Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj_vundo.aod


  • Please log in to reply
8 replies to this topic

#1 mwe

mwe

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 26 February 2008 - 03:03 PM

Hello,

I,m running Windows XP and have followed the steps listed within the Preparation Guide for use before posting a HijackThis Log.

- Clean out your temporary internet files and temp files.
- Scan your computer with Ad-Aware and Spybot - Search and Destroy
- Scan your computer for malware infections - Housecall Anti Virus Scan found - Troj_Vundo.aod
- Run McAfee Stinger:
- Enable or install a firewall - currently have McAfee
- Using Windows Update to get the latest Windows security updates.
- Download HijackThis and create a log

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:57 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [84b1a72b] rundll32.exe "C:\WINDOWS\system32\chjajbfp.dll",b
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BM878294b7] Rundll32.exe "C:\WINDOWS\system32\syeyhwkw.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {1D4BC8B9-E9F8-4F60-B62B-865307C081A2} (Siebel High Interactivity Framework) - https://portal.rio.directv.com/echannelcmes...x_HI_Client.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://willow.marshfieldclinic.org/dana-ca...uniperSetup.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 15128 bytes



Pls help me, thx for your assistance in advance :thumbsup:

mw

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:55 AM

Posted 06 March 2008 - 12:59 PM

Hello mwe and welcome to the BC HijackThis forum. Let's get a little better picture here.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 07 March 2008 - 09:33 AM

OT,

Thank you so much for replying...as u instructed i cleaned out the temporoary folders, processed the AFT Cleaner and then ran the WinPFind35U.exe scan. Pls see below :

