Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked


  • Please log in to reply
9 replies to this topic

#1 noobalicious

noobalicious

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 01 March 2008 - 01:26 AM

Here's my hijackthis log.

thanks



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:00 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\DENNIS~1\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203711469.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9009 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:42 AM

Posted 08 March 2008 - 03:49 PM

Hello noobalicious and welcome to the BC HijackThis forum. Let's see what else we can find.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 noobalicious

noobalicious
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 09 March 2008 - 02:25 PM

Here ya go. Thanks.



WinPFind35 logfile created on: 3/9/2008 12:18:19 PM
WinPFind35U Version 1.0.4.1	 Folder = C:\Documents and Settings\dennis davis\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.11 Mb Total Physical Memory | 817.02 Mb Available Physical Memory | 80.57% Memory free
2.39 Gb Paging File | 2.30 Gb Available in Paging File | 96.54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.19 Gb Total Space | 42.30 Gb Free Space | 79.53% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 53.68 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-47253A5CC0
Current User Name: dennis davis
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 310784 bytes | Modified Date = 3/8/2008 5:37:12 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(AcerMemUsageCheckService) Memory Check Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\Acer\Empowering Technology\ePerformance\MemCheck.exe -> Acer Inc. [Ver = 2.0.2007.0 | Size = 28672 bytes | Modified Date = 3/29/2006 8:53:34 PM | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.154 | Size = 100032 bytes | Modified Date = 1/19/2006 11:29:54 AM | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/9/2008 8:22:08 AM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/14/2007 5:48:24 PM | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/9/2008 8:22:10 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(eLockService) eLock Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\Acer\Empowering Technology\eLock\Service\eLockServ.exe ->   [Ver = 2.1.2004.0 | Size = 20480 bytes | Modified Date = 8/29/2006 5:56:22 PM | Attr =	]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 11:29:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> Symantec Corporation [Ver = 3.0.0.154 | Size = 2041536 bytes | Modified Date = 1/19/2006 11:29:54 AM | Attr =	]
(LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\logitech\lvmvfm\LVPrcSrv.exe -> Logitech [Ver = 9.4.4.1082 | Size = 86016 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr =	]
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 11:28:14 AM | Attr =	]
(RoxLiveShare) LiveShare P2P Server [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxLiveShare.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 229376 bytes | Modified Date = 9/19/2005 4:25:20 PM | Attr =	]
(RoxMediaDB) RoxMediaDB [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxMediaDB.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 856064 bytes | Modified Date = 9/19/2005 4:24:00 PM | Attr =	]
(RoxUPnPRenderer) RoxUPnPRenderer [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -> Sonic Solutions [Ver = 8.0.0.212  | Size = 45056 bytes | Modified Date = 9/19/2005 3:57:14 PM | Attr =	]
(RoxUpnpServer) RoxUpnpServer [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -> Sonic Solutions [Ver = 8.0.1.72 | Size = 401408 bytes | Modified Date = 9/19/2005 3:56:32 PM | Attr =	]
(RoxWatch) Roxio Hard Drive Watcher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatch.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 155648 bytes | Modified Date = 9/19/2005 4:20:58 PM | Attr =	]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 11:31:32 AM | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1247600 bytes | Modified Date = 10/14/2007 5:14:00 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.9.0 [Kernel | Auto | Stopped] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.9.0 | Size = 21275 bytes | Modified Date = 2/7/2007 6:08:02 PM | Attr =	]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\AGRSM.sys -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 16:08:40 | Size = 1124097 bytes | Modified Date = 12/12/2005 4:08:44 PM | Attr =	]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]
(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Stopped] -> %SystemRoot%\System32\Drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/9/2008 8:21:58 AM | Attr =	]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Stopped] -> %SystemRoot%\System32\Drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 10/14/2007 5:48:32 PM | Attr =	]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Stopped] -> %SystemRoot%\System32\Drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 10/14/2007 5:48:32 PM | Attr =	]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/9/2008 8:22:12 AM | Attr =	]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Stopped] -> %SystemRoot%\System32\Drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 10/14/2007 5:48:32 PM | Attr =	]
