Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So Many Problems. Slow, Ie And Ff Not Coming Up And More....


  • Please log in to reply
11 replies to this topic

#1 Iron Smile

Iron Smile

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 29 February 2008 - 10:22 AM

Here lately, mt computer is gradually getting slower. Most of the time when i am on either Internet Explorer or FireFox, the page just wont load! sometimes the pages do load, but it takes FOREVER. that keeps up and i have to turn the comp off for a minute, then turn it back on and them it works. Also, some of the time, when i am turning on my computer, before the desktop comes on, there is a orange light where the green light is suposed to be on the tower, i have HP pivillian, Windows XP, so if anyone knows what im talking about...

But the orange light comes on the tower and the desktop dont come on, so i turn it off, the BAD way i know, bad thing, but i turn it back ona nd it says i have to choose norma mode, safe mode.... ect.

Anyways, also IE doesnt com up at all sometimes! this window for Send error report or Dont comes up instead, again i have to restart the computer then it comes up.

Thats all i can think of at the moment. To anyone that can help, THANKS!
_________________________

Hijack this log:
_________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:02 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Media\csrss.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\windows\system\Update.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\Update.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gaiaonline.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178051025564
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178055270984
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 9807 bytes

Edited by Iron Smile, 29 February 2008 - 10:23 AM.


BC AdBot (Login to Remove)

 


#2 Iron Smile

Iron Smile
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 01 March 2008 - 10:28 AM

I used spybot, cleanmgr, and adaware. Still doing same thing. Just wanted to update my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:57 AM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Media\csrss.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system\Update.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\Update.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Spybot - Search & Destroy\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gaiaonline.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178051025564
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178055270984
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 9861 bytes

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:36 AM

Posted 08 March 2008 - 12:54 PM

Hello Iron Smile and welcome to the BC HijackThis forum. Let's see what we can find. Follow the steps below in order.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 Iron Smile

Iron Smile
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 08 March 2008 - 04:22 PM

WinPFind35 logfile created on: 3/8/2008 4:20:00 PM

WinPFind35U Version 1.0.4.0	 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind35u

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

479.48 Mb Total Physical Memory | 77.63 Mb Available Physical Memory | 16.19% Memory free

1.10 Gb Paging File | 0.75 Gb Available in Paging File | 68.67% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 50.61 Gb Total Space | 7.95 Gb Free Space | 15.71% Space Free | Partition Type: NTFS

Drive D: | 5.27 Gb Total Space | 1.05 Gb Free Space | 19.98% Space Free | Partition Type: FAT32

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: YOUR-6JNHHU0520

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =	]

ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =	]

csrss.exe -> %SystemRoot%\Media\csrss.exe ->  [Ver = 1.00 | Size = 69632 bytes | Modified Date = 1/21/2008 3:38:57 PM | Attr =	]

hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 4/17/2002 8:42:56 PM | Attr =	]

searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 9:59:38 AM | Attr =	]

mm_tray.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 110592 bytes | Modified Date = 1/19/2006 10:06:18 AM | Attr =	]

kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 4:44:24 PM | Attr =	]

hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ->  [Ver = 2, 6, 0, 162 | Size = 77824 bytes | Modified Date = 4/17/2002 8:49:16 PM | Attr =	]

searchsettings.exe -> %ProgramFiles%\Search Settings\SearchSettings.exe -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1069920 bytes | Modified Date = 12/6/2007 11:58:18 AM | Attr =	]

mmdiag.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 102400 bytes | Modified Date = 1/19/2006 10:06:18 AM | Attr =	]

ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =	]

update.exe -> %SystemRoot%\system\Update.exe -> - [Ver = 1.00.0004 | Size = 225280 bytes | Modified Date = 1/21/2007 1:26:47 PM | Attr =  H ]

aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:26 PM | Attr =	]

mim.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mim.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 416768 bytes | Modified Date = 1/19/2006 10:06:16 AM | Attr =	]

weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 4, 1, 0, 2 | Size = 790528 bytes | Modified Date = 10/26/2002 6:59:38 AM | Attr =	]

update.exe -> %SystemRoot%\system\Update.exe -> - [Ver = 1.00.0004 | Size = 225280 bytes | Modified Date = 1/21/2007 1:26:47 PM | Attr =  H ]

btdna.exe -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/12/2008 8:58:52 PM | Attr =	]

easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe ->  [Ver = 5, 0, 25, 230 | Size = 151552 bytes | Modified Date = 7/22/2005 2:47:22 AM | Attr =	]

aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 7:52:48 PM | Attr =	]

kodak software updater.exe -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ->  [Ver =  | Size = 16423 bytes | Modified Date = 2/13/2004 1:12:08 PM | Attr =	]

ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 6/11/2007 5:16:12 PM | Attr =	]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]

mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]

ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =	]

ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =	]

winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.4.0 | Size = 311296 bytes | Modified Date = 3/8/2008 12:04:54 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 5/1/2007 4:23:43 PM | Attr =	]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]

(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =	]

(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =	]

(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =	]

(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =	]

(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =	]

(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/21/2008 2:51:21 PM | Attr =	]

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr =	]

(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 411920 bytes | Modified Date = 3/30/2005 3:46:56 PM | Attr =	]

(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 61440 bytes | Modified Date = 10/1/2002 2:39:00 AM | Attr =	]

(ThreatFire) ThreatFire [Win32_Own | Auto | Stopped] -> %ProgramFiles%\ThreatFire\TFService.exe -> File not found



[Driver Services - Non-Microsoft Only]

(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 9:49:02 AM | Attr =	]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found

(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5730 built by: WinDDK | Size = 2279424 bytes | Modified Date = 10/1/2004 9:24:02 AM | Attr =	]

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 9:55:46 AM | Attr =	]

(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 9:53:39 AM | Attr =	]

(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 9:51:52 AM | Attr =	]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -> File not found

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\DcCam.sys -> Eastman Kodak Company [Ver = 1.7.0614.0 | Size = 37150 bytes | Modified Date = 6/16/2005 1:41:02 PM | Attr =	]

(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcFpoint.sys -> Eastman Kodak Company [Ver = 1.6.0331.0 | Size = 61564 bytes | Modified Date = 3/31/2005 6:47:42 AM | Attr =	]

(DCFS2K) Kodak DCFS2K Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\DCFS2k.sys -> Eastman Kodak Company [Ver = 1.0.4100.7 | Size = 38673 bytes | Modified Date = 3/31/2005 6:47:48 AM | Attr =	]

(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcLps.sys -> Eastman Kodak Company [Ver = 1.6.0331.0 | Size = 8022 bytes | Modified Date = 3/31/2005 6:47:50 AM | Attr =	]

(DcPTP) DcPTP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcPtp.sys -> Eastman Kodak Company [Ver = 1.6.0331.0 | Size = 70262 bytes | Modified Date = 3/31/2005 6:47:56 AM | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:17 AM | Attr =	]

(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr =	]

(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found

(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> VERITAS Software, Inc. [Ver = 3.21.45a | Size = 82784 bytes | Modified Date = 10/21/2002 1:21:00 PM | Attr =	]

(Exportit) Exportit [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\ExportIt.sys -> Eastman Kodak Company [Ver = 1.0.8900.9 | Size = 152081 bytes | Modified Date = 3/31/2005 7:00:08 AM | Attr =	]

(Freedom) Freedom Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\freedom.sys -> Zero-Knowledge Systems Inc. [Ver = 4.0.0.1 | Size = 28416 bytes | Modified Date = 9/6/2002 12:27:12 AM | Attr = R  ]

(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 1:44:04 PM | Attr =	]

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.13.01.3264 | Size = 79323 bytes | Modified Date = 9/16/2002 10:04:10 PM | Attr =	]

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(ltmodem5) LT Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 625537 bytes | Modified Date = 3/31/2003 1:29:00 PM | Attr =	]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(mrtRate) mrtRate [Kernel | Auto | Stopped] ->  -> File not found

(NPF) Netgroup Packet Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> CACE Technologies [Ver = 4.0.0.901 | Size = 42512 bytes | Modified Date = 6/29/2007 8:01:48 AM | Attr =	]

(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:54 AM | Attr =	]

(oreans32) oreans32 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\oreans32.sys ->  [Ver =  | Size = 33824 bytes | Modified Date = 8/22/2007 11:02:53 PM | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 201 | Size = 9856 bytes | Modified Date = 10/28/2002 2:01:48 AM | Attr = R  ]

(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 19072 bytes | Modified Date = 12/12/2005 5:27:00 PM | Attr =	]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.18a | Size = 20576 bytes | Modified Date = 9/23/2004 1:03:00 AM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/4/2004 12:31:32 AM | Attr =	]

(S3Psddr) S3Psddr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Modified Date = 5/26/2003 12:57:50 PM | Attr =	]

(SbcpHid) SbcpHid [Kernel | System | Running] -> %SystemRoot%\system32\drivers\SbcpHid.sys ->  [Ver = 1.00 | Size = 22400 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr =	]

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 6.1.3010.0 built by: WinDDK | Size = 28160 bytes | Modified Date = 7/17/2002 10:25:18 PM | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found

(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found

(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found

(TfFsMon) TfFsMon [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\TfFsMon.sys -> File not found

(TfNetMon) TfNetMon [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TfNetMon.sys -> File not found

(TfSysMon) TfSysMon [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\TfSysMon.sys -> File not found

(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 9/30/2007 4:46:37 PM | Attr =	]