WinPFind35 logfile created on: 3/7/2008 7:24:09 AM
WinPFind35U Version 1.0.3.1	 Folder = C:\Documents and Settings\Marcella Wester\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.07 Mb Total Physical Memory | 293.47 Mb Available Physical Memory | 28.94% Memory free
2.38 Gb Paging File | 1.79 Gb Available in Paging File | 75.03% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.26 Gb Total Space | 49.74 Gb Free Space | 69.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJVKQ891
Current User Name: Marcella Wester
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.2 (A) | Size = 1422528 bytes | Modified Date = 6/19/2003 12:30:38 PM | Attr =	]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 6:08:06 AM | Attr =	]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 7:15:18 PM | Attr =	]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 11:36:04 AM | Attr =	]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 11:02:14 AM | Attr =	]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 2:54:42 PM | Attr =	]
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr =	]
sp_rsser.exe -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.1.0.284 | Size = 1097216 bytes | Modified Date = 2/22/2008 3:44:09 PM | Attr =	]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/4/2007 1:33:14 AM | Attr =	]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 7:46:34 PM | Attr =	]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 7:50:30 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 11/19/2003 4:48:14 PM | Attr =	]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0  nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 11:20:44 PM | Attr =	]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 3:19:56 PM | Attr =	]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 1/24/2006 8:43:22 AM | Attr =	]
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr =	]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.10.0097 | Size = 110592 bytes | Modified Date = 9/8/2005 6:20:46 PM | Attr =	]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.707.23222 | Size = 1838592 bytes | Modified Date = 8/16/2007 2:11:50 AM | Attr =	]
pptd40nt.exe -> %ProgramFiles%\ScanSoft\PaperPort\Pptd40nt.exe -> Scansoft Inc. [Ver = 6.5 | Size = 26624 bytes | Modified Date = 4/2/2001 9:40:46 AM | Attr =	]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.435 | Size = 139320 bytes | Modified Date = 10/6/2004 2:50:00 PM | Attr =	]
dlcjmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 964\dlcjmon.exe -> Dell [Ver = 2.77.0.0 | Size = 430080 bytes | Modified Date = 9/30/2005 7:51:24 AM | Attr =	]
memcard.exe -> %ProgramFiles%\Dell Photo AIO Printer 964\memcard.exe ->  [Ver = 1.0.10.1 | Size = 286720 bytes | Modified Date = 8/10/2005 7:12:14 AM | Attr =	]
mediadetect.exe -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 10:06:18 AM | Attr =	]
j2gdllcmd.exe -> %ProgramFiles%\eFax Messenger 4.3\J2GDllCmd.exe -> j2 Global Communications, Inc. [Ver = 4.3.409.0 | Size = 116224 bytes | Modified Date = 3/6/2007 10:21:31 AM | Attr =	]
dlcjcoms.exe -> %SystemRoot%\system32\dlcjcoms.exe ->  [Ver = 1.198.15.0 | Size = 491520 bytes | Modified Date = 7/12/2005 2:33:02 PM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr =	]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/30/2007 5:55:05 AM | Attr =	]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.707.23222 | Size = 1838592 bytes | Modified Date = 8/16/2007 2:11:50 AM | Attr =	]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr =	]
sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr =	]
j2gtray.exe -> %ProgramFiles%\eFax Messenger 4.3\J2GTray.exe -> j2 Global Communications, Inc. [Ver = 4.3.409.0 | Size = 629248 bytes | Modified Date = 3/6/2007 10:24:42 AM | Attr =	]
memonitor.exe -> %ProgramFiles%\Verizon Wireless\V CAST Music Manager\MEMonitor.exe -> Smith Micro Software, Inc. [Ver = 1.1.0 | Size = 947544 bytes | Modified Date = 7/4/2007 1:25:16 AM | Attr =	]
webshots.scr -> %ProgramFiles%\Webshots\webshots.scr -> Webshots.com [Ver = 2.5.0.5135 | Size = 1646592 bytes | Modified Date = 1/25/2006 4:14:44 PM | Attr =	]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 12:41:52 AM | Attr =	]
tgcmd.exe -> %ProgramFiles%\support.com\bin\tgcmd.exe -> SupportSoft, Inc. [Ver = 5,6,1125,0 | Size = 1773568 bytes | Modified Date = 3/7/2007 9:58:20 AM | Attr =	]
ctoolbar.exe -> %ProgramFiles%\Crawler\Toolbar\CToolbar.exe -> Crawler.com [Ver = 5.1.0.169 | Size = 1978320 bytes | Modified Date = 2/22/2008 10:15:44 AM | Attr =	]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.1 | Size = 310784 bytes | Modified Date = 3/5/2008 1:21:14 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
(awhost32) pcAnywhere Host Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\pcAnywhere\AWHOST32.EXE -> Symantec Corporation [Ver = 10.5.1.505 | Size = 114749 bytes | Modified Date = 2/15/2002 10:51:00 AM | Attr =	]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.2 (A) | Size = 1422528 bytes | Modified Date = 6/19/2003 12:30:38 PM | Attr =	]
(dlcj_device) dlcj_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\dlcjcoms.exe ->  [Ver = 1.198.15.0 | Size = 491520 bytes | Modified Date = 7/12/2005 2:33:02 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/1/2007 7:55:20 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr =	]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.435 | Size = 102463 bytes | Modified Date = 10/6/2004 2:50:00 PM | Attr =	]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 6:08:06 AM | Attr =	]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 7:15:18 PM | Attr =	]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/25/2007 2:16:16 AM | Attr =	]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 11:36:04 AM | Attr =	]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] ->  -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 12:41:52 AM | Attr =	]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 2:54:42 PM | Attr =	]
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr =	]
(sp_rssrv) Spyware Terminator Realtime Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.1.0.284 | Size = 1097216 bytes | Modified Date = 2/22/2008 3:44:09 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 12:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 10:07:44 PM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 12:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 12:51:58 PM | Attr =	]
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 1/24/2006 8:43:25 AM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(awlegacy) awlegacy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AWLEGACY.SYS -> Symantec Corporation [Ver = 9.2.1 | Size = 10816 bytes | Modified Date = 9/11/2000 10:51:00 AM | Attr =	]
(AW_HOST) AW_HOST [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AW_HOST5.sys -> Symantec Corporation [Ver = 10.5.1.497 | Size = 33496 bytes | Modified Date = 2/11/2002 10:51:00 AM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 12:51:54 PM | Attr =	]
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CVirtA.sys -> Cisco Systems, Inc. [Ver = 4.0.0.106 | Size = 5220 bytes | Modified Date = 5/1/2003 1:26:34 PM | Attr = R  ]
(CVPNDRVA) Cisco Systems Inc. IPSec Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CVPNDRVA.sys -> Cisco Systems, Inc. [Ver = 4.0.2 (A) | Size = 268360 bytes | Modified Date = 6/19/2003 12:29:52 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 12:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dne2000.sys -> Deterministic Networks, Inc. [Ver = 2.20.3.220 | Size = 138916 bytes | Modified Date = 10/17/2002 2:22:50 PM | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.03a | Size = 87488 bytes | Modified Date = 12/1/2004 2:22:00 AM | Attr =	]
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.43a | Size = 40480 bytes | Modified Date = 11/23/2004 1:56:00 AM | Attr =	]
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 3:07:28 PM | Attr =	]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 11:10:48 AM | Attr =   S]
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.15.0 built by: WinDDK | Size = 155648 bytes | Modified Date = 10/14/2004 8:30:46 PM | Attr =	]
(Eacfilt) Eacfilt Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\eacfilt.sys -> Nortel Networks [Ver = 4.60.0.0 | Size = 9433 bytes | Modified Date = 10/23/2003 3:55:46 PM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =	]
(Gernuwa) Gernuwa [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\GERNUWA.SYS -> Symantec Corporation [Ver = 10.5.0 | Size = 14944 bytes | Modified Date = 10/9/2001 10:51:00 AM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 8/12/2004 4:45:54 PM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4410 | Size = 1302812 bytes | Modified Date = 10/14/2005 8:15:18 PM | Attr =	]
(IPSECEXT) Nortel Extranet Access Protocol [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\ipsecw2k.sys -> Nortel Networks [Ver = 4.10 | Size = 115680 bytes | Modified Date = 10/23/2003 3:55:24 PM | Attr =	]
(IPSECSHM) Nortel IPSECSHM Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ipsecw2k.sys -> Nortel Networks [Ver = 4.10 | Size = 115680 bytes | Modified Date = 10/23/2003 3:55:24 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 79304 bytes | Modified Date = 7/24/2007 6:40:36 AM | Attr =	]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 35240 bytes | Modified Date = 7/21/2007 8:08:24 AM | Attr =	]
(mfehidk) McAfee Inc. [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 201288 bytes | Modified Date = 7/21/2007 8:08:24 AM | Attr =	]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 33800 bytes | Modified Date = 7/24/2007 11:02:36 AM | Attr =	]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Modified Date = 7/21/2007 8:08:24 AM | Attr =	]
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Modified Date = 7/13/2007 8:20:24 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 12:52:12 PM | Attr =	]
(npkcrypt) npkcrypt [Kernel | Auto | Running] -> %SystemDrive%\Nexon\MapleStory\npkcrypt.sys -> INCA Internet Co., Ltd. [Ver = 2006. 11. 20. 1 | Size = 23217 bytes | Modified Date = 11/7/2007 10:38:12 PM | Attr =	]
(npkcusb) npkcusb [Kernel | On_Demand | Running] -> %SystemDrive%\Nexon\MapleStory\npkcusb.sys -> INCA Internet Co., Ltd. [Ver = 2006. 11. 9. 1 | Size = 15472 bytes | Modified Date = 11/7/2007 10:38:12 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 9:29:56 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 4/25/2005 1:03:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 12:52:18 PM | Attr =	]
(SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 10:07:44 PM | Attr =	]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 12:56:16 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 1:07:44 PM | Attr =	]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 10:29:04 AM | Attr =	]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 10:28:50 AM | Attr =	]
(STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4568.0  nd84 cp1 | Size = 180864 bytes | Modified Date = 6/14/2005 9:40:08 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 1:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 1:07:36 PM | Attr =	]
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 10.3.2.8 | Size = 57968 bytes | Modified Date = 1/30/2006 10:35:08 AM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 1:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 1:07:42 PM | Attr =	]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25883 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86586 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15227 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2/19/2008 9:52:39 AM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 12:52:22 PM | Attr =	]
(usbbus) LGE CDMA Composite USB Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lgusbbus.sys -> LG Electronics Inc. [Ver = Ver 4.8.0 | Size = 12672 bytes | Modified Date = 4/9/2007 9:53:24 AM | Attr =	]
(UsbDiag) LGE CDMA USB Serial Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lgusbdiag.sys -> LG Electronics Inc. [Ver = Ver 4.8.0 | Size = 21248 bytes | Modified Date = 4/9/2007 9:56:22 AM | Attr =	]
(USBModem) LGE CDMA USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lgusbmodem.sys -> LG Electronics Inc. [Ver = Ver 4.8.0 | Size = 22912 bytes | Modified Date = 4/9/2007 9:55:08 AM | Attr =	]
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs Inc. [Ver = 3.7.078.001 | Size = 176896 bytes | Modified Date = 3/3/2003 2:08:56 PM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
84b1a72b -> %SystemRoot%\system32\chjajbfp.DLL -> File not found
BM878294b7 -> %SystemRoot%\system32\rrvusaij.dll ->  [Ver =  | Size = 94272 bytes | Modified Date = 3/7/2008 7:07:00 AM | Attr =	]
Corel Photo Downloader -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 10:06:18 AM | Attr =	]
dla -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
DLCJCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlcjtime.dll ->  [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 8/15/2005 10:40:58 AM | Attr =	]
dlcjmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 964\dlcjmon.exe -> Dell [Ver = 2.77.0.0 | Size = 430080 bytes | Modified Date = 9/30/2005 7:51:24 AM | Attr =	]
dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ->   [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 11/15/2007 9:24:00 AM | Attr =	]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 3:19:56 PM | Attr =	]
eFax 4.3 -> %ProgramFiles%\eFax Messenger 4.3\J2GDllCmd.exe -> j2 Global Communications, Inc. [Ver = 4.3.409.0 | Size = 116224 bytes | Modified Date = 3/6/2007 10:21:31 AM | Attr =	]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.707.23222 | Size = 1838592 bytes | Modified Date = 8/16/2007 2:11:50 AM | Attr =	]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 7:46:34 PM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 7:50:30 PM | Attr =	]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 7:49:46 PM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr =	]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.435 | Size = 139320 bytes | Modified Date = 10/6/2004 2:50:00 PM | Attr =	]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/4/2007 1:33:14 AM | Attr =	]
MemoryCardManager -> %ProgramFiles%\Dell Photo AIO Printer 964\memcard.exe ->  [Ver = 1.0.10.1 | Size = 286720 bytes | Modified Date = 8/10/2005 7:12:14 AM | Attr =	]
MimBoot -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.10.0097 | Size = 8192 bytes | Modified Date = 9/8/2005 6:20:46 PM | Attr =	]
MMTray -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.10.0097 | Size = 110592 bytes | Modified Date = 9/8/2005 6:20:46 PM | Attr =	]
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 8/12/2005 4:16:44 PM | Attr =	]
PaperPort PTD -> %ProgramFiles%\ScanSoft\PaperPort\Pptd40nt.exe -> Scansoft Inc. [Ver = 6.5 | Size = 26624 bytes | Modified Date = 4/2/2001 9:40:46 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/14/2007 11:43:10 PM | Attr =	]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 1/24/2006 8:43:22 AM | Attr =	]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0  nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 11:20:44 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 11/19/2003 4:48:14 PM | Attr =	]
tgcmd -> %ProgramFiles%\support.com\bin\tgcmd.exe -> SupportSoft, Inc. [Ver = 5,6,1125,0 | Size = 1773568 bytes | Modified Date = 3/7/2007 9:58:20 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr =	]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr =	]
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/30/2007 5:55:05 AM | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Billminder.lnk -> %ProgramFiles%\Quicken\billmind.exe -> Intuit [Ver = 008.000.000.000 | Size = 36864 bytes | Modified Date = 11/19/2002 7:03:48 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\eFax 4.3.lnk -> %ProgramFiles%\eFax Messenger 4.3\J2GTray.exe -> j2 Global Communications, Inc. [Ver = 4.3.409.0 | Size = 629248 bytes | Modified Date = 3/6/2007 10:24:42 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/30/2007 5:55:05 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 15.0 R2 | Size = 806912 bytes | Modified Date = 11/11/2004 10:59:36 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 53248 bytes | Modified Date = 11/19/2002 7:04:06 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Startup.lnk -> %ProgramFiles%\Quicken\QWDLLS.EXE -> Intuit [Ver = 001.000.000.000 | Size = 36864 bytes | Modified Date = 11/19/2002 7:04:10 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\VPN Client.lnk -> %SystemRoot%\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico ->  [Ver =  | Size = 6144 bytes | Modified Date = 3/17/2006 10:19:56 AM | Attr = R  ]