(cdudf_xp) cdudf_xp [File_System | System | Stopped] -> %SystemRoot%\System32\drivers\Cdudf_xp.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 309632 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.07a | Size = 88016 bytes | Modified Date = 1/27/2005 3:22:00 AM | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\dvd_2k.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 27264 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(EpmPsd) Acer EPM Power Scheme Driver [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\epm-psd.sys -> Acer Value Labs, USA [Ver = 1.02 | Size = 4096 bytes | Modified Date = 4/22/2005 4:57:06 PM | Attr =	]
(EpmShd) Acer EPM System Hardware Driver [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\epm-shd.sys -> Acer Value Labs, USA [Ver = 1.23 | Size = 78208 bytes | Modified Date = 4/22/2005 4:57:06 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr =	]
(Hotkey) Hotkey [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\HOTKEY.sys ->  [Ver =  | Size = 9867 bytes | Modified Date = 4/28/2003 11:27:06 AM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4497 | Size = 1399615 bytes | Modified Date = 2/7/2006 9:04:34 AM | Attr =	]
(int15) int15 [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\int15.sys ->  [Ver =  | Size = 69632 bytes | Modified Date = 8/29/2006 4:02:00 PM | Attr =	]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5282 built by: WinDDK | Size = 4353024 bytes | Modified Date = 7/24/2006 5:15:04 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(lv321av) Logitech USB PC Camera (VC0321) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lv321av.sys -> Logitech [Ver = 9.4.4.1082 | Size = 1097728 bytes | Modified Date = 6/19/2006 12:20:24 PM | Attr =	]
(lvmvdrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lvmvdrv.sys ->  [Ver =  | Size = 2400128 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr =	]
(LVPrcMon) Logitech LVPrcMon Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVPrcMon.sys ->  [Ver =  | Size = 16768 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr =	]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lvusbsta.sys -> Logitech [Ver = 9.4.4.1082 | Size = 39424 bytes | Modified Date = 6/19/2006 12:16:16 PM | Attr =	]
(mailKmd) mailKmd [Kernel | System | Stopped] ->  -> File not found
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\mmc_2k.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 27136 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr =	]
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Modified Date = 11/2/2005 2:32:02 PM | Attr =	]
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/3/2004 11:00:52 PM | Attr =	]
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 6 | Size = 6144 bytes | Modified Date = 5/24/2006 10:11:16 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(psdfilter) psdfilter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\Drivers\psdfilter.sys -> HiTRUST [Ver = 2, 2, 0, 10 | Size = 12288 bytes | Modified Date = 4/7/2006 8:17:34 PM | Attr =	]
(psdvdisk) psdvdisk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\Drivers\psdvdisk.sys -> HiTRUST [Ver = 2, 2, 0, 4 | Size = 60416 bytes | Modified Date = 3/8/2006 5:10:52 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Pwd_2k.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 119168 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.09a | Size = 46080 bytes | Modified Date = 8/19/2005 6:00:00 PM | Attr =	]
(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr =	]
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\Rtenicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.638.1116.2005 built by: WinDDK | Size = 78976 bytes | Modified Date = 11/16/2005 4:08:16 PM | Attr =	]
(RxFilter) RxFilter [File_System | System | Stopped] -> %SystemRoot%\system32\DRIVERS\RxFilter.sys -> Sonic Solutions [Ver = 8.0.1.47 built by: WinDDK | Size = 50176 bytes | Modified Date = 9/19/2005 6:08:50 PM | Attr =	]
(s24trans) WLAN Transport [Kernel | Auto | Stopped] -> %SystemRoot%\system32\DRIVERS\s24trans.sys -> Intel Corporation [Ver = 10, 1, 0, 2 | Size = 13568 bytes | Modified Date = 11/28/2005 12:09:26 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:54 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr =	]
(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr =	]
(symlcbrd) symlcbrd [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 9/8/2006 3:43:18 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr =	]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 191936 bytes | Modified Date = 12/16/2005 4:15:06 PM | Attr =	]
(tifm21) tifm21 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.1 | Size = 162176 bytes | Modified Date = 6/23/2005 10:16:08 PM | Attr =	]
(tvicport) tvicport [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\tvicport.sys -> EnTech Taiwan [Ver = 4.0 | Size = 14544 bytes | Modified Date = 8/29/2006 4:02:02 PM | Attr =	]
(UBHelper) UBHelper [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\UBHelper.sys ->  [Ver =  | Size = 13952 bytes | Modified Date = 12/17/2004 4:14:44 PM | Attr =	]
(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr =	]
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\w39n51.sys -> Intel® Corporation [Ver = 10010-11 Driver | Size = 1427968 bytes | Modified Date = 11/27/2005 7:36:08 AM | Attr =	]
(Wbutton) Wbutton [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\Wbutton.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(zntport) zntport [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\zntport.sys -> Zeal SoftStudio [Ver = 2, 3, 0, 1 | Size = 6080 bytes | Modified Date = 8/29/2006 4:02:00 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acer ePresentation HPD -> %SystemDrive%\Acer\Empowering Technology\ePresentation\ePresentation.exe ->  [Ver = 2, 0, 200, 8 | Size = 204800 bytes | Modified Date = 3/31/2006 4:39:28 PM | Attr =	]
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 14:50:01 | Size = 88204 bytes | Modified Date = 12/12/2005 2:50:02 PM | Attr =	]
Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 7:43:28 PM | Attr =	]
AVG7_CC -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/9/2008 8:22:08 AM | Attr =	]
CtrlVol -> %ProgramFiles%\Launch Manager\CtrlVol.exe -> Wistron [Ver = 1, 0, 0, 7 | Size = 20480 bytes | Modified Date = 9/16/2003 2:28:26 PM | Attr =	]
eDataSecurity Loader -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSloader.exe -> HiTRUST [Ver = 2.2.0.40 | Size = 345088 bytes | Modified Date = 3/17/2006 3:00:50 PM | Attr =	]
ePower_DMC -> %SystemDrive%\Acer\Empowering Technology\ePower\ePower_DMC.exe ->  [Ver = 0.22 | Size = 421888 bytes | Modified Date = 3/30/2006 6:47:56 PM | Attr =	]
eRecoveryService -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRAgent.exe -> Acer Inc. [Ver = 1.0.0.16 | Size = 413696 bytes | Modified Date = 6/1/2006 2:40:54 PM | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 3:49:00 PM | Attr =	]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 77824 bytes | Modified Date = 2/7/2006 8:36:06 AM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 118784 bytes | Modified Date = 2/7/2006 8:40:02 AM | Attr =	]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 94208 bytes | Modified Date = 2/7/2006 8:39:20 AM | Attr =	]
LaunchAp -> %ProgramFiles%\Launch Manager\LaunchAp.exe ->  [Ver = 1, 0, 1, 0 | Size = 32768 bytes | Modified Date = 7/25/2005 1:36:40 PM | Attr =	]
LManager -> %ProgramFiles%\Launch Manager\HotkeyApp.exe -> Wistron [Ver = 1, 0, 7, 6 | Size = 69632 bytes | Modified Date = 4/19/2006 3:08:08 PM | Attr =	]
LMgrOSD -> %ProgramFiles%\Launch Manager\OSDCtrl.exe ->  [Ver = 1, 0, 1, 2 | Size = 241664 bytes | Modified Date = 7/25/2005 10:45:00 AM | Attr =	]
LogitechCameraService(E) -> %SystemRoot%\system32\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 11/1/2004 6:22:22 PM | Attr =	]
LVCOMSX -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech [Ver = 9.4.4.1082 | Size = 225280 bytes | Modified Date = 6/23/2006 10:39:54 AM | Attr =	]
MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\ImScInst.exe ->  [Ver =  | Size = 59392 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
ntiMUI -> %ProgramFiles%\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 5/11/2005 5:15:08 PM | Attr =	]
preload -> %SystemRoot%\RUNXMLPL.exe -> Wistron [Ver = 1, 0, 0, 2 | Size = 32768 bytes | Modified Date = 5/19/2005 5:09:52 PM | Attr =	]
RTHDCPL -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.0.8.0 | Size = 16261632 bytes | Modified Date = 7/21/2006 5:56:38 PM | Attr =	]
SkyTel -> %SystemRoot%\SkyTel.EXE -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 5/16/2006 7:04:26 PM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 12/16/2005 4:32:58 PM | Attr =	]
Wbutton -> %ProgramFiles%\Launch Manager\Wbutton.exe ->  [Ver = 1, 0, 7, 3 | Size = 86016 bytes | Modified Date = 4/20/2006 9:23:58 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Acer Empowering Technology.lnk -> %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe -> Acer Inc. [Ver = 2.3.2026.0 | Size = 45056 bytes | Modified Date = 8/3/2006 3:34:04 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 53248 bytes | Modified Date = 11/4/2004 7:50:52 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 7:28:24 PM | Attr =	]
< dennis davis Startup Folder > -> C:\Documents and Settings\dennis davis\Start Menu\Programs\Startup -> 
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\wbchha.dll [djuka] ->  [Ver =  | Size = 13312 bytes | Modified Date = 3/17/2005 6:40:24 AM | Attr =   S]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4497 | Size = 139264 bytes | Modified Date = 2/7/2006 8:35:12 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\start -> C:\Program Files\NetProject\sbmntr.exe [C:\Program Files\NetProject\sbmntr.exe] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\some -> C:\Program Files\NetProject\scit.exe [C:\Program Files\NetProject\scit.exe] ->  [Ver =  | Size = 18944 bytes | Modified Date = 2/22/2008 12:17:44 PM | Attr =	]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1640 domain(s) found. -> 
8 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 20 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr =	]
{2C566C34-7D72-4DC1-9BBE-1121A76698F8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Helper\1203711469.dll [e404mgr Class] ->  [Ver = 1, 0, 0, 1 | Size = 12800 bytes | Modified Date = 2/22/2008 12:17:50 PM | Attr =	]
{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetProject\sbmdl.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 9728 bytes | Modified Date = 2/22/2008 12:33:20 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 2, 0, 28 | Size = 106496 bytes | Modified Date = 3/8/2006 10:44:00 PM | Attr =	]
{81705D67-3F73-4983-859B-97D0922E5ABE} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Web Application] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 2, 0, 28 | Size = 106496 bytes | Modified Date = 3/8/2006 10:44:00 PM | Attr =	]
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{81705D67-3F73-4983-859B-97D0922E5ABE} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Web Application] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{9034A523-D068-4BE8-A284-9DF278BE776E}:Exec ->  [IE Anti-Spyware] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{33931289-F864-4096-AA23-861637F8AD8A} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{80D2227F-7C97-486F-9DBF-19E937EF97FC} ->	(Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) -> 
{A9B3C663-19CD-40AE-A77D-0D591C81BD25} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr =	]
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:16 AM | Attr =	]
wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 8:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 868 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\System32\IISSUBA.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 13995 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\System32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 4:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 9:24:38 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -> C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe [C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service] -> Sonic Solutions [Ver = 8.0.1.72 | Size = 401408 bytes | Modified Date = 9/19/2005 3:56:32 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 1/9/2008 8:22:10 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/9/2008 8:22:08 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/9/2008 8:22:08 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/9/2008 8:22:10 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 4:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\System32\RPCSS.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\System32\RPCSS.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:50 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 2/12/2008 8:44:40 AM | Attr = RH ]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 2/29/2008 10:15:54 PM | Attr =  HS]
WebReg .job -> %SystemRoot%\tasks\WebReg .job ->  [Ver =  | Size = 276 bytes | Created Date = 2/21/2008 10:02:25 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2/22/2008 12:18:11 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/25/2008 1:40:03 PM | Attr =	]
rx_audio.Cache -> %UserProfile%\Local Settings\Application Data\rx_audio.Cache ->  [Ver =  | Size = 84320 bytes | Created Date = 2/22/2008 10:52:59 AM | Attr =	]
hats -> %UserProfile%\My Documents\hats ->  [Folder | Created Date = 2/11/2008 1:04:56 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1698 bytes | Created Date = 2/25/2008 1:40:07 PM | Attr =	]
trucks -> %UserProfile%\Desktop\trucks ->  [Folder | Created Date = 2/25/2008 12:16:45 PM | Attr =	]
aaw2007.exe -> %UserProfile%\Desktop\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Created Date = 2/25/2008 1:37:42 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481997 bytes | Created Date = 3/9/2008 12:15:21 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/9/2008 12:15:40 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 2/12/2008 8:44:42 AM | Attr = RH ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 3/9/2008 12:11:36 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 247104 bytes | Modified Date = 3/9/2008 12:11:22 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 832 bytes | Modified Date = 2/22/2008 10:06:36 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/14/2008 7:58:32 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/9/2008 12:11:28 PM | Attr =   S]
ComponentList.xml -> %SystemRoot%\ComponentList.xml ->  [Ver =  | Size = 98 bytes | Modified Date = 2/29/2008 10:14:10 PM | Attr =	]
outlook.pst -> %SystemRoot%\outlook.pst ->  [Ver =  | Size = 360448 bytes | Modified Date = 2/22/2008 10:15:16 AM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2/29/2008 10:15:56 PM | Attr =  HS]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/29/2008 10:15:10 PM | Attr =  H ]
WebReg .job -> %SystemRoot%\tasks\WebReg .job ->  [Ver =  | Size = 276 bytes | Modified Date = 2/22/2008 10:02:10 AM | Attr =	]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 7:01:38 AM | Attr =  H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 8:24:24 AM | Attr =  H ]
eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 8:26:10 AM | Attr =  H ]
eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 9:34:28 AM | Attr =  H ]
eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 9:34:56 AM | Attr =  H ]
eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 8:55:52 PM | Attr =  H ]
eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 8:58:22 PM | Attr =  H ]
eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 8:59:52 PM | Attr =  H ]
eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 9:01:10 PM | Attr =  H ]
eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 9:03:36 PM | Attr =  H ]
eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 10:08:24 PM | Attr =  H ]
eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 10:23:50 PM | Attr =  H ]
eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 11:19:02 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 2/13/2008 10:51:40 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/13/2008 10:51:40 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/22/2008 12:18:12 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/25/2008 1:40:04 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 17736498 bytes | Modified Date = 2/29/2008 9:29:06 PM | Attr =  H ]
rx_audio.Cache -> %UserProfile%\Local Settings\Application Data\rx_audio.Cache ->  [Ver =  | Size = 84320 bytes | Modified Date = 2/25/2008 3:22:16 PM | Attr =	]
hats -> %UserProfile%\My Documents\hats ->  [Folder | Modified Date = 2/11/2008 1:04:58 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1698 bytes | Modified Date = 2/25/2008 1:40:08 PM | Attr =	]
trucks -> %UserProfile%\Desktop\trucks ->  [Folder | Modified Date = 2/25/2008 12:16:46 PM | Attr =	]
aaw2007.exe -> %UserProfile%\Desktop\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Modified Date = 2/25/2008 1:37:44 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481997 bytes | Modified Date = 3/9/2008 12:15:28 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/9/2008 12:15:42 PM | Attr =	]