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.00.00.2410 built by: VIA | Size = 27648 bytes | Modified Date = 3/4/2002 2:10:00 PM | Attr =	]

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3264 | Size = 91678 bytes | Modified Date = 9/16/2002 10:05:26 PM | Attr =	]

({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3264 | Size = 71514 bytes | Modified Date = 9/16/2002 10:05:36 PM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =	]

BearShare -> %ProgramFiles%\BearShare\BearShare.exe -> File not found

DDCActiveMenu -> %ProgramFiles%\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe -> WildTangent [Ver = 1, 1, 1, 019 | Size = 86016 bytes | Modified Date = 6/8/2002 4:20:44 AM | Attr =	]

KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 4:44:24 PM | Attr =	]

MimBoot -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 11776 bytes | Modified Date = 1/19/2006 10:06:16 AM | Attr =	]

MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 110592 bytes | Modified Date = 1/19/2006 10:06:18 AM | Attr =	]

nwiz -> %SystemRoot%\system32\nwiz.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 372736 bytes | Modified Date = 10/1/2002 2:39:00 AM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr =	]

Recguard -> %SystemRoot%\SMINST\Recguard.exe ->  [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 12:42:26 AM | Attr =	]

SearchSettings -> %ProgramFiles%\Search Settings\SearchSettings.exe -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1069920 bytes | Modified Date = 12/6/2007 11:58:18 AM | Attr =	]

Share-to-Web Namespace Daemon -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 4/17/2002 8:42:56 PM | Attr =	]

StorageGuard -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 6/18/2002 11:01:00 AM | Attr =	]

Windows Updates -> %SystemRoot%\system\Update.exe -> - [Ver = 1.00.0004 | Size = 225280 bytes | Modified Date = 1/21/2007 1:26:47 PM | Attr =  H ]

YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 9:59:38 AM | Attr =	]

< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 

 ->  -> File not found

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:26 PM | Attr =	]

BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/12/2008 8:58:52 PM | Attr =	]

MsnMsgr -> %ProgramFiles%\Windows Live\Messenger\MsnMsgr.Exe -> File not found

NVIEW -> %SystemRoot%\system32\nview.dll -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 548933 bytes | Modified Date = 10/1/2002 2:39:00 AM | Attr =	]

Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 4, 1, 0, 2 | Size = 790528 bytes | Modified Date = 10/26/2002 6:59:38 AM | Attr =	]

Windows Updates -> %SystemRoot%\system\Update.exe -> - [Ver = 1.00.0004 | Size = 225280 bytes | Modified Date = 1/21/2007 1:26:47 PM | Attr =  H ]

Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,402 | Size = 4670968 bytes | Modified Date = 6/11/2007 5:16:12 PM | Attr =	]

YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 9:59:38 AM | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe ->  [Ver = 5, 0, 25, 230 | Size = 151552 bytes | Modified Date = 7/22/2005 2:47:22 AM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Kodak software updater.lnk -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ->  [Ver =  | Size = 16423 bytes | Modified Date = 2/13/2004 1:12:08 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 53248 bytes | Modified Date = 9/20/2002 10:20:02 PM | Attr =	]

< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 

%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 6:16:50 PM | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

explorer.exe C:\WINDOWS\Media\csrss.exe ->  -> File not found

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,1847 | Size = 315392 bytes | Modified Date = 9/9/2002 10:05:00 AM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://neopets.com/ -> 

HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 

HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr =	]

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;*.local -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 

online_musicmatch.com [https] -> Trusted sites -> 

2 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 33 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr =	]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] ->  [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 10:02:04 PM | Attr =	]

{100EB1FD-D03E-47FD-81F3-EE91287F9465} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShoppingReport] -> ShopperReports [Ver = 2.5.0.9 | Size = 1173024 bytes | Modified Date = 2/6/2008 7:13:58 AM | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value  does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 12:04:00 AM | Attr =	]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr =	]

{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]

{E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Search Settings\kb125\SearchSettings.dll [SearchSettings Class] -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1198432 bytes | Modified Date = 12/6/2007 11:58:16 AM | Attr =	]

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports] -> ShopperReports [Ver = 2.5.0.9 | Size = 1173024 bytes | Modified Date = 2/6/2008 7:13:58 AM | Attr =	]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\hp\EXPLOREBAR\HPTOOLKT.DLL [hp toolkit] -> Hewlett-Packard Company [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 8/16/2002 12:44:50 AM | Attr =	]

{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

ShellBrowser\\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\hp\EXPLOREBAR\HPTOOLKT.DLL [hp toolkit] -> Hewlett-Packard Company [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 8/16/2002 12:44:50 AM | Attr =	]

ShellBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]

WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]

WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr =	]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr =	]

{17A27031-71FC-11d4-815C-005004D0F1FA}:Exec -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser] ->  [Ver =  | Size = 2 bytes | Modified Date = 7/26/2002 8:59:44 PM | Attr =	]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]

{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 5/25/2006 12:22:06 AM | Attr =	]

{C5428486-50A0-4a02-9D20-520B59A9F9B2}:{C9CCBB35-D123-4a31-AFFC-9B2933132116} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports - Compare product prices] -> ShopperReports [Ver = 2.5.0.9 | Size = 1173024 bytes | Modified Date = 2/6/2008 7:13:58 AM | Attr =	]

{C5428486-50A0-4a02-9D20-520B59A9F9B3}:{A16AD1E9-F69A-45af-9462-B1C286708842} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports - Compare travel rates] -> ShopperReports [Ver = 2.5.0.9 | Size = 1173024 bytes | Modified Date = 2/6/2008 7:13:58 AM | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser] ->  [Ver =  | Size = 2 bytes | Modified Date = 7/26/2002 8:59:44 PM | Attr =	]

CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]

CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports - Compare product prices] -> ShopperReports [Ver = 2.5.0.9 | Size = 1173024 bytes | Modified Date = 2/6/2008 7:13:58 AM | Attr =	]

CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [ShopperReports - Compare travel rates] -> ShopperReports [Ver = 2.5.0.9 | Size = 1173024 bytes | Modified Date = 2/6/2008 7:13:58 AM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 11:56:24 PM | Attr =	]

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{5753DB1D-321A-4478-826B-EAA0E025D9DA} ->	(Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178051025564[WUWebControl Class] -> 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178055270984[MUWebControl Class] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 

{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 784 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 29776 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,402 | Size = 4670968 bytes | Modified Date = 6/11/2007 5:16:12 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 587568 bytes | Modified Date = 2/11/2008 3:08:04 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.4.3.1 | Size = 15997240 bytes | Modified Date = 9/26/2007 1:41:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater] ->  [Ver =  | Size = 16423 bytes | Modified Date = 2/13/2004 1:12:08 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:26 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe -> C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0] -> SmartFTP GmbH [Ver = 2.0.996.29 | Size = 5164704 bytes | Modified Date = 1/5/2006 1:57:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] ->  [Ver = 5, 0, 25, 230 | Size = 151552 bytes | Modified Date = 7/22/2005 2:47:22 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 6/11/2007 5:16:14 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.0.12: 2007050813 | Size = 7209069 bytes | Modified Date = 6/1/2007 4:24:15 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/12/2008 8:58:52 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BearShare\BearShare.exe -> C:\Program Files\BearShare\BearShare.exe [C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{C075FB45-D274-4947-9CF8-D5DA72501D00} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5753DB1D-321A-4478-826B-EAA0E025D9DA} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{65C1C352-0454-4074-A8A8-0C78DE3CD6DF} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 2/8/2008 1:27:26 PM | Attr =  HS]

TMPComedy - Jerry Clowers - Physical Examination.dat -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat ->  [Ver =  | Size = 587 bytes | Created Date = 3/5/2008 8:39:19 PM | Attr =	]

TMPComedy - Jerry Clowers - Physical Examination.dat.bak -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat.bak ->  [Ver =  | Size = 587 bytes | Created Date = 3/5/2008 4:09:33 PM | Attr =	]

TMPComedy - Jerry Clowers - Physical Examination.mp3 -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.mp3 ->  [Ver =  | Size = 1372160 bytes | Created Date = 3/4/2008 3:21:02 PM | Attr =	]

TMPJerry Clower - Why Can't Johnny Read.dat -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat ->  [Ver =  | Size = 762 bytes | Created Date = 3/5/2008 8:39:19 PM | Attr =	]

TMPJerry Clower - Why Can't Johnny Read.dat.bak -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat.bak ->  [Ver =  | Size = 762 bytes | Created Date = 3/5/2008 4:09:33 PM | Attr =	]

TMPJerry Clower - Why Can't Johnny Read.MP3 -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.MP3 ->  [Ver =  | Size = 6166528 bytes | Created Date = 3/4/2008 3:32:30 PM | Attr =	]

TMPJerry Clowers - Marines are Tough.dat -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat ->  [Ver =  | Size = 663 bytes | Created Date = 3/5/2008 8:39:20 PM | Attr =	]

TMPJerry Clowers - Marines are Tough.dat.bak -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat.bak ->  [Ver =  | Size = 663 bytes | Created Date = 3/5/2008 4:09:33 PM | Attr =	]

TMPJerry Clowers - Marines are Tough.mp3 -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.mp3 ->  [Ver =  | Size = 2763173 bytes | Created Date = 3/4/2008 3:18:54 PM | Attr =	]

TMPJerry Clowers - Talkin' Dog.dat -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat ->  [Ver =  | Size = 721 bytes | Created Date = 3/5/2008 8:39:20 PM | Attr =	]