< Marcella Wester Startup Folder > -> C:\Documents and Settings\Marcella Wester\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\MEMonitor.lnk -> %ProgramFiles%\Verizon Wireless\V CAST Music Manager\MEMonitor.exe -> Smith Micro Software, Inc. [Ver = 1.1.0 | Size = 947544 bytes | Modified Date = 7/4/2007 1:25:16 AM | Attr =	]
%UserProfile%\Start Menu\Programs\Startup\Webshots.lnk -> %ProgramFiles%\Webshots\Launcher.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 1/25/2006 4:12:40 PM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.707.23222 | Size = 145408 bytes | Modified Date = 8/16/2007 2:11:51 AM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 7:45:38 PM | Attr =	]
PCANotify -> %SystemRoot%\system32\PCANotify.dll -> Symantec Corporation [Ver = 10.5.1.505 | Size = 24638 bytes | Modified Date = 2/15/2002 10:51:00 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> 
< HOSTS File > (850 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.comcast.net/toolbar2.0/search/ -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en -> 
HKEY_CURRENT_USER\: Main\\Local Page -> \blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.comcast.net/toolbar2.0/search/ -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/22/2008 10:15:42 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 34 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
34 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 33 domain(s) found. -> 
housecall65_trendmicro.com [https] -> Trusted sites -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 3:37:04 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/23/2005 9:12:08 PM | Attr =	]
{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/22/2008 10:15:42 AM | Attr =	]
{49A7C2A2-8F0F-4322-BFBF-99055090512E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 12:21:58 PM | Attr =	]
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Search\YSearchSuggest.dll [Yahoo! IE Suggest] -> Yahoo! Inc. [Ver = 2007, 2, 23, 1 | Size = 140840 bytes | Modified Date = 2/23/2007 4:04:32 PM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 10/24/2007 5:51:28 AM | Attr =	]
{881CC440-A221-4C88-83B7-78B99AD68DB9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{92F5016C-89B5-4A8C-B38B-1615755DDD08} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{9CBF370E-848D-4207-9094-0648472D9FAA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar7.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 1/15/2008 2:12:33 AM | Attr =	]
{B1F47306-6684-44E5-91A3-50AC7AEB03D1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{C72767C9-FA17-4B73-AC09-08A23ECF29DF} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnli.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 331776 bytes | Modified Date = 2/16/2008 6:46:37 PM | Attr =	]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GoogleAFE\GoogleAE.dll [CBrowserHelperObject Object] -> Google [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 12/8/2005 1:00:34 PM | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 12/14/2005 3:29:40 PM | Attr =	]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 12/14/2005 3:29:40 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar7.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/22/2008 10:15:42 AM | Attr =	]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 12:21:58 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 3:37:04 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar7.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar7.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/22/2008 10:15:42 AM | Attr =	]
WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 12:21:58 PM | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 3:37:04 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr =	]
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}:Exec -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> UltimateBet [Ver = 2008, 1, 16, 1 | Size = 3667272 bytes | Modified Date = 1/16/2008 8:45:45 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Yahoo! Search ->  -> File not found
Crawler Search ->  -> File not found
Yahoo! &Dictionary ->  -> File not found
Yahoo! &Maps ->  -> File not found
Yahoo! &SMS ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
Comcast Install 1.0 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4E9B5E83-CF16-4479-A685-C3414563C5FE} ->	(Intel(R) PRO/100 VE Network Connection) -> 
{6960F593-16DD-45FA-8AD5-BF835266C4C1} ->	() -> 
{F72F714B-A6E3-4CB3-995C-35457571B26F} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 3/30/2007 5:55:05 AM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
tbr:{4D25FB7A-8902-4291-960E-9ADA051CFBBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll[] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/22/2008 10:15:42 AM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{1A26F07F-0D60-4835-91CF-1E1766A0EC56}[HKEY_LOCAL_MACHINE] -> http://scanner2.malware-scan.com/setup/webinst.cab[Reg Error: Key does not exist or could not be opened.] -> 
{1D4BC8B9-E9F8-4F60-B62B-865307C081A2}[HKEY_LOCAL_MACHINE] -> https://portal.rio.directv.com/echannelcmesm_enu/18372/applets/SiebelAx_HI_Client.cab[Siebel High Interactivity Framework] -> 
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[YInstStarter Class] -> 
{68282C51-9459-467B-95BF-3C0E89627E55}[HKEY_LOCAL_MACHINE] -> http://www.mks.com.pl/skaner/SkanerOnline.cab[MksSkanerOnline Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0}[HKEY_LOCAL_MACHINE] -> http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe[VideoEgg ActiveX Loader] -> 
{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}[HKEY_LOCAL_MACHINE] -> http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB[TSEasyInstallX Control] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe[Virtools WebPlayer Class] -> 
{E5F5D008-DD2C-4D32-977D-1A0ADF03058B}[HKEY_LOCAL_MACHINE] -> https://willow.marshfieldclinic.org/dana-cached/setup/JuniperSetup.cab[JuniperSetup Control] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
C:\WINDOWS\system32\pmnli.dll -> %SystemRoot%\system32\pmnli.dll ->  [Ver =  | Size = 331776 bytes | Modified Date = 2/16/2008 6:46:37 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 9:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1812 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\\MaxPacketSize -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 18508 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/30/2007 5:55:05 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 3/27/2007 2:22:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE -> C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE [C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE:*:Enabled:pcAnywhere Main Program] -> Symantec Corporation [Ver = 10.5.1.505 | Size = 507964 bytes | Modified Date = 2/15/2002 10:51:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -> C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE [C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service] -> Symantec Corporation [Ver = 10.5.1.505 | Size = 114749 bytes | Modified Date = 2/15/2002 10:51:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Symantec\pcAnywhere\awrem32.exe -> C:\Program Files\Symantec\pcAnywhere\awrem32.exe [C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service] -> Symantec Corporation [Ver = 10.5.1.505 | Size = 172092 bytes | Modified Date = 2/15/2002 10:51:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -> C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> Network Associates, Inc. [Ver = 3.5.0.435 | Size = 102463 bytes | Modified Date = 10/6/2004 2:50:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nortel Networks\Extranet.exe -> C:\Program Files\Nortel Networks\Extranet.exe [C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client] -> Nortel Networks NA, Inc. [Ver = V04_10.00 | Size = 630784 bytes | Modified Date = 10/23/2003 3:45:36 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Neoteris\Terminal Services\dsTermServ.exe -> C:\Program Files\Neoteris\Terminal Services\dsTermServ.exe [C:\Program Files\Neoteris\Terminal Services\dsTermServ.exe:*:Enabled:dsTermServ Module] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 625664 bytes | Modified Date = 12/6/2007 4:01:25 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/30/2007 5:55:05 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 7:15:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 11/15/2007 1:10:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063407616 bytes | Modified Date = 3/6/2008 6:30:01 PM | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 3/5/2008 2:50:04 PM | Attr =	]
ftwgcpscfthf.sys -> %SystemRoot%\System32\drivers\ftwgcpscfthf.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 6/8/2007 9:44:36 AM | Attr =	]
ifugvitthnpp.sys -> %SystemRoot%\System32\drivers\ifugvitthnpp.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 6/8/2007 9:44:36 AM | Attr =	]
SDTHOOK.SYS -> %SystemRoot%\System32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr =	]
sp_rsdrv2.sys -> %SystemRoot%\System32\drivers\sp_rsdrv2.sys ->  [Ver =  | Size = 138752 bytes | Modified Date = 2/22/2008 3:44:08 PM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2/19/2008 9:52:39 AM | Attr =	]
aaayvaid.ini -> %SystemRoot%\System32\aaayvaid.ini ->  [Ver =  | Size = 1163633 bytes | Modified Date = 2/23/2008 6:55:00 AM | Attr =  HS]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 3/6/2008 7:17:49 AM | Attr =	]
6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr =	]
bcbhtocu.ini -> %SystemRoot%\System32\bcbhtocu.ini ->  [Ver =  | Size = 1248400 bytes | Modified Date = 2/18/2008 6:54:22 AM | Attr =  HS]
bcgidars.dll -> %SystemRoot%\System32\bcgidars.dll ->  [Ver =  | Size = 96832 bytes | Modified Date = 3/7/2008 7:07:37 AM | Attr =	]
btnhrjbn.dll -> %SystemRoot%\System32\btnhrjbn.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 2/26/2008 6:56:49 AM | Attr =	]
bywqmwkn.dll -> %SystemRoot%\System32\bywqmwkn.dll ->  [Ver =  | Size = 96320 bytes | Modified Date = 3/6/2008 7:11:58 AM | Attr =	]
cavuhubp.dll -> %SystemRoot%\System32\cavuhubp.dll ->  [Ver =  | Size = 97344 bytes | Modified Date = 3/4/2008 6:59:46 AM | Attr =	]
cnpnwyca.dll -> %SystemRoot%\System32\cnpnwyca.dll ->  [Ver =  | Size = 93760 bytes | Modified Date = 2/21/2008 7:02:29 AM | Attr =	]
cpcmhhar.ini -> %SystemRoot%\System32\cpcmhhar.ini ->  [Ver =  | Size = 1286757 bytes | Modified Date = 3/3/2008 7:02:56 AM | Attr =  HS]
dyysnycr.dll -> %SystemRoot%\System32\dyysnycr.dll ->  [Ver =  | Size = 89664 bytes | Modified Date = 3/1/2008 7:02:20 AM | Attr =	]
edxycirx.ini -> %SystemRoot%\System32\edxycirx.ini ->  [Ver =  | Size = 1240054 bytes | Modified Date = 2/21/2008 6:55:27 AM | Attr =  HS]
emijrkqx.ini -> %SystemRoot%\System32\emijrkqx.ini ->  [Ver =  | Size = 1260150 bytes | Modified Date = 2/26/2008 10:29:51 AM | Attr =  HS]
enokehrv.ini -> %SystemRoot%\System32\enokehrv.ini ->  [Ver =  | Size = 1142600 bytes | Modified Date = 2/24/2008 6:58:47 AM | Attr =  HS]
fkphurtg.dll -> %SystemRoot%\System32\fkphurtg.dll ->  [Ver =  | Size = 94784 bytes | Modified Date = 3/5/2008 7:01:19 AM | Attr =	]
fqsadhri.dll -> %SystemRoot%\System32\fqsadhri.dll ->  [Ver =  | Size = 89664 bytes | Modified Date = 2/28/2008 6:57:31 AM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
hvfyhpmj.dll -> %SystemRoot%\System32\hvfyhpmj.dll ->  [Ver =  | Size = 90688 bytes | Modified Date = 2/25/2008 6:56:01 AM | Attr =	]
ilnmp.ini -> %SystemRoot%\System32\ilnmp.ini ->  [Ver =  | Size = 236068 bytes | Modified Date = 3/7/2008 7:24:28 AM | Attr =  HS]
ilnmp.ini2 -> %SystemRoot%\System32\ilnmp.ini2 ->  [Ver =  | Size = 236068 bytes | Modified Date = 3/7/2008 7:23:05 AM | Attr =  HS]
iyrfkyco.dll -> %SystemRoot%\System32\iyrfkyco.dll ->  [Ver =  | Size = 89664 bytes | Modified Date = 3/2/2008 7:05:19 AM | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Created Date = 3/6/2008 11:58:07 AM | Attr =	]
kfumclcw.dll -> %SystemRoot%\System32\kfumclcw.dll ->  [Ver =  | Size = 91712 bytes | Modified Date = 2/22/2008 6:57:41 AM | Attr =	]
khjghoyy.ini -> %SystemRoot%\System32\khjghoyy.ini ->  [Ver =  | Size = 1247710 bytes | Modified Date = 2/27/2008 7:14:25 AM | Attr =  HS]
kjgdsetp.dll -> %SystemRoot%\System32\kjgdsetp.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 3/7/2008 7:10:02 AM | Attr =	]
kodxmwtb.dll -> %SystemRoot%\System32\kodxmwtb.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/18/2008 6:57:30 AM | Attr =	]
lmevwbks.dll -> %SystemRoot%\System32\lmevwbks.dll ->  [Ver =  | Size = 91200 bytes | Modified Date = 3/6/2008 7:08:58 AM | Attr =	]
nladrbde.dll -> %SystemRoot%\System32\nladrbde.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 3/6/2008 7:05:52 AM | Attr =	]
nlomkmsr.ini -> %SystemRoot%\System32\nlomkmsr.ini ->  [Ver =  | Size = 1302790 bytes | Modified Date = 3/4/2008 6:59:54 AM | Attr =  HS]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
pfbjajhc.ini -> %SystemRoot%\System32\pfbjajhc.ini ->  [Ver =  | Size = 1260295 bytes | Modified Date = 2/25/2008 2:57:12 PM | Attr =  HS]
pheusaaa.dll -> %SystemRoot%\System32\pheusaaa.dll ->  [Ver =  | Size = 90176 bytes | Modified Date = 2/27/2008 6:59:11 AM | Attr =	]
pmnli.dll -> %SystemRoot%\System32\pmnli.dll ->  [Ver =  | Size = 331776 bytes | Modified Date = 2/16/2008 6:46:37 PM | Attr =	]
ptesdgjk.ini -> %SystemRoot%\System32\ptesdgjk.ini ->  [Ver =  | Size = 1307561 bytes | Modified Date = 3/7/2008 7:10:21 AM | Attr =  HS]
qfsomuao.dll -> %SystemRoot%\System32\qfsomuao.dll ->  [Ver =  | Size = 90176 bytes | Modified Date = 3/3/2008 7:02:19 AM | Attr =	]
qhkdjyrb.ini -> %SystemRoot%\System32\qhkdjyrb.ini ->  [Ver =  | Size = 1289971 bytes | Modified Date = 3/5/2008 7:00:17 AM | Attr =  HS]
qlmwejgf.ini -> %SystemRoot%\System32\qlmwejgf.ini ->  [Ver =  | Size = 1296640 bytes | Modified Date = 3/5/2008 10:41:55 AM | Attr =  HS]
qqanvhgr.dll -> %SystemRoot%\System32\qqanvhgr.dll ->  [Ver =  | Size = 84544 bytes | Modified Date = 2/28/2008 7:00:22 AM | Attr =	]
rghvnaqq.ini -> %SystemRoot%\System32\rghvnaqq.ini ->  [Ver =  | Size = 1243426 bytes | Modified Date = 2/28/2008 10:36:25 AM | Attr =  HS]
rrvusaij.dll -> %SystemRoot%\System32\rrvusaij.dll ->  [Ver =  | Size = 94272 bytes | Modified Date = 3/7/2008 7:07:00 AM | Attr =	]
skbwveml.ini -> %SystemRoot%\System32\skbwveml.ini ->  [Ver =  | Size = 1307104 bytes | Modified Date = 3/6/2008 6:14:08 PM | Attr =  HS]
sspsflvd.ini -> %SystemRoot%\System32\sspsflvd.ini ->  [Ver =  | Size = 1227793 bytes | Modified Date = 2/21/2008 5:49:49 PM | Attr =  HS]
tkikjdkk.dll -> %SystemRoot%\System32\tkikjdkk.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 2/19/2008 6:53:08 AM | Attr =	]
tmdaqfhm.dll -> %SystemRoot%\System32\tmdaqfhm.dll ->  [Ver =  | Size = 90176 bytes | Modified Date = 2/24/2008 7:01:35 AM | Attr =	]
uffmxcor.ini -> %SystemRoot%\System32\uffmxcor.ini ->  [Ver =  | Size = 1142594 bytes | Modified Date = 2/23/2008 5:19:52 PM | Attr =  HS]
uitbyrhw.dll -> %SystemRoot%\System32\uitbyrhw.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 2/23/2008 6:59:50 AM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
vrhekone.dll -> %SystemRoot%\System32\vrhekone.dll ->  [Ver =  | Size = 86592 bytes | Modified Date = 2/24/2008 6:58:35 AM | Attr =	]
wapxpsjw.ini -> %SystemRoot%\System32\wapxpsjw.ini ->  [Ver =  | Size = 1286021 bytes | Modified Date = 3/1/2008 7:05:36 AM | Attr =  HS]
whxjxmpq.ini -> %SystemRoot%\System32\whxjxmpq.ini ->  [Ver =  | Size = 1285961 bytes | Modified Date = 2/29/2008 5:00:17 PM | Attr =  HS]
yfndddqk.dll -> %SystemRoot%\System32\yfndddqk.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/29/2008 6:59:19 AM | Attr =	]
yuvkvnmu.ini -> %SystemRoot%\System32\yuvkvnmu.ini ->  [Ver =  | Size = 1248589 bytes | Modified Date = 2/19/2008 6:07:11 AM | Attr =  HS]
yyohgjhk.dll -> %SystemRoot%\System32\yyohgjhk.dll ->  [Ver =  | Size = 85056 bytes | Modified Date = 2/27/2008 6:56:22 AM | Attr =	]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Modified Date = 3/25/2003 6:53:50 PM | Attr =	]
BM878294b7.xml -> %SystemRoot%\BM878294b7.xml ->  [Ver =  | Size = 115708 bytes | Modified Date = 3/7/2008 7:10:25 AM | Attr =	]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 15475 bytes | Modified Date = 3/6/2008 6:14:28 PM | Attr =	]
pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Modified Date = 3/7/2008 7:07:15 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Created Date = 3/6/2008 11:58:11 AM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/25/2008 10:49:10 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/25/2008 1:25:00 PM | Attr =	]
Spyware Terminator -> %AllUsersProfile%\Application Data\Spyware Terminator ->  [Folder | Created Date = 2/22/2008 3:44:07 PM | Attr =	]
Spyware Terminator -> %AppData%\Spyware Terminator ->  [Folder | Created Date = 2/22/2008 3:44:07 PM | Attr =	]