< End of report >


#4 noobalicious

noobalicious
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 09 March 2008 - 02:31 PM

It may not be showing the [/code] terminal marker in the post, but it did show up in my post text prior to actually posting, and I further verified that this is in fact the entire log.

thanks again

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:42 AM

Posted 09 March 2008 - 05:41 PM

Hi noobalicious. Ok, let's see what we can do with this. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%programfiles%\helper\1203711469.dll 
%programfiles%\netproject\sbmdl.dll 
%systemroot%\system32\wbchha.dll 
c:\program files\netproject\scit.exe 
Folders to delete:
c:\program files\netproject

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\wbchha.dll [djuka]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\start -> C:\Program Files\NetProject\sbmntr.exe [C:\Program Files\NetProject\sbmntr.exe]
YY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\some -> C:\Program Files\NetProject\scit.exe [C:\Program Files\NetProject\scit.exe]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {2C566C34-7D72-4DC1-9BBE-1121A76698F8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Helper\1203711469.dll [e404mgr Class]
YY -> {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetProject\sbmdl.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {81705D67-3F73-4983-859B-97D0922E5ABE} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Web Application]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{81705D67-3F73-4983-859B-97D0922E5ABE} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Web Application]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {9034A523-D068-4BE8-A284-9DF278BE776E}:Exec -> [IE Anti-Spyware]
[Extra Files]
C:\Program Files\NetProject\
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 noobalicious

noobalicious
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 09 March 2008 - 10:56 PM

Here's the Avenger report, I think. I tried to open the one shown at C:\Avenger but it was password protected(WTF?), so instead I opened Avenger--> file-->open log file and this is what it had. It must be it; verifies that the files you had me tell it to delete have in fact been deleted.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Program Files\helper\1203711469.dll" deleted successfully.
File "C:\Program Files\netproject\sbmdl.dll" deleted successfully.
File "C:\WINDOWS\system32\wbchha.dll" deleted successfully.
File "c:\program files\netproject\scit.exe" deleted successfully.
Folder "c:\program files\netproject" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