TMPJerry Clowers - Talkin' Dog.dat.bak -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat.bak ->  [Ver =  | Size = 721 bytes | Created Date = 3/5/2008 4:09:33 PM | Attr =	]

TMPJerry Clowers - Talkin' Dog.mp3 -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.mp3 ->  [Ver =  | Size = 5091830 bytes | Created Date = 3/5/2008 8:41:49 AM | Attr =	]

TMPJerry Clowers - The Hitch Hiker.dat -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat ->  [Ver =  | Size = 686 bytes | Created Date = 3/5/2008 8:39:20 PM | Attr =	]

TMPJerry Clowers - The Hitch Hiker.dat.bak -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat.bak ->  [Ver =  | Size = 686 bytes | Created Date = 3/5/2008 4:09:33 PM | Attr =	]

TMPJerry Clowers - The Hitch Hiker.mp3 -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.mp3 ->  [Ver =  | Size = 876544 bytes | Created Date = 3/4/2008 3:21:02 PM | Attr =	]

libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 2/20/2008 9:05:34 PM | Attr =	]

ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 2/20/2008 9:05:34 PM | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Created Date = 2/13/2008 9:02:02 PM | Attr =	]

unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2550 bytes | Created Date = 2/25/2008 10:25:00 AM | Attr =	]

unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 2/25/2008 10:24:11 AM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 133 bytes | Created Date = 2/20/2008 7:58:26 PM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

DNA -> %AppData%\DNA ->  [Folder | Created Date = 2/12/2008 8:58:47 PM | Attr =	]

Move Networks -> %AppData%\Move Networks ->  [Folder | Created Date = 2/22/2008 10:02:24 AM | Attr =	]

ShoppingReport -> %AppData%\ShoppingReport ->  [Folder | Created Date = 2/22/2008 10:17:26 AM | Attr =	]

DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Created Date = 2/12/2008 8:58:49 PM | Attr =	]

BitTorrent.lnk -> %AllUsersProfile%\Desktop\BitTorrent.lnk ->  [Ver =  | Size = 717 bytes | Created Date = 2/12/2008 8:59:10 PM | Attr =	]

Fine_Line_-_Little_Big_Town.flv -> %UserProfile%\Desktop\Fine_Line_-_Little_Big_Town.flv ->  [Ver =  | Size = 345 bytes | Created Date = 3/5/2008 11:54:43 PM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Created Date = 2/29/2008 10:01:27 AM | Attr =	]

Jerry -> %UserProfile%\Desktop\Jerry ->  [Folder | Created Date = 3/4/2008 3:19:30 PM | Attr =	]

MP3 -> %UserProfile%\Desktop\MP3 ->  [Folder | Created Date = 3/4/2008 3:11:16 PM | Attr =	]

Rascal_Flatts.flv -> %UserProfile%\Desktop\Rascal_Flatts.flv ->  [Ver =  | Size = 3554028 bytes | Created Date = 3/7/2008 12:09:44 AM | Attr =	]

The_Rolling_Stones_-_Start_Me_Up.flv -> %UserProfile%\Desktop\The_Rolling_Stones_-_Start_Me_Up.flv ->  [Ver =  | Size = 8526436 bytes | Created Date = 3/6/2008 7:02:25 PM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/8/2008 4:17:24 PM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482464 bytes | Created Date = 3/8/2008 4:17:02 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/9/2008 7:14:20 AM | Attr =  HS]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 502845440 bytes | Modified Date = 3/8/2008 12:47:43 PM | Attr =  HS]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/5/2008 1:16:09 PM | Attr =	]

TMPComedy - Jerry Clowers - Physical Examination.dat -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat ->  [Ver =  | Size = 587 bytes | Modified Date = 3/5/2008 8:39:19 PM | Attr =	]

TMPComedy - Jerry Clowers - Physical Examination.dat.bak -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat.bak ->  [Ver =  | Size = 587 bytes | Modified Date = 3/5/2008 4:09:33 PM | Attr =	]

TMPComedy - Jerry Clowers - Physical Examination.mp3 -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.mp3 ->  [Ver =  | Size = 1372160 bytes | Modified Date = 3/4/2008 3:21:02 PM | Attr =	]

TMPJerry Clower - Why Can't Johnny Read.dat -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat ->  [Ver =  | Size = 762 bytes | Modified Date = 3/5/2008 8:39:19 PM | Attr =	]

TMPJerry Clower - Why Can't Johnny Read.dat.bak -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat.bak ->  [Ver =  | Size = 762 bytes | Modified Date = 3/5/2008 4:09:33 PM | Attr =	]

TMPJerry Clower - Why Can't Johnny Read.MP3 -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.MP3 ->  [Ver =  | Size = 6166528 bytes | Modified Date = 3/4/2008 3:32:30 PM | Attr =	]

TMPJerry Clowers - Marines are Tough.dat -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat ->  [Ver =  | Size = 663 bytes | Modified Date = 3/5/2008 8:39:20 PM | Attr =	]

TMPJerry Clowers - Marines are Tough.dat.bak -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat.bak ->  [Ver =  | Size = 663 bytes | Modified Date = 3/5/2008 4:09:33 PM | Attr =	]

TMPJerry Clowers - Marines are Tough.mp3 -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.mp3 ->  [Ver =  | Size = 2763173 bytes | Modified Date = 3/4/2008 3:18:54 PM | Attr =	]

TMPJerry Clowers - Talkin' Dog.dat -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat ->  [Ver =  | Size = 721 bytes | Modified Date = 3/5/2008 8:39:20 PM | Attr =	]

TMPJerry Clowers - Talkin' Dog.dat.bak -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat.bak ->  [Ver =  | Size = 721 bytes | Modified Date = 3/5/2008 4:09:33 PM | Attr =	]

TMPJerry Clowers - Talkin' Dog.mp3 -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.mp3 ->  [Ver =  | Size = 5091830 bytes | Modified Date = 3/5/2008 8:41:49 AM | Attr =	]

TMPJerry Clowers - The Hitch Hiker.dat -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat ->  [Ver =  | Size = 686 bytes | Modified Date = 3/5/2008 8:39:20 PM | Attr =	]

TMPJerry Clowers - The Hitch Hiker.dat.bak -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat.bak ->  [Ver =  | Size = 686 bytes | Modified Date = 3/5/2008 4:09:33 PM | Attr =	]

TMPJerry Clowers - The Hitch Hiker.mp3 -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.mp3 ->  [Ver =  | Size = 876544 bytes | Modified Date = 3/4/2008 3:21:02 PM | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/6/2008 12:15:24 PM | Attr =	]

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/5/2008 4:04:35 PM | Attr =	]

2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 9:02:10 PM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/13/2008 9:02:10 PM | Attr =	]

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1610560 bytes | Modified Date = 2/9/2008 7:14:49 AM | Attr =	]

FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 3/6/2008 8:06:41 PM | Attr =	]

libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 2/20/2008 9:05:34 PM | Attr =	]

ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 2/20/2008 9:05:34 PM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 3/8/2008 12:49:06 PM | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 5:19:04 AM | Attr =  H ]

2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/8/2008 12:47:44 PM | Attr =   S]

Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2/13/2008 9:02:20 PM | Attr =	]

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2/8/2008 1:18:54 PM | Attr = R S]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 9:02:02 PM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 9:02:10 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/8/2008 1:30:00 PM | Attr =  HS]

mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 6740 bytes | Modified Date = 2/19/2008 7:11:59 PM | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/8/2008 4:17:45 PM | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/4/2008 3:10:28 PM | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/8/2008 4:15:38 PM | Attr =	]

unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/25/2008 10:25:00 AM | Attr =	]

unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/25/2008 10:24:11 AM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 133 bytes | Modified Date = 2/20/2008 7:58:26 PM | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 3/7/2008 11:22:05 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/8/2008 12:47:54 PM | Attr =  H ]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 12664 bytes | Modified Date = 3/8/2008 12:49:39 PM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 12664 bytes | Modified Date = 3/8/2008 12:49:39 PM | Attr =	]

IadHide5.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 62R) | Size = 24613 bytes | Modified Date = 2/11/2004 3:58:16 PM | Attr =	]

6 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 

Perflib_Perfdata_654.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_654.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/8/2008 6:44:03 AM | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 2/8/2008 1:29:59 PM | Attr =   S]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/25/2008 10:22:16 AM | Attr =	]

BitTorrent -> %AppData%\BitTorrent ->  [Folder | Modified Date = 3/4/2008 3:29:01 PM | Attr =	]

DNA -> %AppData%\DNA ->  [Folder | Modified Date = 3/8/2008 4:18:21 PM | Attr =	]

Move Networks -> %AppData%\Move Networks ->  [Folder | Modified Date = 2/22/2008 10:05:42 AM | Attr =	]

ShoppingReport -> %AppData%\ShoppingReport ->  [Folder | Modified Date = 3/8/2008 2:27:43 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 153088 bytes | Modified Date = 3/5/2008 12:09:47 AM | Attr =	]

DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Modified Date = 2/12/2008 8:58:49 PM | Attr =	]

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 113056 bytes | Modified Date = 2/8/2008 9:35:11 PM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4284276 bytes | Modified Date = 2/15/2008 12:15:07 AM | Attr =  H ]

Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 3/8/2008 12:47:54 PM | Attr =	]

ESBK.mb -> %AllUsersProfile%\Documents\ESBK.mb ->  [Ver =  | Size = 596992 bytes | Modified Date = 3/8/2008 12:48:57 PM | Attr = R  ]