Vundo Virus -> %UserProfile%\My Documents\Vundo Virus ->  [Folder | Created Date = 3/5/2008 12:19:37 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1826 bytes | Modified Date = 2/25/2008 10:49:23 AM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1826 bytes | Modified Date = 2/25/2008 10:49:23 AM | Attr =	]
Spyware Terminator.lnk -> %AllUsersProfile%\Desktop\Spyware Terminator.lnk ->  [Ver =  | Size = 833 bytes | Modified Date = 2/22/2008 3:46:10 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/7/2008 7:15:45 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1770 bytes | Modified Date = 2/26/2008 12:39:58 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/26/2008 12:36:59 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
Panda ActiveScan.lnk -> %UserProfile%\Desktop\Panda ActiveScan.lnk ->  [Ver =  | Size = 1336 bytes | Modified Date = 3/6/2008 7:30:03 AM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 969 bytes | Modified Date = 2/25/2008 1:25:07 PM | Attr =	]
VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 6.06.0001 | Size = 117248 bytes | Modified Date = 3/5/2008 2:48:00 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/7/2008 7:22:37 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481921 bytes | Modified Date = 3/7/2008 7:16:21 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2/25/2008 10:47:58 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
c5408ab14793689c08a13febef72 -> %SystemDrive%\c5408ab14793689c08a13febef72 ->  [Folder | Modified Date = 3/6/2008 11:48:29 AM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/26/2008 10:28:18 AM | Attr =  HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063407616 bytes | Modified Date = 3/6/2008 6:30:01 PM | Attr =  HS]
meta misc backup.pst -> %SystemDrive%\meta misc backup.pst ->  [Ver =  | Size = 49152 bytes | Modified Date = 3/7/2008 7:09:35 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/27/2008 7:06:58 AM | Attr = R  ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 3/5/2008 2:50:04 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/7/2008 7:22:37 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/26/2008 6:32:27 AM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 850 bytes | Modified Date = 2/25/2008 3:28:45 PM | Attr = R  ]
hosts.20080225-143105.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080225-143105.backup ->  [Ver =  | Size = 736 bytes | Modified Date = 2/6/2008 10:42:30 AM | Attr =	]
hosts.20080225-152845.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080225-152845.backup ->  [Ver =  | Size = 226637 bytes | Modified Date = 2/25/2008 2:31:05 PM | Attr =	]
sp_rsdrv2.sys -> %SystemRoot%\System32\drivers\sp_rsdrv2.sys ->  [Ver =  | Size = 138752 bytes | Modified Date = 2/22/2008 3:44:08 PM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2/19/2008 9:52:39 AM | Attr =	]
aaayvaid.ini -> %SystemRoot%\System32\aaayvaid.ini ->  [Ver =  | Size = 1163633 bytes | Modified Date = 2/23/2008 6:55:00 AM | Attr =  HS]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 3/6/2008 11:51:35 AM | Attr =	]
6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
bcbhtocu.ini -> %SystemRoot%\System32\bcbhtocu.ini ->  [Ver =  | Size = 1248400 bytes | Modified Date = 2/18/2008 6:54:22 AM | Attr =  HS]
bcgidars.dll -> %SystemRoot%\System32\bcgidars.dll ->  [Ver =  | Size = 96832 bytes | Modified Date = 3/7/2008 7:07:37 AM | Attr =	]
btnhrjbn.dll -> %SystemRoot%\System32\btnhrjbn.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 2/26/2008 6:56:49 AM | Attr =	]
bywqmwkn.dll -> %SystemRoot%\System32\bywqmwkn.dll ->  [Ver =  | Size = 96320 bytes | Modified Date = 3/6/2008 7:11:58 AM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/26/2008 11:05:52 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/6/2008 6:33:15 PM | Attr =	]
cavuhubp.dll -> %SystemRoot%\System32\cavuhubp.dll ->  [Ver =  | Size = 97344 bytes | Modified Date = 3/4/2008 6:59:46 AM | Attr =	]
cnpnwyca.dll -> %SystemRoot%\System32\cnpnwyca.dll ->  [Ver =  | Size = 93760 bytes | Modified Date = 2/21/2008 7:02:29 AM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 3/6/2008 10:22:55 AM | Attr =	]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 27316 bytes | Modified Date = 3/6/2008 6:30:59 PM | Attr =	]
cpcmhhar.ini -> %SystemRoot%\System32\cpcmhhar.ini ->  [Ver =  | Size = 1286757 bytes | Modified Date = 3/3/2008 7:02:56 AM | Attr =  HS]
dla -> %SystemRoot%\System32\dla ->  [Folder | Modified Date = 3/6/2008 11:46:26 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/17/2008 5:57:42 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/6/2008 11:51:35 AM | Attr =	]
dyysnycr.dll -> %SystemRoot%\System32\dyysnycr.dll ->  [Ver =  | Size = 89664 bytes | Modified Date = 3/1/2008 7:02:20 AM | Attr =	]
edxycirx.ini -> %SystemRoot%\System32\edxycirx.ini ->  [Ver =  | Size = 1240054 bytes | Modified Date = 2/21/2008 6:55:27 AM | Attr =  HS]
emijrkqx.ini -> %SystemRoot%\System32\emijrkqx.ini ->  [Ver =  | Size = 1260150 bytes | Modified Date = 2/26/2008 10:29:51 AM | Attr =  HS]
enokehrv.ini -> %SystemRoot%\System32\enokehrv.ini ->  [Ver =  | Size = 1142600 bytes | Modified Date = 2/24/2008 6:58:47 AM | Attr =  HS]
fkphurtg.dll -> %SystemRoot%\System32\fkphurtg.dll ->  [Ver =  | Size = 94784 bytes | Modified Date = 3/5/2008 7:01:19 AM | Attr =	]
fqsadhri.dll -> %SystemRoot%\System32\fqsadhri.dll ->  [Ver =  | Size = 89664 bytes | Modified Date = 2/28/2008 6:57:31 AM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
hvfyhpmj.dll -> %SystemRoot%\System32\hvfyhpmj.dll ->  [Ver =  | Size = 90688 bytes | Modified Date = 2/25/2008 6:56:01 AM | Attr =	]
ilnmp.ini -> %SystemRoot%\System32\ilnmp.ini ->  [Ver =  | Size = 236068 bytes | Modified Date = 3/7/2008 7:24:39 AM | Attr =  HS]
ilnmp.ini2 -> %SystemRoot%\System32\ilnmp.ini2 ->  [Ver =  | Size = 236068 bytes | Modified Date = 3/7/2008 7:23:05 AM | Attr =  HS]
iyrfkyco.dll -> %SystemRoot%\System32\iyrfkyco.dll ->  [Ver =  | Size = 89664 bytes | Modified Date = 3/2/2008 7:05:19 AM | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Modified Date = 3/6/2008 11:58:07 AM | Attr =	]
kfumclcw.dll -> %SystemRoot%\System32\kfumclcw.dll ->  [Ver =  | Size = 91712 bytes | Modified Date = 2/22/2008 6:57:41 AM | Attr =	]
khjghoyy.ini -> %SystemRoot%\System32\khjghoyy.ini ->  [Ver =  | Size = 1247710 bytes | Modified Date = 2/27/2008 7:14:25 AM | Attr =  HS]
kjgdsetp.dll -> %SystemRoot%\System32\kjgdsetp.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 3/7/2008 7:10:02 AM | Attr =	]
kodxmwtb.dll -> %SystemRoot%\System32\kodxmwtb.dll ->  [Ver =  | Size = 93248 bytes | Modified Date = 2/18/2008 6:57:30 AM | Attr =	]
lmevwbks.dll -> %SystemRoot%\System32\lmevwbks.dll ->  [Ver =  | Size = 91200 bytes | Modified Date = 3/6/2008 7:08:58 AM | Attr =	]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 2/11/2008 7:00:48 PM | Attr =	]
nladrbde.dll -> %SystemRoot%\System32\nladrbde.dll ->  [Ver =  | Size = 92736 bytes | Modified Date = 3/6/2008 7:05:52 AM | Attr =	]
nlomkmsr.ini -> %SystemRoot%\System32\nlomkmsr.ini ->  [Ver =  | Size = 1302790 bytes | Modified Date = 3/4/2008 6:59:54 AM | Attr =  HS]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 53436 bytes | Modified Date = 3/6/2008 6:34:40 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 381692 bytes | Modified Date = 3/6/2008 6:34:40 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 441626 bytes | Modified Date = 3/6/2008 6:34:40 PM | Attr =	]
pfbjajhc.ini -> %SystemRoot%\System32\pfbjajhc.ini ->  [Ver =  | Size = 1260295 bytes | Modified Date = 2/25/2008 2:57:12 PM | Attr =  HS]
pheusaaa.dll -> %SystemRoot%\System32\pheusaaa.dll ->  [Ver =  | Size = 90176 bytes | Modified Date = 2/27/2008 6:59:11 AM | Attr =	]
pmnli.dll -> %SystemRoot%\System32\pmnli.dll ->  [Ver =  | Size = 331776 bytes | Modified Date = 2/16/2008 6:46:37 PM | Attr =	]
ptesdgjk.ini -> %SystemRoot%\System32\ptesdgjk.ini ->  [Ver =  | Size = 1307561 bytes | Modified Date = 3/7/2008 7:10:21 AM | Attr =  HS]
qfsomuao.dll -> %SystemRoot%\System32\qfsomuao.dll ->  [Ver =  | Size = 90176 bytes | Modified Date = 3/3/2008 7:02:19 AM | Attr =	]
qhkdjyrb.ini -> %SystemRoot%\System32\qhkdjyrb.ini ->  [Ver =  | Size = 1289971 bytes | Modified Date = 3/5/2008 7:00:17 AM | Attr =  HS]
qlmwejgf.ini -> %SystemRoot%\System32\qlmwejgf.ini ->  [Ver =  | Size = 1296640 bytes | Modified Date = 3/5/2008 10:41:55 AM | Attr =  HS]
qqanvhgr.dll -> %SystemRoot%\System32\qqanvhgr.dll ->  [Ver =  | Size = 84544 bytes | Modified Date = 2/28/2008 7:00:22 AM | Attr =	]
rghvnaqq.ini -> %SystemRoot%\System32\rghvnaqq.ini ->  [Ver =  | Size = 1243426 bytes | Modified Date = 2/28/2008 10:36:25 AM | Attr =  HS]
rrvusaij.dll -> %SystemRoot%\System32\rrvusaij.dll ->  [Ver =  | Size = 94272 bytes | Modified Date = 3/7/2008 7:07:00 AM | Attr =	]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 3/6/2008 11:45:28 AM | Attr =	]
skbwveml.ini -> %SystemRoot%\System32\skbwveml.ini ->  [Ver =  | Size = 1307104 bytes | Modified Date = 3/6/2008 6:14:08 PM | Attr =  HS]
sspsflvd.ini -> %SystemRoot%\System32\sspsflvd.ini ->  [Ver =  | Size = 1227793 bytes | Modified Date = 2/21/2008 5:49:49 PM | Attr =  HS]
tkikjdkk.dll -> %SystemRoot%\System32\tkikjdkk.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 2/19/2008 6:53:08 AM | Attr =	]
tmdaqfhm.dll -> %SystemRoot%\System32\tmdaqfhm.dll ->  [Ver =  | Size = 90176 bytes | Modified Date = 2/24/2008 7:01:35 AM | Attr =	]
uffmxcor.ini -> %SystemRoot%\System32\uffmxcor.ini ->  [Ver =  | Size = 1142594 bytes | Modified Date = 2/23/2008 5:19:52 PM | Attr =  HS]
uitbyrhw.dll -> %SystemRoot%\System32\uitbyrhw.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 2/23/2008 6:59:50 AM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
vrhekone.dll -> %SystemRoot%\System32\vrhekone.dll ->  [Ver =  | Size = 86592 bytes | Modified Date = 2/24/2008 6:58:35 AM | Attr =	]
wapxpsjw.ini -> %SystemRoot%\System32\wapxpsjw.ini ->  [Ver =  | Size = 1286021 bytes | Modified Date = 3/1/2008 7:05:36 AM | Attr =  HS]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 3/6/2008 11:47:10 AM | Attr =	]
whxjxmpq.ini -> %SystemRoot%\System32\whxjxmpq.ini ->  [Ver =  | Size = 1285961 bytes | Modified Date = 2/29/2008 5:00:17 PM | Attr =  HS]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 3/6/2008 6:31:38 PM | Attr =	]
yfndddqk.dll -> %SystemRoot%\System32\yfndddqk.dll ->  [Ver =  | Size = 88640 bytes | Modified Date = 2/29/2008 6:59:19 AM | Attr =	]
yuvkvnmu.ini -> %SystemRoot%\System32\yuvkvnmu.ini ->  [Ver =  | Size = 1248589 bytes | Modified Date = 2/19/2008 6:07:11 AM | Attr =  HS]
yyohgjhk.dll -> %SystemRoot%\System32\yyohgjhk.dll ->  [Ver =  | Size = 85056 bytes | Modified Date = 2/27/2008 6:56:22 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/12/2008 3:22:48 PM | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 3/6/2008 11:47:07 AM | Attr =	]
BM878294b7.xml -> %SystemRoot%\BM878294b7.xml ->  [Ver =  | Size = 115708 bytes | Modified Date = 3/7/2008 7:10:25 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/6/2008 6:30:02 PM | Attr =   S]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 15475 bytes | Modified Date = 3/6/2008 6:14:28 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/6/2008 11:58:10 AM | Attr =   S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 3:02:46 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/6/2008 11:58:06 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/25/2008 11:25:41 PM | Attr =  HS]
occache -> %SystemRoot%\occache ->  [Folder | Modified Date = 2/22/2008 2:53:04 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/7/2008 7:21:09 AM | Attr =	]
pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Modified Date = 3/7/2008 7:07:15 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/6/2008 6:31:22 PM | Attr =  H ]
QUICKEN.INI -> %SystemRoot%\QUICKEN.INI ->  [Ver =  | Size = 1064 bytes | Modified Date = 3/3/2008 10:42:54 AM | Attr =	]
qwimp.ini -> %SystemRoot%\qwimp.ini ->  [Ver =  | Size = 240 bytes | Modified Date = 3/3/2008 11:02:45 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 3/6/2008 10:22:24 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/7/2008 7:10:21 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/26/2008 6:15:06 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/7/2008 7:21:30 AM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 756 bytes | Modified Date = 3/6/2008 7:27:19 AM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 502 bytes | Modified Date = 3/5/2008 10:42:04 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/29/2008 8:16:03 AM | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 370 bytes | Modified Date = 2/15/2008 1:16:24 AM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 372 bytes | Modified Date = 3/1/2008 1:00:56 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/6/2008 6:30:13 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6911 bytes | Modified Date = 3/5/2008 11:47:34 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 3/5/2008 11:52:04 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 3/30/2007 5:20:33 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 11080 bytes | Modified Date = 1/23/2008 7:20:51 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Dell -> %AllUsersProfile%\Application Data\Dell ->  [Folder | Modified Date = 2/25/2008 11:23:36 PM | Attr =	]
Juniper Networks -> %AllUsersProfile%\Application Data\Juniper Networks ->  [Folder | Modified Date = 2/6/2008 10:42:30 AM | Attr =	]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Modified Date = 3/6/2008 11:58:11 AM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/25/2008 10:50:29 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/25/2008 2:14:49 PM | Attr =	]
Spyware Terminator -> %AllUsersProfile%\Application Data\Spyware Terminator ->  [Folder | Modified Date = 2/27/2008 7:57:06 AM | Attr =	]
Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion ->  [Folder | Modified Date = 2/19/2008 11:16:17 AM | Attr =	]
ComcastToolbar -> %AppData%\ComcastToolbar ->  [Folder | Modified Date = 3/7/2008 7:12:33 AM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 2/20/2008 11:39:10 AM | Attr =   S]
Spyware Terminator -> %AppData%\Spyware Terminator ->  [Folder | Modified Date = 2/27/2008 7:15:26 AM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 3/6/2008 6:31:26 PM | Attr =	]
Default.rdp -> %UserProfile%\My Documents\Default.rdp ->  [Ver =  | Size = 1162 bytes | Modified Date = 3/5/2008 11:40:22 AM | Attr =  H ]
Meta -> %UserProfile%\My Documents\Meta ->  [Folder | Modified Date = 2/22/2008 2:42:06 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 2/21/2008 11:59:57 AM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/27/2008 12:57:26 PM | Attr = R  ]
Personal -> %UserProfile%\My Documents\Personal ->  [Folder | Modified Date = 3/5/2008 12:20:26 PM | Attr =	]
Vundo Virus -> %UserProfile%\My Documents\Vundo Virus ->  [Folder | Modified Date = 3/6/2008 1:19:33 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1826 bytes | Modified Date = 2/25/2008 10:49:23 AM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1826 bytes | Modified Date = 2/25/2008 10:49:23 AM | Attr =	]
Dell Support Center.lnk -> %AllUsersProfile%\Desktop\Dell Support Center.lnk ->  [Ver =  | Size = 0 bytes | Modified Date = 2/18/2008 10:52:00 AM | Attr =	]
Spyware Terminator.lnk -> %AllUsersProfile%\Desktop\Spyware Terminator.lnk ->  [Ver =  | Size = 833 bytes | Modified Date = 2/22/2008 3:46:10 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/7/2008 7:15:45 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1770 bytes | Modified Date = 2/26/2008 12:39:58 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/26/2008 12:36:59 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
MapleStory.lnk -> %UserProfile%\Desktop\MapleStory.lnk ->  [Ver =  | Size = 2373 bytes | Modified Date = 2/17/2008 8:02:56 PM | Attr =	]
Panda ActiveScan.lnk -> %UserProfile%\Desktop\Panda ActiveScan.lnk ->  [Ver =  | Size = 1336 bytes | Modified Date = 3/6/2008 7:30:03 AM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 969 bytes | Modified Date = 2/25/2008 1:25:07 PM | Attr =	]
VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 6.06.0001 | Size = 117248 bytes | Modified Date = 3/5/2008 2:48:00 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/7/2008 7:22:37 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481921 bytes | Modified Date = 3/7/2008 7:16:21 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
VPN Client.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\VPN Client.lnk ->  [Ver =  | Size = 2447 bytes | Modified Date = 3/6/2008 6:31:43 PM | Attr =	]
Scanner -> %CommonProgramFiles%\Scanner ->  [Folder | Modified Date = 3/6/2008 11:22:34 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/25/2008 10:47:58 AM | Attr =	]