And the WinPFind35u fix log


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}\ deleted successfully.
File C:\WINDOWS\system32\wbchha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\start deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\some deleted successfully.
File C:\Program Files\NetProject\scit.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\ deleted successfully.
File C:\Program Files\Helper\1203711469.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\ deleted successfully.
File C:\Program Files\NetProject\sbmdl.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{81705D67-3F73-4983-859B-97D0922E5ABE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{81705D67-3F73-4983-859B-97D0922E5ABE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9034A523-D068-4BE8-A284-9DF278BE776E}\ not found.
[Extra Files]
< C:\Program Files\NetProject\ >
Folder C:\Program Files\NetProject\ not found.
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.4.1 fix logfile created on 03092008_180656


And the latest WinPFind35u scan log


WinPFind35 logfile created on: 3/9/2008 7:44:40 PM
WinPFind35U Version 1.0.4.1	 Folder = C:\Documents and Settings\dennis davis\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.11 Mb Total Physical Memory | 815.05 Mb Available Physical Memory | 80.37% Memory free
2.39 Gb Paging File | 2.30 Gb Available in Paging File | 96.21% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.19 Gb Total Space | 42.11 Gb Free Space | 79.16% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 53.68 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-47253A5CC0
Current User Name: dennis davis
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 310784 bytes | Modified Date = 3/8/2008 5:37:12 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(AcerMemUsageCheckService) Memory Check Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\Acer\Empowering Technology\ePerformance\MemCheck.exe -> Acer Inc. [Ver = 2.0.2007.0 | Size = 28672 bytes | Modified Date = 3/29/2006 8:53:34 PM | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.154 | Size = 100032 bytes | Modified Date = 1/19/2006 11:29:54 AM | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/9/2008 8:22:08 AM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/14/2007 5:48:24 PM | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/9/2008 8:22:10 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(eLockService) eLock Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\Acer\Empowering Technology\eLock\Service\eLockServ.exe ->   [Ver = 2.1.2004.0 | Size = 20480 bytes | Modified Date = 8/29/2006 5:56:22 PM | Attr =	]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 11:29:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> Symantec Corporation [Ver = 3.0.0.154 | Size = 2041536 bytes | Modified Date = 1/19/2006 11:29:54 AM | Attr =	]
(LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\logitech\lvmvfm\LVPrcSrv.exe -> Logitech [Ver = 9.4.4.1082 | Size = 86016 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr =	]
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 11:28:14 AM | Attr =	]
(RoxLiveShare) LiveShare P2P Server [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxLiveShare.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 229376 bytes | Modified Date = 9/19/2005 4:25:20 PM | Attr =	]
(RoxMediaDB) RoxMediaDB [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxMediaDB.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 856064 bytes | Modified Date = 9/19/2005 4:24:00 PM | Attr =	]
(RoxUPnPRenderer) RoxUPnPRenderer [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -> Sonic Solutions [Ver = 8.0.0.212  | Size = 45056 bytes | Modified Date = 9/19/2005 3:57:14 PM | Attr =	]
(RoxUpnpServer) RoxUpnpServer [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -> Sonic Solutions [Ver = 8.0.1.72 | Size = 401408 bytes | Modified Date = 9/19/2005 3:56:32 PM | Attr =	]
(RoxWatch) Roxio Hard Drive Watcher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatch.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 155648 bytes | Modified Date = 9/19/2005 4:20:58 PM | Attr =	]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 11:31:32 AM | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1247600 bytes | Modified Date = 10/14/2007 5:14:00 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.9.0 [Kernel | Auto | Stopped] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.9.0 | Size = 21275 bytes | Modified Date = 2/7/2007 6:08:02 PM | Attr =	]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\AGRSM.sys -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 16:08:40 | Size = 1124097 bytes | Modified Date = 12/12/2005 4:08:44 PM | Attr =	]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]