ESBK.mbb -> %AllUsersProfile%\Documents\ESBK.mbb ->  [Ver =  | Size = 745472 bytes | Modified Date = 3/8/2008 12:49:01 PM | Attr = R  ]

My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 3/6/2008 10:45:01 PM | Attr = R  ]

My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 3/4/2008 11:53:26 AM | Attr = R  ]

My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 910 bytes | Modified Date = 2/8/2008 1:28:38 PM | Attr =	]

My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 2/15/2008 8:01:47 PM | Attr =   S]

Updater -> %UserProfile%\My Documents\Updater ->  [Folder | Modified Date = 2/28/2008 11:58:01 AM | Attr =	]

BitTorrent.lnk -> %AllUsersProfile%\Desktop\BitTorrent.lnk ->  [Ver =  | Size = 717 bytes | Modified Date = 2/12/2008 8:59:10 PM | Attr =	]

iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 3/6/2008 12:09:44 PM | Attr =	]

Fine_Line_-_Little_Big_Town.flv -> %UserProfile%\Desktop\Fine_Line_-_Little_Big_Town.flv ->  [Ver =  | Size = 345 bytes | Modified Date = 3/5/2008 11:54:43 PM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 2/29/2008 10:01:27 AM | Attr =	]

Jerry -> %UserProfile%\Desktop\Jerry ->  [Folder | Modified Date = 3/4/2008 4:25:21 PM | Attr =	]

Mom -> %UserProfile%\Desktop\Mom ->  [Folder | Modified Date = 3/1/2008 10:42:59 PM | Attr =	]

MP3 -> %UserProfile%\Desktop\MP3 ->  [Folder | Modified Date = 3/4/2008 5:43:10 PM | Attr =	]

My Folders -> %UserProfile%\Desktop\My Folders ->  [Folder | Modified Date = 3/6/2008 12:06:43 AM | Attr =	]

Rascal_Flatts.flv -> %UserProfile%\Desktop\Rascal_Flatts.flv ->  [Ver =  | Size = 3554028 bytes | Modified Date = 3/7/2008 12:09:44 AM | Attr =	]

The_Rolling_Stones_-_Start_Me_Up.flv -> %UserProfile%\Desktop\The_Rolling_Stones_-_Start_Me_Up.flv ->  [Ver =  | Size = 8526436 bytes | Modified Date = 3/6/2008 7:02:25 PM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/8/2008 4:19:06 PM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482464 bytes | Modified Date = 3/8/2008 4:17:02 PM | Attr =	]

Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2/8/2008 1:29:59 PM | Attr =	]



< End of report >


#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:36 AM

Posted 08 March 2008 - 05:30 PM

Hi Iron Smile. Let's see what we can do with this. Follow the steps below in order.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%SystemRoot%\Media\csrss.exe
%SystemRoot%\system\Update.exe
%SystemRoot%\wininit.ini
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> csrss.exe -> %SystemRoot%\Media\csrss.exe
YY -> update.exe -> %SystemRoot%\system\Update.exe
YY -> update.exe -> %SystemRoot%\system\Update.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> BearShare -> %ProgramFiles%\BearShare\BearShare.exe
YY -> Windows Updates -> %SystemRoot%\system\Update.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> MsnMsgr -> %ProgramFiles%\Windows Live\Messenger\MsnMsgr.Exe
YY -> Windows Updates -> %SystemRoot%\system\Update.exe
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> ShellBrowser\\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BearShare\BearShare.exe -> C:\Program Files\BearShare\BearShare.exe [C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare]
[Files/Folders - Created Within 30 days]
NY -> wininit.ini -> %SystemRoot%\wininit.ini
[Files/Folders - Modified Within 30 days]
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> wininit.ini -> %SystemRoot%\wininit.ini
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 Iron Smile

Iron Smile
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 08 March 2008 - 08:19 PM

AVENGER:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\Media\csrss.exe" deleted successfully.
File "C:\WINDOWS\system\Update.exe" deleted successfully.
File "C:\WINDOWS\wininit.ini" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

FIX Log

Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process csrss.exe .
File C:\WINDOWS\Media\csrss.exe not found.
Unable to kill process update.exe .
File C:\WINDOWS\system\Update.exe not found.
Unable to kill process update.exe .
File C:\WINDOWS\system\Update.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BearShare not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Updates not found.
File C:\WINDOWS\system\Update.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Updates not found.
File C:\WINDOWS\system\Update.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BearShare\BearShare.exe not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\wininit.ini not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\wininit.ini not found!
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\JET9630.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\me_5bITfn2FXpySCkM scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\me_aIoi3aQPZLdVLcL scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\me_GAgkROhRoOqXEpI scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\me_hcacT7i0ekKerf2 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\me_jKEpscS95AkPSYp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_650.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.4.0 fix logfile created on 03082008_200602

im doing 3 and 4 now, i wil post that soon.

#7 Iron Smile

Iron Smile
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 08 March 2008 - 11:27 PM

for the f secure thingie, i did the whole thing, but it never showed a report O_o

WinPFind35 logfile created on: 3/8/2008 11:26:55 PM
WinPFind35U Version 1.0.4.0	 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
479.48 Mb Total Physical Memory | 226.14 Mb Available Physical Memory | 47.16% Memory free
1.10 Gb Paging File | 0.80 Gb Available in Paging File | 72.35% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.61 Gb Total Space | 7.85 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 1.05 Gb Free Space | 19.98% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-6JNHHU0520
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =	]
hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 4/17/2002 8:42:56 PM | Attr =	]
searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 9:59:38 AM | Attr =	]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 110592 bytes | Modified Date = 1/19/2006 10:06:18 AM | Attr =	]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 4:44:24 PM | Attr =	]
searchsettings.exe -> %ProgramFiles%\Search Settings\SearchSettings.exe -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1069920 bytes | Modified Date = 12/6/2007 11:58:18 AM | Attr =	]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =	]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:26 PM | Attr =	]
weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 4, 1, 0, 2 | Size = 790528 bytes | Modified Date = 10/26/2002 6:59:38 AM | Attr =	]
btdna.exe -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/12/2008 8:58:52 PM | Attr =	]
easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe ->  [Ver = 5, 0, 25, 230 | Size = 151552 bytes | Modified Date = 7/22/2005 2:47:22 AM | Attr =	]
kodak software updater.exe -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ->  [Ver =  | Size = 16423 bytes | Modified Date = 2/13/2004 1:12:08 PM | Attr =	]
hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ->  [Ver = 2, 6, 0, 162 | Size = 77824 bytes | Modified Date = 4/17/2002 8:49:16 PM | Attr =	]
mmdiag.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 102400 bytes | Modified Date = 1/19/2006 10:06:18 AM | Attr =	]
mim.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mim.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 416768 bytes | Modified Date = 1/19/2006 10:06:16 AM | Attr =	]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 7:52:48 PM | Attr =	]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 6/11/2007 5:16:12 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.0.12: 2007050813 | Size = 7209069 bytes | Modified Date = 6/1/2007 4:24:15 AM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.4.0 | Size = 311296 bytes | Modified Date = 3/8/2008 12:04:54 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 5/1/2007 4:23:43 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/21/2008 2:51:21 PM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr =	]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 411920 bytes | Modified Date = 3/30/2005 3:46:56 PM | Attr =	]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 61440 bytes | Modified Date = 10/1/2002 2:39:00 AM | Attr =	]
(ThreatFire) ThreatFire [Win32_Own | Auto | Stopped] -> %ProgramFiles%\ThreatFire\TFService.exe -> File not found