< End of report >

Thx,

mwe :thumbsup:

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:55 AM

Posted 07 March 2008 - 12:54 PM

Hi mwe. It looks like we do have some things to do here so let's get started.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%SystemRoot%\BM878294b7.xml
%SystemRoot%\pskt.ini
%SystemRoot%\qwimp.ini
%SystemRoot%\System32\aaayvaid.ini
%SystemRoot%\System32\bcbhtocu.ini
%SystemRoot%\System32\bcgidars.dll
%SystemRoot%\System32\btnhrjbn.dll
%SystemRoot%\System32\bywqmwkn.dll
%SystemRoot%\System32\cavuhubp.dll
%SystemRoot%\System32\cnpnwyca.dll
%SystemRoot%\System32\cpcmhhar.ini
%SystemRoot%\System32\dyysnycr.dll
%SystemRoot%\System32\edxycirx.ini
%SystemRoot%\System32\emijrkqx.ini
%SystemRoot%\System32\enokehrv.ini
%SystemRoot%\System32\fkphurtg.dll
%SystemRoot%\System32\fqsadhri.dll
%SystemRoot%\System32\hvfyhpmj.dll
%SystemRoot%\System32\ilnmp.ini
%SystemRoot%\System32\ilnmp.ini2
%SystemRoot%\System32\iyrfkyco.dll
%SystemRoot%\System32\kfumclcw.dll
%SystemRoot%\System32\khjghoyy.ini
%SystemRoot%\System32\kjgdsetp.dll
%SystemRoot%\System32\kodxmwtb.dll
%SystemRoot%\System32\lmevwbks.dll
%SystemRoot%\System32\nladrbde.dll
%SystemRoot%\System32\nlomkmsr.ini
%SystemRoot%\System32\pfbjajhc.ini
%SystemRoot%\System32\pheusaaa.dll
%SystemRoot%\system32\pmnli.dll
%SystemRoot%\system32\pmnli.dll 
%SystemRoot%\System32\ptesdgjk.ini
%SystemRoot%\System32\qfsomuao.dll
%SystemRoot%\System32\qhkdjyrb.ini
%SystemRoot%\System32\qlmwejgf.ini
%SystemRoot%\System32\qqanvhgr.dll
%SystemRoot%\System32\rghvnaqq.ini
%SystemRoot%\system32\rrvusaij.dll
%SystemRoot%\System32\skbwveml.ini
%SystemRoot%\system32\spool\drivers\w32x86\3\dlcjtime.dll
%SystemRoot%\System32\sspsflvd.ini
%SystemRoot%\System32\tkikjdkk.dll
%SystemRoot%\System32\tmdaqfhm.dll
%SystemRoot%\System32\uffmxcor.ini
%SystemRoot%\System32\uitbyrhw.dll
%SystemRoot%\System32\vrhekone.dll
%SystemRoot%\System32\wapxpsjw.ini
%SystemRoot%\System32\whxjxmpq.ini
%SystemRoot%\System32\yfndddqk.dll
%SystemRoot%\System32\yuvkvnmu.ini
%SystemRoot%\System32\yyohgjhk.dll
%SystemRoot%\win.ini
%SystemRoot%\wininit.ini
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 84b1a72b -> %SystemRoot%\system32\chjajbfp.DLL
YY -> BM878294b7 -> %SystemRoot%\system32\rrvusaij.dll
YY -> DLCJCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlcjtime.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {49A7C2A2-8F0F-4322-BFBF-99055090512E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {881CC440-A221-4C88-83B7-78B99AD68DB9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {92F5016C-89B5-4A8C-B38B-1615755DDD08} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {9CBF370E-848D-4207-9094-0648472D9FAA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {B1F47306-6684-44E5-91A3-50AC7AEB03D1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {C72767C9-FA17-4B73-AC09-08A23ECF29DF} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnli.dll [Reg Error: Value  does not exist or could not be read.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\pmnli.dll -> %SystemRoot%\system32\pmnli.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Neoteris\Terminal Services\dsTermServ.exe -> C:\Program Files\Neoteris\Terminal Services\dsTermServ.exe [C:\Program Files\Neoteris\Terminal Services\dsTermServ.exe:*:Enabled:dsTermServ Module]
[Files/Folders - Created Within 30 days]
NY -> aaayvaid.ini -> %SystemRoot%\System32\aaayvaid.ini
NY -> bcbhtocu.ini -> %SystemRoot%\System32\bcbhtocu.ini
NY -> bcgidars.dll -> %SystemRoot%\System32\bcgidars.dll
NY -> btnhrjbn.dll -> %SystemRoot%\System32\btnhrjbn.dll
NY -> bywqmwkn.dll -> %SystemRoot%\System32\bywqmwkn.dll
NY -> cavuhubp.dll -> %SystemRoot%\System32\cavuhubp.dll
NY -> cnpnwyca.dll -> %SystemRoot%\System32\cnpnwyca.dll
NY -> cpcmhhar.ini -> %SystemRoot%\System32\cpcmhhar.ini
NY -> dyysnycr.dll -> %SystemRoot%\System32\dyysnycr.dll
NY -> edxycirx.ini -> %SystemRoot%\System32\edxycirx.ini
NY -> emijrkqx.ini -> %SystemRoot%\System32\emijrkqx.ini
NY -> enokehrv.ini -> %SystemRoot%\System32\enokehrv.ini
NY -> fkphurtg.dll -> %SystemRoot%\System32\fkphurtg.dll
NY -> fqsadhri.dll -> %SystemRoot%\System32\fqsadhri.dll
NY -> hvfyhpmj.dll -> %SystemRoot%\System32\hvfyhpmj.dll
NY -> ilnmp.ini -> %SystemRoot%\System32\ilnmp.ini
NY -> ilnmp.ini2 -> %SystemRoot%\System32\ilnmp.ini2
NY -> iyrfkyco.dll -> %SystemRoot%\System32\iyrfkyco.dll
NY -> kfumclcw.dll -> %SystemRoot%\System32\kfumclcw.dll
NY -> khjghoyy.ini -> %SystemRoot%\System32\khjghoyy.ini
NY -> kjgdsetp.dll -> %SystemRoot%\System32\kjgdsetp.dll
NY -> kodxmwtb.dll -> %SystemRoot%\System32\kodxmwtb.dll
NY -> lmevwbks.dll -> %SystemRoot%\System32\lmevwbks.dll
NY -> nladrbde.dll -> %SystemRoot%\System32\nladrbde.dll
NY -> nlomkmsr.ini -> %SystemRoot%\System32\nlomkmsr.ini
NY -> pfbjajhc.ini -> %SystemRoot%\System32\pfbjajhc.ini
NY -> pheusaaa.dll -> %SystemRoot%\System32\pheusaaa.dll
NY -> pmnli.dll -> %SystemRoot%\System32\pmnli.dll
NY -> ptesdgjk.ini -> %SystemRoot%\System32\ptesdgjk.ini
NY -> qfsomuao.dll -> %SystemRoot%\System32\qfsomuao.dll
NY -> qhkdjyrb.ini -> %SystemRoot%\System32\qhkdjyrb.ini
NY -> qlmwejgf.ini -> %SystemRoot%\System32\qlmwejgf.ini
NY -> qqanvhgr.dll -> %SystemRoot%\System32\qqanvhgr.dll
NY -> rghvnaqq.ini -> %SystemRoot%\System32\rghvnaqq.ini
NY -> rrvusaij.dll -> %SystemRoot%\System32\rrvusaij.dll
NY -> skbwveml.ini -> %SystemRoot%\System32\skbwveml.ini
NY -> sspsflvd.ini -> %SystemRoot%\System32\sspsflvd.ini
NY -> tkikjdkk.dll -> %SystemRoot%\System32\tkikjdkk.dll
NY -> tmdaqfhm.dll -> %SystemRoot%\System32\tmdaqfhm.dll
NY -> uffmxcor.ini -> %SystemRoot%\System32\uffmxcor.ini
NY -> uitbyrhw.dll -> %SystemRoot%\System32\uitbyrhw.dll
NY -> vrhekone.dll -> %SystemRoot%\System32\vrhekone.dll
NY -> wapxpsjw.ini -> %SystemRoot%\System32\wapxpsjw.ini
NY -> whxjxmpq.ini -> %SystemRoot%\System32\whxjxmpq.ini
NY -> yfndddqk.dll -> %SystemRoot%\System32\yfndddqk.dll
NY -> yuvkvnmu.ini -> %SystemRoot%\System32\yuvkvnmu.ini
NY -> yyohgjhk.dll -> %SystemRoot%\System32\yyohgjhk.dll
NY -> BM878294b7.xml -> %SystemRoot%\BM878294b7.xml
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Files/Folders - Modified Within 30 days]
NY -> aaayvaid.ini -> %SystemRoot%\System32\aaayvaid.ini
NY -> 6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> bcbhtocu.ini -> %SystemRoot%\System32\bcbhtocu.ini
NY -> bcgidars.dll -> %SystemRoot%\System32\bcgidars.dll
NY -> btnhrjbn.dll -> %SystemRoot%\System32\btnhrjbn.dll
NY -> bywqmwkn.dll -> %SystemRoot%\System32\bywqmwkn.dll
NY -> cavuhubp.dll -> %SystemRoot%\System32\cavuhubp.dll
NY -> cnpnwyca.dll -> %SystemRoot%\System32\cnpnwyca.dll
NY -> cpcmhhar.ini -> %SystemRoot%\System32\cpcmhhar.ini
NY -> dyysnycr.dll -> %SystemRoot%\System32\dyysnycr.dll
NY -> edxycirx.ini -> %SystemRoot%\System32\edxycirx.ini
NY -> emijrkqx.ini -> %SystemRoot%\System32\emijrkqx.ini
NY -> enokehrv.ini -> %SystemRoot%\System32\enokehrv.ini
NY -> fkphurtg.dll -> %SystemRoot%\System32\fkphurtg.dll
NY -> fqsadhri.dll -> %SystemRoot%\System32\fqsadhri.dll
NY -> hvfyhpmj.dll -> %SystemRoot%\System32\hvfyhpmj.dll
NY -> ilnmp.ini -> %SystemRoot%\System32\ilnmp.ini
NY -> ilnmp.ini2 -> %SystemRoot%\System32\ilnmp.ini2
NY -> iyrfkyco.dll -> %SystemRoot%\System32\iyrfkyco.dll
NY -> kfumclcw.dll -> %SystemRoot%\System32\kfumclcw.dll
NY -> khjghoyy.ini -> %SystemRoot%\System32\khjghoyy.ini
NY -> kjgdsetp.dll -> %SystemRoot%\System32\kjgdsetp.dll
NY -> kodxmwtb.dll -> %SystemRoot%\System32\kodxmwtb.dll
NY -> lmevwbks.dll -> %SystemRoot%\System32\lmevwbks.dll
NY -> nladrbde.dll -> %SystemRoot%\System32\nladrbde.dll
NY -> nlomkmsr.ini -> %SystemRoot%\System32\nlomkmsr.ini
NY -> pfbjajhc.ini -> %SystemRoot%\System32\pfbjajhc.ini
NY -> pheusaaa.dll -> %SystemRoot%\System32\pheusaaa.dll
NY -> pmnli.dll -> %SystemRoot%\System32\pmnli.dll
NY -> ptesdgjk.ini -> %SystemRoot%\System32\ptesdgjk.ini
NY -> qfsomuao.dll -> %SystemRoot%\System32\qfsomuao.dll
NY -> qhkdjyrb.ini -> %SystemRoot%\System32\qhkdjyrb.ini
NY -> qlmwejgf.ini -> %SystemRoot%\System32\qlmwejgf.ini
NY -> qqanvhgr.dll -> %SystemRoot%\System32\qqanvhgr.dll
NY -> rghvnaqq.ini -> %SystemRoot%\System32\rghvnaqq.ini
NY -> rrvusaij.dll -> %SystemRoot%\System32\rrvusaij.dll
NY -> skbwveml.ini -> %SystemRoot%\System32\skbwveml.ini
NY -> sspsflvd.ini -> %SystemRoot%\System32\sspsflvd.ini
NY -> tkikjdkk.dll -> %SystemRoot%\System32\tkikjdkk.dll
NY -> tmdaqfhm.dll -> %SystemRoot%\System32\tmdaqfhm.dll
NY -> uffmxcor.ini -> %SystemRoot%\System32\uffmxcor.ini
NY -> uitbyrhw.dll -> %SystemRoot%\System32\uitbyrhw.dll
NY -> vrhekone.dll -> %SystemRoot%\System32\vrhekone.dll
NY -> wapxpsjw.ini -> %SystemRoot%\System32\wapxpsjw.ini
NY -> whxjxmpq.ini -> %SystemRoot%\System32\whxjxmpq.ini
NY -> yfndddqk.dll -> %SystemRoot%\System32\yfndddqk.dll
NY -> yuvkvnmu.ini -> %SystemRoot%\System32\yuvkvnmu.ini
NY -> yyohgjhk.dll -> %SystemRoot%\System32\yyohgjhk.dll
NY -> BM878294b7.xml -> %SystemRoot%\BM878294b7.xml
NY -> pskt.ini -> %SystemRoot%\pskt.ini
NY -> qwimp.ini -> %SystemRoot%\qwimp.ini
NY -> win.ini -> %SystemRoot%\win.ini
NY -> wininit.ini -> %SystemRoot%\wininit.ini
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 07 March 2008 - 04:53 PM

OT,

I ran the Avenger program as u instucted, pls see the log file below:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\BM878294b7.xml" deleted successfully.
File "C:\WINDOWS\pskt.ini" deleted successfully.
File "C:\WINDOWS\qwimp.ini" deleted successfully.
File "C:\WINDOWS\System32\aaayvaid.ini" deleted successfully.
File "C:\WINDOWS\System32\bcbhtocu.ini" deleted successfully.
File "C:\WINDOWS\System32\bcgidars.dll" deleted successfully.
File "C:\WINDOWS\System32\btnhrjbn.dll" deleted successfully.
File "C:\WINDOWS\System32\bywqmwkn.dll" deleted successfully.
File "C:\WINDOWS\System32\cavuhubp.dll" deleted successfully.
File "C:\WINDOWS\System32\cnpnwyca.dll" deleted successfully.
File "C:\WINDOWS\System32\cpcmhhar.ini" deleted successfully.
File "C:\WINDOWS\System32\dyysnycr.dll" deleted successfully.
File "C:\WINDOWS\System32\edxycirx.ini" deleted successfully.
File "C:\WINDOWS\System32\emijrkqx.ini" deleted successfully.
File "C:\WINDOWS\System32\enokehrv.ini" deleted successfully.
File "C:\WINDOWS\System32\fkphurtg.dll" deleted successfully.
File "C:\WINDOWS\System32\fqsadhri.dll" deleted successfully.
File "C:\WINDOWS\System32\hvfyhpmj.dll" deleted successfully.
File "C:\WINDOWS\System32\ilnmp.ini" deleted successfully.
File "C:\WINDOWS\System32\ilnmp.ini2" deleted successfully.
File "C:\WINDOWS\System32\iyrfkyco.dll" deleted successfully.
File "C:\WINDOWS\System32\kfumclcw.dll" deleted successfully.
File "C:\WINDOWS\System32\khjghoyy.ini" deleted successfully.
File "C:\WINDOWS\System32\kjgdsetp.dll" deleted successfully.
File "C:\WINDOWS\System32\kodxmwtb.dll" deleted successfully.
File "C:\WINDOWS\System32\lmevwbks.dll" deleted successfully.
File "C:\WINDOWS\System32\nladrbde.dll" deleted successfully.
File "C:\WINDOWS\System32\nlomkmsr.ini" deleted successfully.
File "C:\WINDOWS\System32\pfbjajhc.ini" deleted successfully.
File "C:\WINDOWS\System32\pheusaaa.dll" deleted successfully.
File "C:\WINDOWS\system32\pmnli.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\pmnli.dll" not found!
Deletion of file "C:\WINDOWS\system32\pmnli.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\System32\ptesdgjk.ini" deleted successfully.
File "C:\WINDOWS\System32\qfsomuao.dll" deleted successfully.
File "C:\WINDOWS\System32\qhkdjyrb.ini" deleted successfully.
File "C:\WINDOWS\System32\qlmwejgf.ini" deleted successfully.
File "C:\WINDOWS\System32\qqanvhgr.dll" deleted successfully.
File "C:\WINDOWS\System32\rghvnaqq.ini" deleted successfully.
File "C:\WINDOWS\system32\rrvusaij.dll" deleted successfully.
File "C:\WINDOWS\System32\skbwveml.ini" deleted successfully.
File "C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcjtime.dll" deleted successfully.
File "C:\WINDOWS\System32\sspsflvd.ini" deleted successfully.
File "C:\WINDOWS\System32\tkikjdkk.dll" deleted successfully.
File "C:\WINDOWS\System32\tmdaqfhm.dll" deleted successfully.
File "C:\WINDOWS\System32\uffmxcor.ini" deleted successfully.
File "C:\WINDOWS\System32\uitbyrhw.dll" deleted successfully.
File "C:\WINDOWS\System32\vrhekone.dll" deleted successfully.
File "C:\WINDOWS\System32\wapxpsjw.ini" deleted successfully.
File "C:\WINDOWS\System32\whxjxmpq.ini" deleted successfully.
File "C:\WINDOWS\System32\yfndddqk.dll" deleted successfully.
File "C:\WINDOWS\System32\yuvkvnmu.ini" deleted successfully.
File "C:\WINDOWS\System32\yyohgjhk.dll" deleted successfully.
File "C:\WINDOWS\win.ini" deleted successfully.
File "C:\WINDOWS\wininit.ini" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
---------------------------------------------------------------------------------------------------------------------------
*pls note that no notepad displayed as instructed w/ the above log but i found it where u said it would be :thumbsup:. A msg also displayed saying that the changes could only take place if the pc was restarted, so i restarted.