(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Stopped] -> %SystemRoot%\System32\Drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/9/2008 8:21:58 AM | Attr =	]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Stopped] -> %SystemRoot%\System32\Drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 10/14/2007 5:48:32 PM | Attr =	]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Stopped] -> %SystemRoot%\System32\Drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 10/14/2007 5:48:32 PM | Attr =	]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/9/2008 8:22:12 AM | Attr =	]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Stopped] -> %SystemRoot%\System32\Drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 10/14/2007 5:48:32 PM | Attr =	]
(cdudf_xp) cdudf_xp [File_System | System | Stopped] -> %SystemRoot%\System32\drivers\Cdudf_xp.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 309632 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.07a | Size = 88016 bytes | Modified Date = 1/27/2005 3:22:00 AM | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\dvd_2k.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 27264 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(EpmPsd) Acer EPM Power Scheme Driver [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\epm-psd.sys -> Acer Value Labs, USA [Ver = 1.02 | Size = 4096 bytes | Modified Date = 4/22/2005 4:57:06 PM | Attr =	]
(EpmShd) Acer EPM System Hardware Driver [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\epm-shd.sys -> Acer Value Labs, USA [Ver = 1.23 | Size = 78208 bytes | Modified Date = 4/22/2005 4:57:06 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr =	]
(Hotkey) Hotkey [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\HOTKEY.sys ->  [Ver =  | Size = 9867 bytes | Modified Date = 4/28/2003 11:27:06 AM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4497 | Size = 1399615 bytes | Modified Date = 2/7/2006 9:04:34 AM | Attr =	]
(int15) int15 [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\int15.sys ->  [Ver =  | Size = 69632 bytes | Modified Date = 8/29/2006 4:02:00 PM | Attr =	]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5282 built by: WinDDK | Size = 4353024 bytes | Modified Date = 7/24/2006 5:15:04 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(lv321av) Logitech USB PC Camera (VC0321) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\lv321av.sys -> Logitech [Ver = 9.4.4.1082 | Size = 1097728 bytes | Modified Date = 6/19/2006 12:20:24 PM | Attr =	]
(lvmvdrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lvmvdrv.sys ->  [Ver =  | Size = 2400128 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr =	]
(LVPrcMon) Logitech LVPrcMon Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVPrcMon.sys ->  [Ver =  | Size = 16768 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr =	]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lvusbsta.sys -> Logitech [Ver = 9.4.4.1082 | Size = 39424 bytes | Modified Date = 6/19/2006 12:16:16 PM | Attr =	]
(mailKmd) mailKmd [Kernel | System | Stopped] ->  -> File not found
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\mmc_2k.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 27136 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr =	]
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Modified Date = 11/2/2005 2:32:02 PM | Attr =	]
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/3/2004 11:00:52 PM | Attr =	]
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 6 | Size = 6144 bytes | Modified Date = 5/24/2006 10:11:16 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(psdfilter) psdfilter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\Drivers\psdfilter.sys -> HiTRUST [Ver = 2, 2, 0, 10 | Size = 12288 bytes | Modified Date = 4/7/2006 8:17:34 PM | Attr =	]
(psdvdisk) psdvdisk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\Drivers\psdvdisk.sys -> HiTRUST [Ver = 2, 2, 0, 4 | Size = 60416 bytes | Modified Date = 3/8/2006 5:10:52 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Pwd_2k.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 119168 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.09a | Size = 46080 bytes | Modified Date = 8/19/2005 6:00:00 PM | Attr =	]
(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr =	]
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\Rtenicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.638.1116.2005 built by: WinDDK | Size = 78976 bytes | Modified Date = 11/16/2005 4:08:16 PM | Attr =	]