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 9:49:02 AM | Attr =	]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5730 built by: WinDDK | Size = 2279424 bytes | Modified Date = 10/1/2004 9:24:02 AM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 9:55:46 AM | Attr =	]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 9:53:39 AM | Attr =	]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 9:51:52 AM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\DcCam.sys -> Eastman Kodak Company [Ver = 1.7.0614.0 | Size = 37150 bytes | Modified Date = 6/16/2005 1:41:02 PM | Attr =	]
(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcFpoint.sys -> Eastman Kodak Company [Ver = 1.6.0331.0 | Size = 61564 bytes | Modified Date = 3/31/2005 6:47:42 AM | Attr =	]
(DCFS2K) Kodak DCFS2K Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\DCFS2k.sys -> Eastman Kodak Company [Ver = 1.0.4100.7 | Size = 38673 bytes | Modified Date = 3/31/2005 6:47:48 AM | Attr =	]
(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcLps.sys -> Eastman Kodak Company [Ver = 1.6.0331.0 | Size = 8022 bytes | Modified Date = 3/31/2005 6:47:50 AM | Attr =	]
(DcPTP) DcPTP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DcPtp.sys -> Eastman Kodak Company [Ver = 1.6.0331.0 | Size = 70262 bytes | Modified Date = 3/31/2005 6:47:56 AM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:17 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> VERITAS Software, Inc. [Ver = 3.21.45a | Size = 82784 bytes | Modified Date = 10/21/2002 1:21:00 PM | Attr =	]
(Exportit) Exportit [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\ExportIt.sys -> Eastman Kodak Company [Ver = 1.0.8900.9 | Size = 152081 bytes | Modified Date = 3/31/2005 7:00:08 AM | Attr =	]
(Freedom) Freedom Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\freedom.sys -> Zero-Knowledge Systems Inc. [Ver = 4.0.0.1 | Size = 28416 bytes | Modified Date = 9/6/2002 12:27:12 AM | Attr = R  ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 1:44:04 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.13.01.3264 | Size = 79323 bytes | Modified Date = 9/16/2002 10:04:10 PM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 625537 bytes | Modified Date = 3/31/2003 1:29:00 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(mrtRate) mrtRate [Kernel | Auto | Stopped] ->  -> File not found
(NPF) Netgroup Packet Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> CACE Technologies [Ver = 4.0.0.901 | Size = 42512 bytes | Modified Date = 6/29/2007 8:01:48 AM | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:54 AM | Attr =	]
(oreans32) oreans32 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\oreans32.sys ->  [Ver =  | Size = 33824 bytes | Modified Date = 8/22/2007 11:02:53 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 201 | Size = 9856 bytes | Modified Date = 10/28/2002 2:01:48 AM | Attr = R  ]
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 19072 bytes | Modified Date = 12/12/2005 5:27:00 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.18a | Size = 20576 bytes | Modified Date = 9/23/2004 1:03:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/4/2004 12:31:32 AM | Attr =	]
(S3Psddr) S3Psddr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Modified Date = 5/26/2003 12:57:50 PM | Attr =	]
(SbcpHid) SbcpHid [Kernel | System | Running] -> %SystemRoot%\system32\drivers\SbcpHid.sys ->  [Ver = 1.00 | Size = 22400 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 6.1.3010.0 built by: WinDDK | Size = 28160 bytes | Modified Date = 7/17/2002 10:25:18 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TfFsMon) TfFsMon [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\TfFsMon.sys -> File not found
(TfNetMon) TfNetMon [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TfNetMon.sys -> File not found
(TfSysMon) TfSysMon [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\TfSysMon.sys -> File not found
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 9/30/2007 4:46:37 PM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.00.00.2410 built by: VIA | Size = 27648 bytes | Modified Date = 3/4/2002 2:10:00 PM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3264 | Size = 91678 bytes | Modified Date = 9/16/2002 10:05:26 PM | Attr =	]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3264 | Size = 71514 bytes | Modified Date = 9/16/2002 10:05:36 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =	]
DDCActiveMenu -> %ProgramFiles%\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe -> WildTangent [Ver = 1, 1, 1, 019 | Size = 86016 bytes | Modified Date = 6/8/2002 4:20:44 AM | Attr =	]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 4:44:24 PM | Attr =	]
MimBoot -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 11776 bytes | Modified Date = 1/19/2006 10:06:16 AM | Attr =	]
MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 110592 bytes | Modified Date = 1/19/2006 10:06:18 AM | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 372736 bytes | Modified Date = 10/1/2002 2:39:00 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr =	]
Recguard -> %SystemRoot%\SMINST\Recguard.exe ->  [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 12:42:26 AM | Attr =	]
SearchSettings -> %ProgramFiles%\Search Settings\SearchSettings.exe -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1069920 bytes | Modified Date = 12/6/2007 11:58:18 AM | Attr =	]
Share-to-Web Namespace Daemon -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 4/17/2002 8:42:56 PM | Attr =	]
StorageGuard -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 6/18/2002 11:01:00 AM | Attr =	]
Windows Updates -> %SystemRoot%\system\Update.exe -> File not found
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 9:59:38 AM | Attr =	]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 
 ->  -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:26 PM | Attr =	]
BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/12/2008 8:58:52 PM | Attr =	]
NVIEW -> %SystemRoot%\system32\nview.dll -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 548933 bytes | Modified Date = 10/1/2002 2:39:00 AM | Attr =	]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 4, 1, 0, 2 | Size = 790528 bytes | Modified Date = 10/26/2002 6:59:38 AM | Attr =	]
Windows Updates -> %SystemRoot%\system\Update.exe -> File not found
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,402 | Size = 4670968 bytes | Modified Date = 6/11/2007 5:16:12 PM | Attr =	]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 9:59:38 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe ->  [Ver = 5, 0, 25, 230 | Size = 151552 bytes | Modified Date = 7/22/2005 2:47:22 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Kodak software updater.lnk -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ->  [Ver =  | Size = 16423 bytes | Modified Date = 2/13/2004 1:12:08 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 53248 bytes | Modified Date = 9/20/2002 10:20:02 PM | Attr =	]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 6:16:50 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe C:\WINDOWS\Media\csrss.exe ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,1847 | Size = 315392 bytes | Modified Date = 9/9/2002 10:05:00 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://neopets.com/ -> 
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;*.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 33 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] ->  [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 10:02:04 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value  does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 12:04:00 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr =	]
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Search Settings\kb125\SearchSettings.dll [SearchSettings Class] -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1198432 bytes | Modified Date = 12/6/2007 11:58:16 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\hp\EXPLOREBAR\HPTOOLKT.DLL [hp toolkit] -> Hewlett-Packard Company [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 8/16/2002 12:44:50 AM | Attr =	]
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\hp\EXPLOREBAR\HPTOOLKT.DLL [hp toolkit] -> Hewlett-Packard Company [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 8/16/2002 12:44:50 AM | Attr =	]
ShellBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]
WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 5:28:46 PM | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 4:39:26 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr =	]
{17A27031-71FC-11d4-815C-005004D0F1FA}:Exec -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser] ->  [Ver =  | Size = 2 bytes | Modified Date = 7/26/2002 8:59:44 PM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 5/25/2006 12:22:06 AM | Attr =	]
{C5428486-50A0-4a02-9D20-520B59A9F9B2}:{C9CCBB35-D123-4a31-AFFC-9B2933132116} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ShopperReports - Compare product prices] -> File not found
{C5428486-50A0-4a02-9D20-520B59A9F9B3}:{A16AD1E9-F69A-45af-9462-B1C286708842} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ShopperReports - Compare travel rates] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser] ->  [Ver =  | Size = 2 bytes | Modified Date = 7/26/2002 8:59:44 PM | Attr =	]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]
CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B2} [HKEY_LOCAL_MACHINE] ->  [ShopperReports - Compare product prices] -> File not found
CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B3} [HKEY_LOCAL_MACHINE] ->  [ShopperReports - Compare travel rates] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 11:56:24 PM | Attr =	]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5753DB1D-321A-4478-826B-EAA0E025D9DA} ->	(Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178051025564[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178055270984[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 3/8/2008 7:52:08 PM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 2/8/2008 1:27:26 PM | Attr =  HS]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 3/8/2008 8:14:35 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.dat -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat ->  [Ver =  | Size = 587 bytes | Created Date = 3/5/2008 8:39:19 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.dat.bak -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat.bak ->  [Ver =  | Size = 587 bytes | Created Date = 3/5/2008 4:09:33 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.mp3 -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.mp3 ->  [Ver =  | Size = 1372160 bytes | Created Date = 3/4/2008 3:21:02 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.dat -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat ->  [Ver =  | Size = 762 bytes | Created Date = 3/5/2008 8:39:19 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.dat.bak -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat.bak ->  [Ver =  | Size = 762 bytes | Created Date = 3/5/2008 4:09:33 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.MP3 -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.MP3 ->  [Ver =  | Size = 6166528 bytes | Created Date = 3/4/2008 3:32:30 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.dat -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat ->  [Ver =  | Size = 663 bytes | Created Date = 3/5/2008 8:39:20 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.dat.bak -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat.bak ->  [Ver =  | Size = 663 bytes | Created Date = 3/5/2008 4:09:33 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.mp3 -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.mp3 ->  [Ver =  | Size = 2763173 bytes | Created Date = 3/4/2008 3:18:54 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.dat -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat ->  [Ver =  | Size = 721 bytes | Created Date = 3/5/2008 8:39:20 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.dat.bak -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat.bak ->  [Ver =  | Size = 721 bytes | Created Date = 3/5/2008 4:09:33 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.mp3 -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.mp3 ->  [Ver =  | Size = 5091830 bytes | Created Date = 3/5/2008 8:41:49 AM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.dat -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat ->  [Ver =  | Size = 686 bytes | Created Date = 3/5/2008 8:39:20 PM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.dat.bak -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat.bak ->  [Ver =  | Size = 686 bytes | Created Date = 3/5/2008 4:09:33 PM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.mp3 -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.mp3 ->  [Ver =  | Size = 876544 bytes | Created Date = 3/4/2008 3:21:02 PM | Attr =	]
libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 2/20/2008 9:05:34 PM | Attr =	]
ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 2/20/2008 9:05:34 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Created Date = 2/13/2008 9:02:02 PM | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2550 bytes | Created Date = 2/25/2008 10:25:00 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 2/25/2008 10:24:11 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
DNA -> %AppData%\DNA ->  [Folder | Created Date = 2/12/2008 8:58:47 PM | Attr =	]
Move Networks -> %AppData%\Move Networks ->  [Folder | Created Date = 2/22/2008 10:02:24 AM | Attr =	]
ShoppingReport -> %AppData%\ShoppingReport ->  [Folder | Created Date = 2/22/2008 10:17:26 AM | Attr =	]
DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Created Date = 2/12/2008 8:58:49 PM | Attr =	]
BitTorrent.lnk -> %AllUsersProfile%\Desktop\BitTorrent.lnk ->  [Ver =  | Size = 717 bytes | Created Date = 2/12/2008 8:59:10 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Created Date = 3/8/2008 7:48:29 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Created Date = 2/29/2008 10:01:27 AM | Attr =	]
Jerry -> %UserProfile%\Desktop\Jerry ->  [Folder | Created Date = 3/4/2008 3:19:30 PM | Attr =	]
Life_in_a_Nothern_Town_-_cmt_tour_2007.flv -> %UserProfile%\Desktop\Life_in_a_Nothern_Town_-_cmt_tour_2007.flv ->  [Ver =  | Size = 10575922 bytes | Created Date = 3/8/2008 10:50:02 PM | Attr =	]
MP3 -> %UserProfile%\Desktop\MP3 ->  [Folder | Created Date = 3/4/2008 3:11:16 PM | Attr =	]
Rascal_Flatts.flv -> %UserProfile%\Desktop\Rascal_Flatts.flv ->  [Ver =  | Size = 3554028 bytes | Created Date = 3/7/2008 12:09:44 AM | Attr =	]
The_Rolling_Stones_-_Start_Me_Up.flv -> %UserProfile%\Desktop\The_Rolling_Stones_-_Start_Me_Up.flv ->  [Ver =  | Size = 8526436 bytes | Created Date = 3/6/2008 7:02:25 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/8/2008 4:17:24 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482464 bytes | Created Date = 3/8/2008 4:17:02 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 3/8/2008 7:52:50 PM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/9/2008 7:14:20 AM | Attr =  HS]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 3/8/2008 8:14:35 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 502845440 bytes | Modified Date = 3/8/2008 8:09:27 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/5/2008 1:16:09 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.dat -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat ->  [Ver =  | Size = 587 bytes | Modified Date = 3/5/2008 8:39:19 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.dat.bak -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat.bak ->  [Ver =  | Size = 587 bytes | Modified Date = 3/5/2008 4:09:33 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.mp3 -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.mp3 ->  [Ver =  | Size = 1372160 bytes | Modified Date = 3/4/2008 3:21:02 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.dat -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat ->  [Ver =  | Size = 762 bytes | Modified Date = 3/5/2008 8:39:19 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.dat.bak -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat.bak ->  [Ver =  | Size = 762 bytes | Modified Date = 3/5/2008 4:09:33 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.MP3 -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.MP3 ->  [Ver =  | Size = 6166528 bytes | Modified Date = 3/4/2008 3:32:30 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.dat -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat ->  [Ver =  | Size = 663 bytes | Modified Date = 3/5/2008 8:39:20 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.dat.bak -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat.bak ->  [Ver =  | Size = 663 bytes | Modified Date = 3/5/2008 4:09:33 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.mp3 -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.mp3 ->  [Ver =  | Size = 2763173 bytes | Modified Date = 3/4/2008 3:18:54 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.dat -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat ->  [Ver =  | Size = 721 bytes | Modified Date = 3/5/2008 8:39:20 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.dat.bak -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat.bak ->  [Ver =  | Size = 721 bytes | Modified Date = 3/5/2008 4:09:33 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.mp3 -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.mp3 ->  [Ver =  | Size = 5091830 bytes | Modified Date = 3/5/2008 8:41:49 AM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.dat -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat ->  [Ver =  | Size = 686 bytes | Modified Date = 3/5/2008 8:39:20 PM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.dat.bak -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat.bak ->  [Ver =  | Size = 686 bytes | Modified Date = 3/5/2008 4:09:33 PM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.mp3 -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.mp3 ->  [Ver =  | Size = 876544 bytes | Modified Date = 3/4/2008 3:21:02 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/8/2008 7:59:06 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/8/2008 8:14:26 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 9:02:10 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/8/2008 7:52:08 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1610560 bytes | Modified Date = 2/9/2008 7:14:49 AM | Attr =	]
FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 3/7/2008 5:19:11 PM | Attr =	]
libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 2/20/2008 9:05:34 PM | Attr =	]
ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 2/20/2008 9:05:34 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 3/8/2008 8:10:50 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 5:19:04 AM | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/8/2008 8:09:29 PM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2/13/2008 9:02:20 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/8/2008 8:17:53 PM | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2/8/2008 1:18:54 PM | Attr = R S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 9:02:02 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 9:02:10 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/8/2008 1:30:00 PM | Attr =  HS]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 3/8/2008 7:52:08 PM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 6740 bytes | Modified Date = 2/19/2008 7:11:59 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/8/2008 8:18:16 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 3/8/2008 7:52:08 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/8/2008 7:59:06 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/8/2008 8:11:24 PM | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/25/2008 10:25:00 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/25/2008 10:24:11 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 3/7/2008 11:22:05 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/8/2008 8:09:34 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 3/8/2008 8:11:54 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 3/8/2008 8:11:54 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
avenger.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for avenger.zip\avenger.exe ->  [Ver =  | Size = 731136 bytes | Modified Date = 3/3/2008 12:19:40 PM | Attr =	]
IadHide5.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 62R) | Size = 24613 bytes | Modified Date = 2/11/2004 3:58:16 PM | Attr =	]
4 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 
AVPFPI0.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
daas_s.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fsbld.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/8/2008 8:16:33 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/8/2008 8:16:39 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/8/2008 8:16:32 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/8/2008 8:16:38 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/8/2008 8:16:38 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/8/2008 8:16:40 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/8/2008 8:16:12 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/8/2008 8:16:38 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/8/2008 8:16:38 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/8/2008 8:16:39 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/8/2008 8:16:40 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/8/2008 8:16:12 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/8/2008 8:16:32 PM | Attr =	]
fsblu.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/8/2008 8:16:33 PM | Attr =	]
ext.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/8/2008 8:15:48 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 550562 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/8/2008 8:16:38 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/8/2008 8:16:38 PM | Attr =	]
perf.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 3/8/2008 8:18:06 PM | Attr =	]
sae.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/8/2008 8:15:48 PM | Attr =	]
sai.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/8/2008 8:15:48 PM | Attr =	]
ext.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/8/2008 8:15:48 PM | Attr =	]
sae.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/8/2008 8:15:48 PM | Attr =	]
sai.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/8/2008 8:15:48 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 550562 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/8/2008 8:16:38 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/8/2008 8:16:38 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/8/2008 8:15:48 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/8/2008 8:15:45 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/8/2008 8:16:33 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/8/2008 8:16:39 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/8/2008 8:16:32 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/8/2008 8:16:12 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/8/2008 8:15:46 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/8/2008 8:15:48 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/8/2008 8:15:45 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/8/2008 8:15:46 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/8/2008 8:16:43 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/8/2008 8:16:37 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/8/2008 8:16:39 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/8/2008 8:16:12 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/8/2008 8:16:32 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/8/2008 8:16:33 PM | Attr =	]
Perflib_Perfdata_650.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_650.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/8/2008 8:09:35 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 2/8/2008 1:29:59 PM | Attr =   S]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/25/2008 10:22:16 AM | Attr =	]
BitTorrent -> %AppData%\BitTorrent ->  [Folder | Modified Date = 3/4/2008 3:29:01 PM | Attr =	]
DNA -> %AppData%\DNA ->  [Folder | Modified Date = 3/8/2008 11:20:05 PM | Attr =	]
Move Networks -> %AppData%\Move Networks ->  [Folder | Modified Date = 2/22/2008 10:05:42 AM | Attr =	]
ShoppingReport -> %AppData%\ShoppingReport ->  [Folder | Modified Date = 3/8/2008 2:27:43 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 153088 bytes | Modified Date = 3/5/2008 12:09:47 AM | Attr =	]
DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Modified Date = 2/12/2008 8:58:49 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 113056 bytes | Modified Date = 2/8/2008 9:35:11 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4284276 bytes | Modified Date = 2/15/2008 12:15:07 AM | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 3/8/2008 8:09:51 PM | Attr =	]
ESBK.mb -> %AllUsersProfile%\Documents\ESBK.mb ->  [Ver =  | Size = 596992 bytes | Modified Date = 3/8/2008 8:10:40 PM | Attr = R  ]
ESBK.mbb -> %AllUsersProfile%\Documents\ESBK.mbb ->  [Ver =  | Size = 745472 bytes | Modified Date = 3/8/2008 8:10:42 PM | Attr = R  ]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 3/6/2008 10:45:01 PM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 3/4/2008 11:53:26 AM | Attr = R  ]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 910 bytes | Modified Date = 2/8/2008 1:28:38 PM | Attr =	]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 2/15/2008 8:01:47 PM | Attr =   S]
Updater -> %UserProfile%\My Documents\Updater ->  [Folder | Modified Date = 2/28/2008 11:58:01 AM | Attr =	]
BitTorrent.lnk -> %AllUsersProfile%\Desktop\BitTorrent.lnk ->  [Ver =  | Size = 717 bytes | Modified Date = 2/12/2008 8:59:10 PM | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 3/6/2008 12:09:44 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Modified Date = 3/8/2008 7:48:29 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 2/29/2008 10:01:27 AM | Attr =	]
Jerry -> %UserProfile%\Desktop\Jerry ->  [Folder | Modified Date = 3/4/2008 4:25:21 PM | Attr =	]
Life_in_a_Nothern_Town_-_cmt_tour_2007.flv -> %UserProfile%\Desktop\Life_in_a_Nothern_Town_-_cmt_tour_2007.flv ->  [Ver =  | Size = 10575922 bytes | Modified Date = 3/8/2008 10:50:02 PM | Attr =	]
Mom -> %UserProfile%\Desktop\Mom ->  [Folder | Modified Date = 3/1/2008 10:42:59 PM | Attr =	]
MP3 -> %UserProfile%\Desktop\MP3 ->  [Folder | Modified Date = 3/4/2008 5:43:10 PM | Attr =	]
My Folders -> %UserProfile%\Desktop\My Folders ->  [Folder | Modified Date = 3/6/2008 12:06:43 AM | Attr =	]
Rascal_Flatts.flv -> %UserProfile%\Desktop\Rascal_Flatts.flv ->  [Ver =  | Size = 3554028 bytes | Modified Date = 3/7/2008 12:09:44 AM | Attr =	]
The_Rolling_Stones_-_Start_Me_Up.flv -> %UserProfile%\Desktop\The_Rolling_Stones_-_Start_Me_Up.flv ->  [Ver =  | Size = 8526436 bytes | Modified Date = 3/6/2008 7:02:25 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/8/2008 4:20:32 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482464 bytes | Modified Date = 3/8/2008 4:17:02 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2/8/2008 1:29:59 PM | Attr =	]