I then Started WinPFind35U and Copy/Pasted the information u provided in the codebox into the pane where it says "Paste fix here". Pls see the log file (03072008_113054.log) below, which i found in the WinPFind35u folder in the MovedFiles folder:
Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\84b1a72b deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM878294b7 deleted successfully.
File C:\WINDOWS\system32\rrvusaij.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DLCJCATS deleted successfully.
File C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcjtime.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49A7C2A2-8F0F-4322-BFBF-99055090512E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49A7C2A2-8F0F-4322-BFBF-99055090512E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{881CC440-A221-4C88-83B7-78B99AD68DB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{881CC440-A221-4C88-83B7-78B99AD68DB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92F5016C-89B5-4A8C-B38B-1615755DDD08}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92F5016C-89B5-4A8C-B38B-1615755DDD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CBF370E-848D-4207-9094-0648472D9FAA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CBF370E-848D-4207-9094-0648472D9FAA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1F47306-6684-44E5-91A3-50AC7AEB03D1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1F47306-6684-44E5-91A3-50AC7AEB03D1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C72767C9-FA17-4B73-AC09-08A23ECF29DF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C72767C9-FA17-4B73-AC09-08A23ECF29DF}\ deleted successfully.
File C:\WINDOWS\system32\pmnli.dll not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\pmnli.dll deleted successfully.
File C:\WINDOWS\system32\pmnli.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Neoteris\Terminal Services\dsTermServ.exe deleted successfully.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\aaayvaid.ini not found!
File C:\WINDOWS\System32\bcbhtocu.ini not found!
File C:\WINDOWS\System32\bcgidars.dll not found!
File C:\WINDOWS\System32\btnhrjbn.dll not found!
File C:\WINDOWS\System32\bywqmwkn.dll not found!
File C:\WINDOWS\System32\cavuhubp.dll not found!
File C:\WINDOWS\System32\cnpnwyca.dll not found!
File C:\WINDOWS\System32\cpcmhhar.ini not found!
File C:\WINDOWS\System32\dyysnycr.dll not found!
File C:\WINDOWS\System32\edxycirx.ini not found!
File C:\WINDOWS\System32\emijrkqx.ini not found!
File C:\WINDOWS\System32\enokehrv.ini not found!
File C:\WINDOWS\System32\fkphurtg.dll not found!
File C:\WINDOWS\System32\fqsadhri.dll not found!
File C:\WINDOWS\System32\hvfyhpmj.dll not found!
File C:\WINDOWS\System32\ilnmp.ini not found!
File C:\WINDOWS\System32\ilnmp.ini2 not found!
File C:\WINDOWS\System32\iyrfkyco.dll not found!
File C:\WINDOWS\System32\kfumclcw.dll not found!
File C:\WINDOWS\System32\khjghoyy.ini not found!
File C:\WINDOWS\System32\kjgdsetp.dll not found!
File C:\WINDOWS\System32\kodxmwtb.dll not found!
File C:\WINDOWS\System32\lmevwbks.dll not found!
File C:\WINDOWS\System32\nladrbde.dll not found!
File C:\WINDOWS\System32\nlomkmsr.ini not found!
File C:\WINDOWS\System32\pfbjajhc.ini not found!
File C:\WINDOWS\System32\pheusaaa.dll not found!
File C:\WINDOWS\System32\pmnli.dll not found!
File C:\WINDOWS\System32\ptesdgjk.ini not found!
File C:\WINDOWS\System32\qfsomuao.dll not found!
File C:\WINDOWS\System32\qhkdjyrb.ini not found!
File C:\WINDOWS\System32\qlmwejgf.ini not found!
File C:\WINDOWS\System32\qqanvhgr.dll not found!
File C:\WINDOWS\System32\rghvnaqq.ini not found!
File C:\WINDOWS\System32\rrvusaij.dll not found!
File C:\WINDOWS\System32\skbwveml.ini not found!
File C:\WINDOWS\System32\sspsflvd.ini not found!
File C:\WINDOWS\System32\tkikjdkk.dll not found!
File C:\WINDOWS\System32\tmdaqfhm.dll not found!
File C:\WINDOWS\System32\uffmxcor.ini not found!
File C:\WINDOWS\System32\uitbyrhw.dll not found!
File C:\WINDOWS\System32\vrhekone.dll not found!
File C:\WINDOWS\System32\wapxpsjw.ini not found!
File C:\WINDOWS\System32\whxjxmpq.ini not found!
File C:\WINDOWS\System32\yfndddqk.dll not found!
File C:\WINDOWS\System32\yuvkvnmu.ini not found!
File C:\WINDOWS\System32\yyohgjhk.dll not found!
File C:\WINDOWS\BM878294b7.xml not found!
File C:\WINDOWS\pskt.ini not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\aaayvaid.ini not found!
File C:\WINDOWS\System32\bcbhtocu.ini not found!
File C:\WINDOWS\System32\bcgidars.dll not found!
File C:\WINDOWS\System32\btnhrjbn.dll not found!
File C:\WINDOWS\System32\bywqmwkn.dll not found!
File C:\WINDOWS\System32\cavuhubp.dll not found!
File C:\WINDOWS\System32\cnpnwyca.dll not found!
File C:\WINDOWS\System32\cpcmhhar.ini not found!
File C:\WINDOWS\System32\dyysnycr.dll not found!
File C:\WINDOWS\System32\edxycirx.ini not found!
File C:\WINDOWS\System32\emijrkqx.ini not found!
File C:\WINDOWS\System32\enokehrv.ini not found!
File C:\WINDOWS\System32\fkphurtg.dll not found!
File C:\WINDOWS\System32\fqsadhri.dll not found!
File C:\WINDOWS\System32\hvfyhpmj.dll not found!
File C:\WINDOWS\System32\ilnmp.ini not found!
File C:\WINDOWS\System32\ilnmp.ini2 not found!
File C:\WINDOWS\System32\iyrfkyco.dll not found!
File C:\WINDOWS\System32\kfumclcw.dll not found!
File C:\WINDOWS\System32\khjghoyy.ini not found!
File C:\WINDOWS\System32\kjgdsetp.dll not found!
File C:\WINDOWS\System32\kodxmwtb.dll not found!
File C:\WINDOWS\System32\lmevwbks.dll not found!
File C:\WINDOWS\System32\nladrbde.dll not found!
File C:\WINDOWS\System32\nlomkmsr.ini not found!
File C:\WINDOWS\System32\pfbjajhc.ini not found!
File C:\WINDOWS\System32\pheusaaa.dll not found!
File C:\WINDOWS\System32\pmnli.dll not found!
File C:\WINDOWS\System32\ptesdgjk.ini not found!
File C:\WINDOWS\System32\qfsomuao.dll not found!
File C:\WINDOWS\System32\qhkdjyrb.ini not found!
File C:\WINDOWS\System32\qlmwejgf.ini not found!
File C:\WINDOWS\System32\qqanvhgr.dll not found!
File C:\WINDOWS\System32\rghvnaqq.ini not found!
File C:\WINDOWS\System32\rrvusaij.dll not found!
File C:\WINDOWS\System32\skbwveml.ini not found!
File C:\WINDOWS\System32\sspsflvd.ini not found!
File C:\WINDOWS\System32\tkikjdkk.dll not found!
File C:\WINDOWS\System32\tmdaqfhm.dll not found!
File C:\WINDOWS\System32\uffmxcor.ini not found!
File C:\WINDOWS\System32\uitbyrhw.dll not found!
File C:\WINDOWS\System32\vrhekone.dll not found!
File C:\WINDOWS\System32\wapxpsjw.ini not found!
File C:\WINDOWS\System32\whxjxmpq.ini not found!
File C:\WINDOWS\System32\yfndddqk.dll not found!
File C:\WINDOWS\System32\yuvkvnmu.ini not found!
File C:\WINDOWS\System32\yyohgjhk.dll not found!
File C:\WINDOWS\BM878294b7.xml not found!
File C:\WINDOWS\pskt.ini not found!
File C:\WINDOWS\qwimp.ini not found!
File C:\WINDOWS\win.ini not found!
File C:\WINDOWS\wininit.ini not found!
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Marcella Wester\Local Settings\Temp\JET4820.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marcella Wester\Local Settings\Temp\Perflib_Perfdata_bec.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marcella Wester\Local Settings\Temp\~DF8201.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Marcella Wester\Local Settings\Temp\~DF9BF1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_aP5Q7Y6aiEtnDox scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_C4vSxM5Fz9lwksH scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_dYDb17FvylAJV6g scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_jSsepef9MP4SGpu scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.3.1 fix logfile created on 03072008_113054

I then processed the F-Scure Online Scanner. See the report below:
Scanning Report
Friday, March 07, 2008 11:47:47 - 14:15:07
Computer name: DJVKQ891
Scanning type: Scan system for malware, rootkits
Target: C:\

Result: 1 malware found
Tracking Cookie (spyware)
• System

Statistics
Scanned:
• Files: 81603
• System: 4948
• Not scanned: 25
Actions:
• Disinfected: 0
• Renamed: 0
• Deleted: 0
• None: 1
• Submitted: 0
Files not scanned:
• C:\HIBERFIL.SYS
• C:\META MISC BACKUP.PST
• C:\META MISC BACKUP.PST
• C:\PAGEFILE.SYS
• C:\WINDOWS\TEMP\MCMSC_1K6TOMQKVNPN3NZ
• C:\WINDOWS\TEMP\MCMSC_3DEVHA7IABWKLTH
• C:\WINDOWS\TEMP\MCMSC_XKS3SCQ4BYSUUQY
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\PROGRAM FILES\OUTLOOK\CONTACTSBACKUP.PST
• C:\PROGRAM FILES\OUTLOOK\CONTACTSBACKUP.PST
• C:\DOCUMENTS AND SETTINGS\MARCELLA WESTER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\OUTLOOK\ARCHIVE.PST
• C:\DOCUMENTS AND SETTINGS\MARCELLA WESTER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\OUTLOOK\ARCHIVE.PST
• C:\DOCUMENTS AND SETTINGS\MARCELLA WESTER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\OUTLOOK\OUTLOOK.PST
• C:\DOCUMENTS AND SETTINGS\MARCELLA WESTER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\OUTLOOK\OUTLOOK.PST
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_50E417E0-E461-474B-96E2-077B80325612
• C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP\AA31EFEBFCAF\DBDAM
• C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP\AA31EFEBFCAF\DBDAO
• C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP\AA31EFEBFCAF\DBEAM
• C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP\AA31EFEBFCAF\DBEAO
• C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP\AA31EFEBFCAF\DBM
• C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP\AA31EFEBFCAF\HP

Options
Scanning engines:
• F-Secure USS: 2.20.0
• F-Secure Hydra: 2.6.7470, 2008-03-07
• F-Secure AVP: 7.0.171, 2008-03-07
• F-Secure Pegasus: 1.20.0, 2008-02-03
• F-Secure Blacklight: 1.0.64
Scanning options:
• Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
• Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.



I then processed a new WinPFind35u scan as instructed, pls see the log below:

WinPFind35 logfile created on: 3/7/2008 2:21:17 PM
WinPFind35U Version 1.0.3.1	 Folder = C:\Documents and Settings\Marcella Wester\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.07 Mb Total Physical Memory | 282.01 Mb Available Physical Memory | 27.81% Memory free
2.38 Gb Paging File | 1.57 Gb Available in Paging File | 65.88% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.26 Gb Total Space | 49.58 Gb Free Space | 69.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJVKQ891
Current User Name: Marcella Wester
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 7:46:34 PM | Attr =	]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 7:50:30 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 11/19/2003 4:48:14 PM | Attr =	]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0  nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 11:20:44 PM | Attr =	]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 3:19:56 PM | Attr =	]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 1/24/2006 8:43:22 AM | Attr =	]
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr =	]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.10.0097 | Size = 110592 bytes | Modified Date = 9/8/2005 6:20:46 PM | Attr =	]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.707.23222 | Size = 1838592 bytes | Modified Date = 8/16/2007 2:11:50 AM | Attr =	]
pptd40nt.exe -> %ProgramFiles%\ScanSoft\PaperPort\Pptd40nt.exe -> Scansoft Inc. [Ver = 6.5 | Size = 26624 bytes | Modified Date = 4/2/2001 9:40:46 AM | Attr =	]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.435 | Size = 139320 bytes | Modified Date = 10/6/2004 2:50:00 PM | Attr =	]
dlcjmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 964\dlcjmon.exe -> Dell [Ver = 2.77.0.0 | Size = 430080 bytes | Modified Date = 9/30/2005 7:51:24 AM | Attr =	]
memcard.exe -> %ProgramFiles%\Dell Photo AIO Printer 964\memcard.exe ->  [Ver = 1.0.10.1 | Size = 286720 bytes | Modified Date = 8/10/2005 7:12:14 AM | Attr =	]
mediadetect.exe -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 10:06:18 AM | Attr =	]
mmdiag.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe -> Musicmatch, Inc. [Ver = 10.10.0097 | Size = 102400 bytes | Modified Date = 9/8/2005 6:20:46 PM | Attr =	]
j2gdllcmd.exe -> %ProgramFiles%\eFax Messenger 4.3\J2GDllCmd.exe -> j2 Global Communications, Inc. [Ver = 4.3.409.0 | Size = 116224 bytes | Modified Date = 3/6/2007 10:21:31 AM | Attr =	]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/4/2007 1:33:14 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr =	]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/30/2007 5:55:05 AM | Attr =	]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
mim.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mim.exe -> Musicmatch, Inc. [Ver = 10.10.0097 | Size = 464384 bytes | Modified Date = 9/8/2005 6:20:46 PM | Attr =	]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.707.23222 | Size = 1838592 bytes | Modified Date = 8/16/2007 2:11:50 AM | Attr =	]
j2gtray.exe -> %ProgramFiles%\eFax Messenger 4.3\J2GTray.exe -> j2 Global Communications, Inc. [Ver = 4.3.409.0 | Size = 629248 bytes | Modified Date = 3/6/2007 10:24:42 AM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.2 (A) | Size = 1422528 bytes | Modified Date = 6/19/2003 12:30:38 PM | Attr =	]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 6:08:06 AM | Attr =	]
memonitor.exe -> %ProgramFiles%\Verizon Wireless\V CAST Music Manager\MEMonitor.exe -> Smith Micro Software, Inc. [Ver = 1.1.0 | Size = 947544 bytes | Modified Date = 7/4/2007 1:25:16 AM | Attr =	]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 7:15:18 PM | Attr =	]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 11:36:04 AM | Attr =	]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 11:02:14 AM | Attr =	]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 2:54:42 PM | Attr =	]
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr =	]
sp_rsser.exe -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.1.0.284 | Size = 1097216 bytes | Modified Date = 2/22/2008 3:44:09 PM | Attr =	]
yahoom~1.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr =	]
dlcjcoms.exe -> %SystemRoot%\system32\dlcjcoms.exe ->  [Ver = 1.198.15.0 | Size = 491520 bytes | Modified Date = 7/12/2005 2:33:02 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr =	]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 12:41:52 AM | Attr =	]
ctoolbar.exe -> %ProgramFiles%\Crawler\Toolbar\CToolbar.exe -> Crawler.com [Ver = 5.1.0.169 | Size = 1978320 bytes | Modified Date = 2/22/2008 10:15:44 AM | Attr =	]
tgcmd.exe -> %ProgramFiles%\support.com\bin\tgcmd.exe -> SupportSoft, Inc. [Ver = 5,6,1125,0 | Size = 1773568 bytes | Modified Date = 3/7/2007 9:58:20 AM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.1 | Size = 310784 bytes | Modified Date = 3/5/2008 1:21:14 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
(awhost32) pcAnywhere Host Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\pcAnywhere\AWHOST32.EXE -> Symantec Corporation [Ver = 10.5.1.505 | Size = 114749 bytes | Modified Date = 2/15/2002 10:51:00 AM | Attr =	]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.2 (A) | Size = 1422528 bytes | Modified Date = 6/19/2003 12:30:38 PM | Attr =	]
(dlcj_device) dlcj_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\dlcjcoms.exe ->  [Ver = 1.198.15.0 | Size = 491520 bytes | Modified Date = 7/12/2005 2:33:02 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/1/2007 7:55:20 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr =	]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.435 | Size = 102463 bytes | Modified Date = 10/6/2004 2:50:00 PM | Attr =	]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 6:08:06 AM | Attr =	]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 7:15:18 PM | Attr =	]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/25/2007 2:16:16 AM | Attr =	]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 11:36:04 AM | Attr =	]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] ->  -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 12:41:52 AM | Attr =	]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 2:54:42 PM | Attr =	]
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr =	]
(sp_rssrv) Spyware Terminator Realtime Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.1.0.284 | Size = 1097216 bytes | Modified Date = 2/22/2008 3:44:09 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 12:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 10:07:44 PM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 12:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 12:51:58 PM | Attr =	]
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 1/24/2006 8:43:25 AM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(awlegacy) awlegacy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AWLEGACY.SYS -> Symantec Corporation [Ver = 9.2.1 | Size = 10816 bytes | Modified Date = 9/11/2000 10:51:00 AM | Attr =	]
(AW_HOST) AW_HOST [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AW_HOST5.sys -> Symantec Corporation [Ver = 10.5.1.497 | Size = 33496 bytes | Modified Date = 2/11/2002 10:51:00 AM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 12:51:54 PM | Attr =	]
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CVirtA.sys -> Cisco Systems, Inc. [Ver = 4.0.0.106 | Size = 5220 bytes | Modified Date = 5/1/2003 1:26:34 PM | Attr = R  ]
(CVPNDRVA) Cisco Systems Inc. IPSec Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CVPNDRVA.sys -> Cisco Systems, Inc. [Ver = 4.0.2 (A) | Size = 268360 bytes | Modified Date = 6/19/2003 12:29:52 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 12:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dne2000.sys -> Deterministic Networks, Inc. [Ver = 2.20.3.220 | Size = 138916 bytes | Modified Date = 10/17/2002 2:22:50 PM | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.03a | Size = 87488 bytes | Modified Date = 12/1/2004 2:22:00 AM | Attr =	]
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.43a | Size = 40480 bytes | Modified Date = 11/23/2004 1:56:00 AM | Attr =	]
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 3:07:28 PM | Attr =	]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 11:10:48 AM | Attr =   S]
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.15.0 built by: WinDDK | Size = 155648 bytes | Modified Date = 10/14/2004 8:30:46 PM | Attr =	]
(Eacfilt) Eacfilt Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\eacfilt.sys -> Nortel Networks [Ver = 4.60.0.0 | Size = 9433 bytes | Modified Date = 10/23/2003 3:55:46 PM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =	]
(Gernuwa) Gernuwa [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\GERNUWA.SYS -> Symantec Corporation [Ver = 10.5.0 | Size = 14944 bytes | Modified Date = 10/9/2001 10:51:00 AM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 8/12/2004 4:45:54 PM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4410 | Size = 1302812 bytes | Modified Date = 10/14/2005 8:15:18 PM | Attr =	]
(IPSECEXT) Nortel Extranet Access Protocol [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\ipsecw2k.sys -> Nortel Networks [Ver = 4.10 | Size = 115680 bytes | Modified Date = 10/23/2003 3:55:24 PM | Attr =	]
(IPSECSHM) Nortel IPSECSHM Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ipsecw2k.sys -> Nortel Networks [Ver = 4.10 | Size = 115680 bytes | Modified Date = 10/23/2003 3:55:24 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 79304 bytes | Modified Date = 7/24/2007 6:40:36 AM | Attr =	]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 35240 bytes | Modified Date = 7/21/2007 8:08:24 AM | Attr =	]
(mfehidk) McAfee Inc. [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 201288 bytes | Modified Date = 7/21/2007 8:08:24 AM | Attr =	]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 33800 bytes | Modified Date = 7/24/2007 11:02:36 AM | Attr =	]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Modified Date = 7/21/2007 8:08:24 AM | Attr =	]
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Modified Date = 7/13/2007 8:20:24 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 12:52:12 PM | Attr =	]
(npkcrypt) npkcrypt [Kernel | Auto | Running] -> %SystemDrive%\Nexon\MapleStory\npkcrypt.sys -> INCA Internet Co., Ltd. [Ver = 2006. 11. 20. 1 | Size = 23217 bytes | Modified Date = 11/7/2007 10:38:12 PM | Attr =	]
(npkcusb) npkcusb [Kernel | On_Demand | Running] -> %SystemDrive%\Nexon\MapleStory\npkcusb.sys -> INCA Internet Co., Ltd. [Ver = 2006. 11. 9. 1 | Size = 15472 bytes | Modified Date = 11/7/2007 10:38:12 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 9:29:56 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 4/25/2005 1:03:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 12:52:18 PM | Attr =	]
(SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 10:07:44 PM | Attr =	]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 12:56:16 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 1:07:44 PM | Attr =	]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 10:29:04 AM | Attr =	]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 10:28:50 AM | Attr =	]
(STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4568.0  nd84 cp1 | Size = 180864 bytes | Modified Date = 6/14/2005 9:40:08 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 1:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 1:07:36 PM | Attr =	]
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 10.3.2.8 | Size = 57968 bytes | Modified Date = 1/30/2006 10:35:08 AM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 1:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 1:07:42 PM | Attr =	]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25883 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86586 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15227 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2/19/2008 9:52:39 AM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 12:52:22 PM | Attr =	]
(usbbus) LGE CDMA Composite USB Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lgusbbus.sys -> LG Electronics Inc. [Ver = Ver 4.8.0 | Size = 12672 bytes | Modified Date = 4/9/2007 9:53:24 AM | Attr =	]
(UsbDiag) LGE CDMA USB Serial Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lgusbdiag.sys -> LG Electronics Inc. [Ver = Ver 4.8.0 | Size = 21248 bytes | Modified Date = 4/9/2007 9:56:22 AM | Attr =	]
(USBModem) LGE CDMA USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lgusbmodem.sys -> LG Electronics Inc. [Ver = Ver 4.8.0 | Size = 22912 bytes | Modified Date = 4/9/2007 9:55:08 AM | Attr =	]
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs Inc. [Ver = 3.7.078.001 | Size = 176896 bytes | Modified Date = 3/3/2003 2:08:56 PM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Corel Photo Downloader -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 10:06:18 AM | Attr =	]
dla -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
dlcjmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 964\dlcjmon.exe -> Dell [Ver = 2.77.0.0 | Size = 430080 bytes | Modified Date = 9/30/2005 7:51:24 AM | Attr =	]
dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ->   [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 11/15/2007 9:24:00 AM | Attr =	]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 3:19:56 PM | Attr =	]
eFax 4.3 -> %ProgramFiles%\eFax Messenger 4.3\J2GDllCmd.exe -> j2 Global Communications, Inc. [Ver = 4.3.409.0 | Size = 116224 bytes | Modified Date = 3/6/2007 10:21:31 AM | Attr =	]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.707.23222 | Size = 1838592 bytes | Modified Date = 8/16/2007 2:11:50 AM | Attr =	]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 7:46:34 PM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 7:50:30 PM | Attr =	]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 7:49:46 PM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr =	]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.435 | Size = 139320 bytes | Modified Date = 10/6/2004 2:50:00 PM | Attr =	]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/4/2007 1:33:14 AM | Attr =	]
MemoryCardManager -> %ProgramFiles%\Dell Photo AIO Printer 964\memcard.exe ->  [Ver = 1.0.10.1 | Size = 286720 bytes | Modified Date = 8/10/2005 7:12:14 AM | Attr =	]
MimBoot -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.10.0097 | Size = 8192 bytes | Modified Date = 9/8/2005 6:20:46 PM | Attr =	]
MMTray -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.10.0097 | Size = 110592 bytes | Modified Date = 9/8/2005 6:20:46 PM | Attr =	]
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 8/12/2005 4:16:44 PM | Attr =	]
PaperPort PTD -> %ProgramFiles%\ScanSoft\PaperPort\Pptd40nt.exe -> Scansoft Inc. [Ver = 6.5 | Size = 26624 bytes | Modified Date = 4/2/2001 9:40:46 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/14/2007 11:43:10 PM | Attr =	]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 1/24/2006 8:43:22 AM | Attr =	]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0  nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 11:20:44 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe ->  [Ver =  | Size = 32881 bytes | Modified Date = 11/19/2003 4:48:14 PM | Attr =	]
tgcmd -> %ProgramFiles%\support.com\bin\tgcmd.exe -> SupportSoft, Inc. [Ver = 5,6,1125,0 | Size = 1773568 bytes | Modified Date = 3/7/2007 9:58:20 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr =	]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr =	]
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/30/2007 5:55:05 AM | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Billminder.lnk -> %ProgramFiles%\Quicken\billmind.exe -> Intuit [Ver = 008.000.000.000 | Size = 36864 bytes | Modified Date = 11/19/2002 7:03:48 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\eFax 4.3.lnk -> %ProgramFiles%\eFax Messenger 4.3\J2GTray.exe -> j2 Global Communications, Inc. [Ver = 4.3.409.0 | Size = 629248 bytes | Modified Date = 3/6/2007 10:24:42 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/30/2007 5:55:05 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 15.0 R2 | Size = 806912 bytes | Modified Date = 11/11/2004 10:59:36 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 53248 bytes | Modified Date = 11/19/2002 7:04:06 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Startup.lnk -> %ProgramFiles%\Quicken\QWDLLS.EXE -> Intuit [Ver = 001.000.000.000 | Size = 36864 bytes | Modified Date = 11/19/2002 7:04:10 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\VPN Client.lnk -> %SystemRoot%\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico ->  [Ver =  | Size = 6144 bytes | Modified Date = 3/17/2006 10:19:56 AM | Attr = R  ]
< Marcella Wester Startup Folder > -> C:\Documents and Settings\Marcella Wester\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\MEMonitor.lnk -> %ProgramFiles%\Verizon Wireless\V CAST Music Manager\MEMonitor.exe -> Smith Micro Software, Inc. [Ver = 1.1.0 | Size = 947544 bytes | Modified Date = 7/4/2007 1:25:16 AM | Attr =	]
%UserProfile%\Start Menu\Programs\Startup\Webshots.lnk -> %ProgramFiles%\Webshots\Launcher.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 1/25/2006 4:12:40 PM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.707.23222 | Size = 145408 bytes | Modified Date = 8/16/2007 2:11:51 AM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 7:45:38 PM | Attr =	]
PCANotify -> %SystemRoot%\system32\PCANotify.dll -> Symantec Corporation [Ver = 10.5.1.505 | Size = 24638 bytes | Modified Date = 2/15/2002 10:51:00 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> 
< HOSTS File > (850 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.comcast.net/toolbar2.0/search/ -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en -> 
HKEY_CURRENT_USER\: Main\\Local Page -> \blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.comcast.net/toolbar2.0/search/ -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/22/2008 10:15:42 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 34 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
34 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 33 domain(s) found. -> 
housecall65_trendmicro.com [https] -> Trusted sites -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 3:37:04 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/23/2005 9:12:08 PM | Attr =	]
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/22/2008 10:15:42 AM | Attr =	]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 12:21:58 PM | Attr =	]
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Search\YSearchSuggest.dll [Yahoo! IE Suggest] -> Yahoo! Inc. [Ver = 2007, 2, 23, 1 | Size = 140840 bytes | Modified Date = 2/23/2007 4:04:32 PM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 10/24/2007 5:51:28 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar7.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 1/15/2008 2:12:33 AM | Attr =	]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GoogleAFE\GoogleAE.dll [CBrowserHelperObject Object] -> Google [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 12/8/2005 1:00:34 PM | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 12/14/2005 3:29:40 PM | Attr =	]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 12/14/2005 3:29:40 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar7.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/22/2008 10:15:42 AM | Attr =	]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 12:21:58 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 3:37:04 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar7.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar7.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/22/2008 10:15:42 AM | Attr =	]
WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 12:21:58 PM | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 3:37:04 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr =	]
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}:Exec -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> UltimateBet [Ver = 2008, 1, 16, 1 | Size = 3667272 bytes | Modified Date = 1/16/2008 8:45:45 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Yahoo! Search ->  -> File not found
Crawler Search ->  -> File not found
Yahoo! &Dictionary ->  -> File not found
Yahoo! &Maps ->  -> File not found
Yahoo! &SMS ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
Comcast Install 1.0 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4E9B5E83-CF16-4479-A685-C3414563C5FE} ->	(Intel(R) PRO/100 VE Network Connection) -> 
{6960F593-16DD-45FA-8AD5-BF835266C4C1} ->	() -> 
{F72F714B-A6E3-4CB3-995C-35457571B26F} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 3/30/2007 5:55:05 AM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
tbr:{4D25FB7A-8902-4291-960E-9ADA051CFBBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Crawler\Toolbar\ctbr.dll[] -> Crawler.com [Ver = 5.1.0.88 | Size = 1146880 bytes | Modified Date = 2/22/2008 10:15:42 AM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{1A26F07F-0D60-4835-91CF-1E1766A0EC56}[HKEY_LOCAL_MACHINE] -> http://scanner2.malware-scan.com/setup/webinst.cab[Reg Error: Key does not exist or could not be opened.] -> 
{1D4BC8B9-E9F8-4F60-B62B-865307C081A2}[HKEY_LOCAL_MACHINE] -> https://portal.rio.directv.com/echannelcmesm_enu/18372/applets/SiebelAx_HI_Client.cab[Siebel High Interactivity Framework] -> 
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab[YInstStarter Class] -> 
{68282C51-9459-467B-95BF-3C0E89627E55}[HKEY_LOCAL_MACHINE] -> http://www.mks.com.pl/skaner/SkanerOnline.cab[MksSkanerOnline Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0}[HKEY_LOCAL_MACHINE] -> http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe[VideoEgg ActiveX Loader] -> 
{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}[HKEY_LOCAL_MACHINE] -> http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB[TSEasyInstallX Control] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe[Virtools WebPlayer Class] -> 
{E5F5D008-DD2C-4D32-977D-1A0ADF03058B}[HKEY_LOCAL_MACHINE] -> https://willow.marshfieldclinic.org/dana-cached/setup/JuniperSetup.cab[JuniperSetup Control] -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 3/7/2008 11:17:06 AM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 3/7/2008 11:45:08 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063407616 bytes | Modified Date = 3/7/2008 11:33:17 AM | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 3/5/2008 2:50:04 PM | Attr =	]
ftwgcpscfthf.sys -> %SystemRoot%\System32\drivers\ftwgcpscfthf.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 6/8/2007 9:44:36 AM | Attr =	]
ifugvitthnpp.sys -> %SystemRoot%\System32\drivers\ifugvitthnpp.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 6/8/2007 9:44:36 AM | Attr =	]
SDTHOOK.SYS -> %SystemRoot%\System32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr =	]
sp_rsdrv2.sys -> %SystemRoot%\System32\drivers\sp_rsdrv2.sys ->  [Ver =  | Size = 138752 bytes | Modified Date = 2/22/2008 3:44:08 PM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2/19/2008 9:52:39 AM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 3/6/2008 7:17:49 AM | Attr =	]
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Created Date = 3/6/2008 11:58:07 AM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Modified Date = 3/25/2003 6:53:50 PM | Attr =	]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 16142 bytes | Modified Date = 3/7/2008 10:54:12 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Created Date = 3/6/2008 11:58:11 AM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/25/2008 10:49:10 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/25/2008 1:25:00 PM | Attr =	]
Spyware Terminator -> %AllUsersProfile%\Application Data\Spyware Terminator ->  [Folder | Created Date = 2/22/2008 3:44:07 PM | Attr =	]
Spyware Terminator -> %AppData%\Spyware Terminator ->  [Folder | Created Date = 2/22/2008 3:44:07 PM | Attr =	]
Vundo Virus -> %UserProfile%\My Documents\Vundo Virus ->  [Folder | Created Date = 3/5/2008 12:19:37 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1826 bytes | Modified Date = 2/25/2008 10:49:23 AM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1826 bytes | Modified Date = 2/25/2008 10:49:23 AM | Attr =	]
Spyware Terminator.lnk -> %AllUsersProfile%\Desktop\Spyware Terminator.lnk ->  [Ver =  | Size = 833 bytes | Modified Date = 2/22/2008 3:46:10 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/7/2008 7:15:45 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Created Date = 3/7/2008 11:08:02 AM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Modified Date = 3/7/2008 11:07:21 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1770 bytes | Modified Date = 2/26/2008 12:39:58 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/26/2008 12:36:59 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
Panda ActiveScan.lnk -> %UserProfile%\Desktop\Panda ActiveScan.lnk ->  [Ver =  | Size = 1336 bytes | Modified Date = 3/6/2008 7:30:03 AM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 969 bytes | Modified Date = 2/25/2008 1:25:07 PM | Attr =	]
VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 6.06.0001 | Size = 117248 bytes | Modified Date = 3/5/2008 2:48:00 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/7/2008 7:22:37 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481921 bytes | Modified Date = 3/7/2008 7:16:21 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2/25/2008 10:47:58 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 3/7/2008 11:17:49 AM | Attr =	]
c5408ab14793689c08a13febef72 -> %SystemDrive%\c5408ab14793689c08a13febef72 ->  [Folder | Modified Date = 3/6/2008 11:48:29 AM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/26/2008 10:28:18 AM | Attr =  HS]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 3/7/2008 11:45:08 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063407616 bytes | Modified Date = 3/7/2008 11:33:17 AM | Attr =  HS]
meta misc backup.pst -> %SystemDrive%\meta misc backup.pst ->  [Ver =  | Size = 49152 bytes | Modified Date = 3/7/2008 2:18:33 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/7/2008 11:17:06 AM | Attr = R  ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 3/5/2008 2:50:04 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/7/2008 11:33:34 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/26/2008 6:32:27 AM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 850 bytes | Modified Date = 2/25/2008 3:28:45 PM | Attr = R  ]
hosts.20080225-152845.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080225-152845.backup ->  [Ver =  | Size = 226637 bytes | Modified Date = 2/25/2008 2:31:05 PM | Attr =	]
sp_rsdrv2.sys -> %SystemRoot%\System32\drivers\sp_rsdrv2.sys ->  [Ver =  | Size = 138752 bytes | Modified Date = 2/22/2008 3:44:08 PM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2/19/2008 9:52:39 AM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 3/6/2008 11:51:35 AM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/26/2008 11:05:52 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/7/2008 11:35:40 AM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 3/6/2008 10:22:55 AM | Attr =	]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 27316 bytes | Modified Date = 3/7/2008 11:35:17 AM | Attr =	]
dla -> %SystemRoot%\System32\dla ->  [Folder | Modified Date = 3/6/2008 11:46:26 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/17/2008 5:57:42 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/7/2008 11:17:06 AM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Modified Date = 3/6/2008 11:58:07 AM | Attr =	]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 2/11/2008 7:00:48 PM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 53436 bytes | Modified Date = 3/7/2008 11:38:22 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 381692 bytes | Modified Date = 3/7/2008 11:38:22 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 441626 bytes | Modified Date = 3/7/2008 11:38:22 AM | Attr =	]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 3/6/2008 11:45:28 AM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 3/6/2008 11:43:33 AM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 3/6/2008 11:47:10 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 3/7/2008 11:35:33 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/12/2008 3:22:48 PM | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 3/6/2008 11:47:07 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/7/2008 11:33:18 AM | Attr =   S]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | Size = 16142 bytes | Modified Date = 3/7/2008 10:54:12 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/7/2008 11:47:45 AM | Attr =   S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 3:02:46 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/6/2008 11:58:06 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/25/2008 11:25:41 PM | Attr =  HS]
occache -> %SystemRoot%\occache ->  [Folder | Modified Date = 2/22/2008 2:53:04 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/7/2008 12:52:35 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/7/2008 11:33:39 AM | Attr =  H ]
QUICKEN.INI -> %SystemRoot%\QUICKEN.INI ->  [Ver =  | Size = 1064 bytes | Modified Date = 3/7/2008 10:26:44 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 3/6/2008 10:22:24 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/7/2008 11:38:22 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/26/2008 6:15:06 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/7/2008 1:51:00 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 3/7/2008 8:16:03 AM | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 370 bytes | Modified Date = 2/15/2008 1:16:24 AM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 372 bytes | Modified Date = 3/1/2008 1:00:56 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/7/2008 11:33:26 AM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 3/7/2008 11:35:10 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 3/7/2008 11:35:10 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 3/30/2007 5:20:33 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat ->  [Ver =  | Size = 11080 bytes | Modified Date = 1/23/2008 7:20:51 AM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
daas_s.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fsbld.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/7/2008 11:47:07 AM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/7/2008 11:47:20 AM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fsmart.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/7/2008 11:47:22 AM | Attr =	]
fspe32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/7/2008 11:47:20 AM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/7/2008 11:47:04 AM | Attr =	]
fsup32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/7/2008 11:47:20 AM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/7/2008 11:47:22 AM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/7/2008 11:46:52 AM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/7/2008 11:47:20 AM | Attr =	]
fspe32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/7/2008 11:47:20 AM | Attr =	]
fsup32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/7/2008 11:47:20 AM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsmart.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/7/2008 11:47:22 AM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/7/2008 11:47:22 AM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/7/2008 11:46:52 AM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/7/2008 11:47:04 AM | Attr =	]
fsblu.dll -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/7/2008 11:47:07 AM | Attr =	]
Perflib_Perfdata_bfc.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\Perflib_Perfdata_bfc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/7/2008 11:35:35 AM | Attr =	]
7 C:\Documents and Settings\Marcella Wester\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\*.tmp -> 
ext.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/7/2008 11:46:15 AM | Attr =	]
fsedb.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 549034 bytes | Modified Date = 3/7/2008 11:47:20 AM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
perf.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 3/7/2008 2:19:59 PM | Attr =	]
sae.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/7/2008 11:46:14 AM | Attr =	]
sai.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/7/2008 11:46:14 AM | Attr =	]
ext.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/7/2008 11:46:15 AM | Attr =	]
sae.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/7/2008 11:46:14 AM | Attr =	]
sai.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/7/2008 11:46:14 AM | Attr =	]
fsedb.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 549034 bytes | Modified Date = 3/7/2008 11:47:20 AM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/7/2008 11:47:21 AM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/7/2008 11:46:15 AM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/7/2008 11:46:12 AM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/7/2008 11:47:07 AM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/7/2008 11:47:20 AM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/7/2008 11:47:22 AM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/7/2008 11:47:04 AM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/7/2008 11:46:52 AM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/7/2008 11:46:13 AM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/7/2008 11:46:15 AM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/7/2008 11:46:12 AM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/7/2008 11:46:13 AM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/7/2008 11:47:25 AM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/7/2008 11:47:20 AM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/7/2008 11:47:22 AM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/7/2008 11:46:52 AM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/7/2008 11:47:04 AM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Marcella Wester\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/7/2008 11:47:07 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Dell -> %AllUsersProfile%\Application Data\Dell ->  [Folder | Modified Date = 2/25/2008 11:23:36 PM | Attr =	]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Modified Date = 3/6/2008 11:58:11 AM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/25/2008 10:50:29 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/25/2008 2:14:49 PM | Attr =	]
Spyware Terminator -> %AllUsersProfile%\Application Data\Spyware Terminator ->  [Folder | Modified Date = 2/27/2008 7:57:06 AM | Attr =	]
Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion ->  [Folder | Modified Date = 2/19/2008 11:16:17 AM | Attr =	]
ComcastToolbar -> %AppData%\ComcastToolbar ->  [Folder | Modified Date = 3/7/2008 2:12:48 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 2/20/2008 11:39:10 AM | Attr =   S]
Spyware Terminator -> %AppData%\Spyware Terminator ->  [Folder | Modified Date = 2/27/2008 7:15:26 AM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 3/7/2008 11:33:46 AM | Attr =	]
Default.rdp -> %UserProfile%\My Documents\Default.rdp ->  [Ver =  | Size = 1162 bytes | Modified Date = 3/7/2008 11:00:03 AM | Attr =  H ]
Meta -> %UserProfile%\My Documents\Meta ->  [Folder | Modified Date = 3/7/2008 11:03:05 AM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 2/21/2008 11:59:57 AM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/27/2008 12:57:26 PM | Attr = R  ]
Personal -> %UserProfile%\My Documents\Personal ->  [Folder | Modified Date = 3/5/2008 12:20:26 PM | Attr =	]
Vundo Virus -> %UserProfile%\My Documents\Vundo Virus ->  [Folder | Modified Date = 3/7/2008 2:17:39 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1826 bytes | Modified Date = 2/25/2008 10:49:23 AM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1826 bytes | Modified Date = 2/25/2008 10:49:23 AM | Attr =	]
Dell Support Center.lnk -> %AllUsersProfile%\Desktop\Dell Support Center.lnk ->  [Ver =  | Size = 0 bytes | Modified Date = 2/18/2008 10:52:00 AM | Attr =	]
Spyware Terminator.lnk -> %AllUsersProfile%\Desktop\Spyware Terminator.lnk ->  [Ver =  | Size = 833 bytes | Modified Date = 2/22/2008 3:46:10 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/7/2008 7:15:45 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Modified Date = 3/7/2008 11:08:02 AM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Modified Date = 3/7/2008 11:07:21 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1770 bytes | Modified Date = 2/26/2008 12:39:58 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/26/2008 12:36:59 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
MapleStory.lnk -> %UserProfile%\Desktop\MapleStory.lnk ->  [Ver =  | Size = 2373 bytes | Modified Date = 2/17/2008 8:02:56 PM | Attr =	]
Panda ActiveScan.lnk -> %UserProfile%\Desktop\Panda ActiveScan.lnk ->  [Ver =  | Size = 1336 bytes | Modified Date = 3/6/2008 7:30:03 AM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 969 bytes | Modified Date = 2/25/2008 1:25:07 PM | Attr =	]
VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 6.06.0001 | Size = 117248 bytes | Modified Date = 3/5/2008 2:48:00 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/7/2008 11:30:54 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481921 bytes | Modified Date = 3/7/2008 7:16:21 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
VPN Client.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\VPN Client.lnk ->  [Ver =  | Size = 2447 bytes | Modified Date = 3/7/2008 11:33:42 AM | Attr =	]
Scanner -> %CommonProgramFiles%\Scanner ->  [Folder | Modified Date = 3/6/2008 11:22:34 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/25/2008 10:47:58 AM | Attr =	]

