exe file from the desktop and teh WinPFind35u folder and then follow the instruction below.

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click on the None button on the toolbar.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - MountPoints2
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 3lpete

3lpete
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 04 May 2008 - 05:58 AM

Ok, done.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users