< End of report >

Also, so far everything is going good. computer is faster, some interent pages are still a little slow, its its a WHOLE lot better than it was. thanks for helping me, too!

Edited by Iron Smile, 08 March 2008 - 11:29 PM.


#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:36 AM

Posted 09 March 2008 - 12:47 AM

Hi Iron Smile. that looks much better. Just a couple of left-over ones that it said were removed but are still there. Let's try them again.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Windows Updates -> %SystemRoot%\system\Update.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Windows Updates -> %SystemRoot%\system\Update.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YN -> explorer.exe C:\WINDOWS\Media\csrss.exe -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

Next, launch Notepad, and copy/paste the text in the codebox below into the new document. Save it to your desktop as regfix.reg :

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

Locate regfix.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.

Restart your computer.

Finally, run a new WinPFind35 scan (just use the default settings) and post that and the fix log (from the MovedFiles folder) back here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 Iron Smile

Iron Smile
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 09 March 2008 - 12:58 PM

FIX log:
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Updates not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Updates not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:explorer.exe C:\WINDOWS\Media\csrss.exe deleted successfully.
< End of fix log >
WinPFind35U Version 1.0.4.0 fix logfile created on 03092008_135552


gonna restart now and do the rest in a minute.

#10 Iron Smile

Iron Smile
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 09 March 2008 - 01:04 PM