< End of report >

Whew...that went much better then i expected and am thankful for your great directions. I noticed when restarting after the 1st WinPFind35u scan that i didn't receive the nll errors! I also haven't had the system error or the security pop-ups. Is my pc all better?

thx,
mwe

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:55 AM

Posted 08 March 2008 - 08:01 AM

Hi mwe. That all looks pretty good. There is one other thing we need to do.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
Note: If there is an Update XX in the name then the "XX" in the version will be whatever the latest version is.
  • Download the latest version of Java Runtime Environment (JRE) 6.0 Update XX (if present).
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_6_0_XX-windowsi586-p.exe to install the newest version.
Now run the system for a couple of days to make sure it remains stable and then get back to me so we can do some final cleanup.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 08 March 2008 - 09:32 AM

Hi there OT,

I removed Java version SEV1.4.203 and installed the latest version JRE-6u5-windowi586-p as you instructed. I'll run the system for a few days and report back early next Wed w/ how things are going. Things are running OH SO much better so far!!!

thx again,

mwe :thumbsup:

#8 mwe

mwe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 12 March 2008 - 09:06 AM

Hi there OT,

My pc continues to run as expected...no popups, no errors, no system check popups, its a WONDERFUL thing!!! I wondered if I should remove all the programs installed during my truma? HJTInstall, AdWare, AdWatch, HijackThis, Spybot-Search & Distroy, AFT Cleaner, WinPfind35u, jre-6u5-win. Did u see any other items that i should also remove or anything else i need to be aware of? What steps do i need to take to ensure that this never happens again.

Thx so much for your help.

mwe :thumbsup:

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:55 AM

Posted 12 March 2008 - 10:55 AM

That's good news mwe. Then let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set. WPF's cleanup function will remove the specialized tools we used like Avenger, VundoFix, and WPF itself. Any of the other scanners and things that were like Spybot or AdAware you can do with what you want. Some people keep them and use them occasionally as part of a general maintenance plan while others remove them.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start WinPFind35
    Click the CleanUp button
  • WinPFind35 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • WinPFind35 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users