WinPFind35 logfile created on: 3/9/2008 2:03:11 PM
WinPFind35U Version 1.0.4.0	 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
479.48 Mb Total Physical Memory | 153.90 Mb Available Physical Memory | 32.10% Memory free
1.10 Gb Paging File | 0.84 Gb Available in Paging File | 76.11% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.61 Gb Total Space | 7.72 Gb Free Space | 15.26% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 1.05 Gb Free Space | 19.98% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-6JNHHU0520
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 10:36:33 AM | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 9:00:16 AM | Attr =	]
hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 4/17/2002 9:42:56 PM | Attr =	]
sgtray.exe -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 6/18/2002 12:01:00 PM | Attr =	]
searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 10:59:38 AM | Attr =	]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 110592 bytes | Modified Date = 1/19/2006 11:06:18 AM | Attr =	]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 5:44:24 PM | Attr =	]
searchsettings.exe -> %ProgramFiles%\Search Settings\SearchSettings.exe -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1069920 bytes | Modified Date = 12/6/2007 12:58:18 PM | Attr =	]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 9:00:23 AM | Attr =	]
mmdiag.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 102400 bytes | Modified Date = 1/19/2006 11:06:18 AM | Attr =	]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 5:17:26 PM | Attr =	]
hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ->  [Ver = 2, 6, 0, 162 | Size = 77824 bytes | Modified Date = 4/17/2002 9:49:16 PM | Attr =	]
weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 4, 1, 0, 2 | Size = 790528 bytes | Modified Date = 10/26/2002 7:59:38 AM | Attr =	]
mim.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mim.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 416768 bytes | Modified Date = 1/19/2006 11:06:16 AM | Attr =	]
btdna.exe -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/12/2008 9:58:52 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe ->  [Ver = 5, 0, 25, 230 | Size = 151552 bytes | Modified Date = 7/22/2005 3:47:22 AM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr =	]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 8:52:48 PM | Attr =	]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 6/11/2007 6:16:12 PM | Attr =	]
kodak software updater.exe -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ->  [Ver =  | Size = 16423 bytes | Modified Date = 2/13/2004 2:12:08 PM | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 8:59:53 AM | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 8:59:01 AM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.4.0 | Size = 311296 bytes | Modified Date = 3/8/2008 1:04:54 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 5/1/2007 5:23:43 PM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 10:36:33 AM | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 9:00:16 AM | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 8:59:53 AM | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 8:59:01 AM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/21/2008 3:51:21 PM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 2:41:56 PM | Attr =	]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 411920 bytes | Modified Date = 3/30/2005 4:46:56 PM | Attr =	]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 61440 bytes | Modified Date = 10/1/2002 3:39:00 AM | Attr =	]
(ThreatFire) ThreatFire [Win32_Own | Auto | Stopped] -> %ProgramFiles%\ThreatFire\TFService.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 9:00:23 AM | Attr =	]
DDCActiveMenu -> %ProgramFiles%\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe -> WildTangent [Ver = 1, 1, 1, 019 | Size = 86016 bytes | Modified Date = 6/8/2002 5:20:44 AM | Attr =	]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 5:44:24 PM | Attr =	]
MimBoot -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 11776 bytes | Modified Date = 1/19/2006 11:06:16 AM | Attr =	]
MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 110592 bytes | Modified Date = 1/19/2006 11:06:18 AM | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 372736 bytes | Modified Date = 10/1/2002 3:39:00 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr =	]
Recguard -> %SystemRoot%\SMINST\Recguard.exe ->  [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 1:42:26 AM | Attr =	]
SearchSettings -> %ProgramFiles%\Search Settings\SearchSettings.exe -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1069920 bytes | Modified Date = 12/6/2007 12:58:18 PM | Attr =	]
Share-to-Web Namespace Daemon -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 4/17/2002 9:42:56 PM | Attr =	]
StorageGuard -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 6/18/2002 12:01:00 PM | Attr =	]
Windows Updates -> %SystemRoot%\system\Update.exe -> File not found
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 10:59:38 AM | Attr =	]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 
 ->  -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 5:17:26 PM | Attr =	]
BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2/12/2008 9:58:52 PM | Attr =	]
NVIEW -> %SystemRoot%\system32\nview.dll -> NVIDIA Corporation [Ver = 6.13.10.3190 | Size = 548933 bytes | Modified Date = 10/1/2002 3:39:00 AM | Attr =	]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 4, 1, 0, 2 | Size = 790528 bytes | Modified Date = 10/26/2002 7:59:38 AM | Attr =	]
Windows Updates -> %SystemRoot%\system\Update.exe -> File not found
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,402 | Size = 4670968 bytes | Modified Date = 6/11/2007 6:16:12 PM | Attr =	]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 10:59:38 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe ->  [Ver = 5, 0, 25, 230 | Size = 151552 bytes | Modified Date = 7/22/2005 3:47:22 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Kodak software updater.lnk -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ->  [Ver =  | Size = 16423 bytes | Modified Date = 2/13/2004 2:12:08 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 53248 bytes | Modified Date = 9/20/2002 11:20:02 PM | Attr =	]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 7:16:50 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,1847 | Size = 315392 bytes | Modified Date = 9/9/2002 11:05:00 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://neopets.com/ -> 
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 5:39:26 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;*.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 33 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 5:39:26 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] ->  [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 11:02:04 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value  does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:52 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr =	]
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 6:28:46 PM | Attr =	]
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Search Settings\kb125\SearchSettings.dll [SearchSettings Class] -> Vendio Services, Inc. [Ver = 1, 0, 0, 13 | Size = 1198432 bytes | Modified Date = 12/6/2007 12:58:16 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\hp\EXPLOREBAR\HPTOOLKT.DLL [hp toolkit] -> Hewlett-Packard Company [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 8/16/2002 1:44:50 AM | Attr =	]
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 6:28:46 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 5:39:26 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\hp\EXPLOREBAR\HPTOOLKT.DLL [hp toolkit] -> Hewlett-Packard Company [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 8/16/2002 1:44:50 AM | Attr =	]
ShellBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 6:28:46 PM | Attr =	]
WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628  | Size = 640552 bytes | Modified Date = 1/8/2007 6:28:46 PM | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 5:39:26 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr =	]
{17A27031-71FC-11d4-815C-005004D0F1FA}:Exec -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser] ->  [Ver =  | Size = 2 bytes | Modified Date = 7/26/2002 9:59:44 PM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:52 PM | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 5/25/2006 1:22:06 AM | Attr =	]
{C5428486-50A0-4a02-9D20-520B59A9F9B2}:{C9CCBB35-D123-4a31-AFFC-9B2933132116} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ShopperReports - Compare product prices] -> File not found
{C5428486-50A0-4a02-9D20-520B59A9F9B3}:{A16AD1E9-F69A-45af-9462-B1C286708842} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ShopperReports - Compare travel rates] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{17A27031-71FC-11d4-815C-005004D0F1FA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MarketBrowser\lmt\MarketBrowser_Launch.xpy [MktBrowser] ->  [Ver =  | Size = 2 bytes | Modified Date = 7/26/2002 9:59:44 PM | Attr =	]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:52 PM | Attr =	]
CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B2} [HKEY_LOCAL_MACHINE] ->  [ShopperReports - Compare product prices] -> File not found
CmdMapping\\{C5428486-50A0-4a02-9D20-520B59A9F9B3} [HKEY_LOCAL_MACHINE] ->  [ShopperReports - Compare travel rates] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/31/2001 12:56:24 AM | Attr =	]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5753DB1D-321A-4478-826B-EAA0E025D9DA} ->	(Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 1:42:30 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178051025564[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178055270984[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 3/8/2008 8:52:08 PM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 2/8/2008 2:27:26 PM | Attr =  HS]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 3/8/2008 9:14:35 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.dat -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat ->  [Ver =  | Size = 587 bytes | Created Date = 3/5/2008 9:39:19 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.dat.bak -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat.bak ->  [Ver =  | Size = 587 bytes | Created Date = 3/5/2008 5:09:33 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.mp3 -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.mp3 ->  [Ver =  | Size = 1372160 bytes | Created Date = 3/4/2008 4:21:02 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.dat -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat ->  [Ver =  | Size = 762 bytes | Created Date = 3/5/2008 9:39:19 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.dat.bak -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat.bak ->  [Ver =  | Size = 762 bytes | Created Date = 3/5/2008 5:09:33 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.MP3 -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.MP3 ->  [Ver =  | Size = 6166528 bytes | Created Date = 3/4/2008 4:32:30 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.dat -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat ->  [Ver =  | Size = 663 bytes | Created Date = 3/5/2008 9:39:20 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.dat.bak -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat.bak ->  [Ver =  | Size = 663 bytes | Created Date = 3/5/2008 5:09:33 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.mp3 -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.mp3 ->  [Ver =  | Size = 2763173 bytes | Created Date = 3/4/2008 4:18:54 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.dat -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat ->  [Ver =  | Size = 721 bytes | Created Date = 3/5/2008 9:39:20 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.dat.bak -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat.bak ->  [Ver =  | Size = 721 bytes | Created Date = 3/5/2008 5:09:33 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.mp3 -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.mp3 ->  [Ver =  | Size = 5091830 bytes | Created Date = 3/5/2008 9:41:49 AM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.dat -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat ->  [Ver =  | Size = 686 bytes | Created Date = 3/5/2008 9:39:20 PM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.dat.bak -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat.bak ->  [Ver =  | Size = 686 bytes | Created Date = 3/5/2008 5:09:33 PM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.mp3 -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.mp3 ->  [Ver =  | Size = 876544 bytes | Created Date = 3/4/2008 4:21:02 PM | Attr =	]
libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 2/20/2008 10:05:34 PM | Attr =	]
ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 2/20/2008 10:05:34 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Created Date = 2/13/2008 10:02:02 PM | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2550 bytes | Created Date = 2/25/2008 11:25:00 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 2/25/2008 11:24:11 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 3/8/2008 8:52:50 PM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/9/2008 8:14:20 AM | Attr =  HS]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 3/8/2008 9:14:35 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 502845440 bytes | Modified Date = 3/9/2008 2:00:54 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/5/2008 2:16:09 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.dat -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat ->  [Ver =  | Size = 587 bytes | Modified Date = 3/5/2008 9:39:19 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.dat.bak -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.dat.bak ->  [Ver =  | Size = 587 bytes | Modified Date = 3/5/2008 5:09:33 PM | Attr =	]
TMPComedy - Jerry Clowers - Physical Examination.mp3 -> %SystemDrive%\TMPComedy - Jerry Clowers - Physical Examination.mp3 ->  [Ver =  | Size = 1372160 bytes | Modified Date = 3/4/2008 4:21:02 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.dat -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat ->  [Ver =  | Size = 762 bytes | Modified Date = 3/5/2008 9:39:19 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.dat.bak -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.dat.bak ->  [Ver =  | Size = 762 bytes | Modified Date = 3/5/2008 5:09:33 PM | Attr =	]
TMPJerry Clower - Why Can't Johnny Read.MP3 -> %SystemDrive%\TMPJerry Clower - Why Can't Johnny Read.MP3 ->  [Ver =  | Size = 6166528 bytes | Modified Date = 3/4/2008 4:32:30 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.dat -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat ->  [Ver =  | Size = 663 bytes | Modified Date = 3/5/2008 9:39:20 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.dat.bak -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.dat.bak ->  [Ver =  | Size = 663 bytes | Modified Date = 3/5/2008 5:09:33 PM | Attr =	]
TMPJerry Clowers - Marines are Tough.mp3 -> %SystemDrive%\TMPJerry Clowers - Marines are Tough.mp3 ->  [Ver =  | Size = 2763173 bytes | Modified Date = 3/4/2008 4:18:54 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.dat -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat ->  [Ver =  | Size = 721 bytes | Modified Date = 3/5/2008 9:39:20 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.dat.bak -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.dat.bak ->  [Ver =  | Size = 721 bytes | Modified Date = 3/5/2008 5:09:33 PM | Attr =	]
TMPJerry Clowers - Talkin' Dog.mp3 -> %SystemDrive%\TMPJerry Clowers - Talkin' Dog.mp3 ->  [Ver =  | Size = 5091830 bytes | Modified Date = 3/5/2008 9:41:49 AM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.dat -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat ->  [Ver =  | Size = 686 bytes | Modified Date = 3/5/2008 9:39:20 PM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.dat.bak -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.dat.bak ->  [Ver =  | Size = 686 bytes | Modified Date = 3/5/2008 5:09:33 PM | Attr =	]
TMPJerry Clowers - The Hitch Hiker.mp3 -> %SystemDrive%\TMPJerry Clowers - The Hitch Hiker.mp3 ->  [Ver =  | Size = 876544 bytes | Modified Date = 3/4/2008 4:21:02 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/8/2008 8:59:06 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/8/2008 9:14:26 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 10:02:10 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/8/2008 8:52:08 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1610560 bytes | Modified Date = 2/9/2008 8:14:49 AM | Attr =	]
FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 3/7/2008 6:19:11 PM | Attr =	]
libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 2/20/2008 10:05:34 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 59326 bytes | Modified Date = 3/9/2008 7:02:18 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 394078 bytes | Modified Date = 3/9/2008 7:02:18 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 460912 bytes | Modified Date = 3/9/2008 7:02:18 AM | Attr =	]
ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 2/20/2008 10:05:34 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 3/9/2008 2:02:33 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 6:19:04 AM | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/9/2008 2:00:55 PM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2/13/2008 10:02:20 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/8/2008 9:17:53 PM | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2/8/2008 2:18:54 PM | Attr = R S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 10:02:02 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/13/2008 10:02:10 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/8/2008 2:30:00 PM | Attr =  HS]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 3/8/2008 8:52:08 PM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 6740 bytes | Modified Date = 2/19/2008 8:11:59 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/9/2008 1:58:12 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 3/8/2008 8:52:08 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/9/2008 7:02:18 AM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/9/2008 2:02:54 PM | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/25/2008 11:25:00 AM | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/25/2008 11:24:11 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 3/8/2008 12:22:05 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/9/2008 2:01:02 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 3/9/2008 2:02:58 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 3/9/2008 2:02:58 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
avenger.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for avenger.zip\avenger.exe ->  [Ver =  | Size = 731136 bytes | Modified Date = 3/3/2008 1:19:40 PM | Attr =	]
IadHide5.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 62R) | Size = 24613 bytes | Modified Date = 2/11/2004 4:58:16 PM | Attr =	]
5 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 
AVPFPI0.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
daas_s.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 4:59:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fsbld.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/8/2008 9:16:33 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/8/2008 9:16:39 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/8/2008 9:16:32 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/8/2008 9:16:38 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/8/2008 9:16:38 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/8/2008 9:16:40 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/8/2008 9:16:12 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/8/2008 9:16:38 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/8/2008 9:16:38 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/8/2008 9:16:39 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/8/2008 9:16:40 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/8/2008 9:16:12 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/8/2008 9:16:32 PM | Attr =	]
fsblu.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/8/2008 9:16:33 PM | Attr =	]
ext.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/8/2008 9:15:48 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 550562 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/8/2008 9:16:38 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/8/2008 9:16:38 PM | Attr =	]
perf.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 3/8/2008 9:18:06 PM | Attr =	]
sae.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/8/2008 9:15:48 PM | Attr =	]
sai.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/8/2008 9:15:48 PM | Attr =	]
ext.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/8/2008 9:15:48 PM | Attr =	]
sae.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/8/2008 9:15:48 PM | Attr =	]
sai.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/8/2008 9:15:48 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 550562 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/8/2008 9:16:38 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/8/2008 9:16:38 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/8/2008 9:15:48 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/8/2008 9:15:45 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/8/2008 9:16:33 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/8/2008 9:16:39 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/8/2008 9:16:32 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/8/2008 9:16:12 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/8/2008 9:15:46 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/8/2008 9:15:48 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/8/2008 9:15:45 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/8/2008 9:15:46 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/8/2008 9:16:43 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/8/2008 9:16:37 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/8/2008 9:16:39 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/8/2008 9:16:12 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/8/2008 9:16:32 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/8/2008 9:16:33 PM | Attr =	]
Perflib_Perfdata_650.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_650.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/8/2008 9:09:35 PM | Attr =	]
Perflib_Perfdata_654.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_654.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/9/2008 7:00:29 AM | Attr =	]

< End of report >


also, is it ok if i delete the regfix.reg thing after i did all that u said, merge it or whatever, is it ok if i delete it from the desktop?

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:36 AM

Posted 09 March 2008 - 01:17 PM

Hi Iron Smile. That all looks good. Yeah, you can delete that reg file. Run the system for a couple of days to make sure it remains stable and then get back to me. We have some final cleanup to do and then you'll be all set.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 Iron Smile

Iron Smile
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 09 March 2008 - 07:33 PM

ok thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users