(RxFilter) RxFilter [File_System | System | Stopped] -> %SystemRoot%\system32\DRIVERS\RxFilter.sys -> Sonic Solutions [Ver = 8.0.1.47 built by: WinDDK | Size = 50176 bytes | Modified Date = 9/19/2005 6:08:50 PM | Attr =	]
(s24trans) WLAN Transport [Kernel | Auto | Stopped] -> %SystemRoot%\system32\DRIVERS\s24trans.sys -> Intel Corporation [Ver = 10, 1, 0, 2 | Size = 13568 bytes | Modified Date = 11/28/2005 12:09:26 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:54 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr =	]
(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr =	]
(symlcbrd) symlcbrd [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 9/8/2006 3:43:18 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr =	]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 191936 bytes | Modified Date = 12/16/2005 4:15:06 PM | Attr =	]
(tifm21) tifm21 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.1 | Size = 162176 bytes | Modified Date = 6/23/2005 10:16:08 PM | Attr =	]
(tvicport) tvicport [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\tvicport.sys -> EnTech Taiwan [Ver = 4.0 | Size = 14544 bytes | Modified Date = 8/29/2006 4:02:02 PM | Attr =	]
(UBHelper) UBHelper [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\UBHelper.sys ->  [Ver =  | Size = 13952 bytes | Modified Date = 12/17/2004 4:14:44 PM | Attr =	]
(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr =	]
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\w39n51.sys -> Intel® Corporation [Ver = 10010-11 Driver | Size = 1427968 bytes | Modified Date = 11/27/2005 7:36:08 AM | Attr =	]
(Wbutton) Wbutton [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\Wbutton.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(zntport) zntport [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\zntport.sys -> Zeal SoftStudio [Ver = 2, 3, 0, 1 | Size = 6080 bytes | Modified Date = 8/29/2006 4:02:00 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acer ePresentation HPD -> %SystemDrive%\Acer\Empowering Technology\ePresentation\ePresentation.exe ->  [Ver = 2, 0, 200, 8 | Size = 204800 bytes | Modified Date = 3/31/2006 4:39:28 PM | Attr =	]
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 14:50:01 | Size = 88204 bytes | Modified Date = 12/12/2005 2:50:02 PM | Attr =	]
Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 7:43:28 PM | Attr =	]
AVG7_CC -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/9/2008 8:22:08 AM | Attr =	]
CtrlVol -> %ProgramFiles%\Launch Manager\CtrlVol.exe -> Wistron [Ver = 1, 0, 0, 7 | Size = 20480 bytes | Modified Date = 9/16/2003 2:28:26 PM | Attr =	]
eDataSecurity Loader -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSloader.exe -> HiTRUST [Ver = 2.2.0.40 | Size = 345088 bytes | Modified Date = 3/17/2006 3:00:50 PM | Attr =	]
ePower_DMC -> %SystemDrive%\Acer\Empowering Technology\ePower\ePower_DMC.exe ->  [Ver = 0.22 | Size = 421888 bytes | Modified Date = 3/30/2006 6:47:56 PM | Attr =	]
eRecoveryService -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRAgent.exe -> Acer Inc. [Ver = 1.0.0.16 | Size = 413696 bytes | Modified Date = 6/1/2006 2:40:54 PM | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 3:49:00 PM | Attr =	]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 77824 bytes | Modified Date = 2/7/2006 8:36:06 AM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 118784 bytes | Modified Date = 2/7/2006 8:40:02 AM | Attr =	]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 94208 bytes | Modified Date = 2/7/2006 8:39:20 AM | Attr =	]
LaunchAp -> %ProgramFiles%\Launch Manager\LaunchAp.exe ->  [Ver = 1, 0, 1, 0 | Size = 32768 bytes | Modified Date = 7/25/2005 1:36:40 PM | Attr =	]
LManager -> %ProgramFiles%\Launch Manager\HotkeyApp.exe -> Wistron [Ver = 1, 0, 7, 6 | Size = 69632 bytes | Modified Date = 4/19/2006 3:08:08 PM | Attr =	]
LMgrOSD -> %ProgramFiles%\Launch Manager\OSDCtrl.exe ->  [Ver = 1, 0, 1, 2 | Size = 241664 bytes | Modified Date = 7/25/2005 10:45:00 AM | Attr =	]
LogitechCameraService(E) -> %SystemRoot%\system32\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 11/1/2004 6:22:22 PM | Attr =	]
LVCOMSX -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech [Ver = 9.4.4.1082 | Size = 225280 bytes | Modified Date = 6/23/2006 10:39:54 AM | Attr =	]
MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\ImScInst.exe ->  [Ver =  | Size = 59392 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
ntiMUI -> %ProgramFiles%\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 5/11/2005 5:15:08 PM | Attr =	]
preload -> %SystemRoot%\RUNXMLPL.exe -> Wistron [Ver = 1, 0, 0, 2 | Size = 32768 bytes | Modified Date = 5/19/2005 5:09:52 PM | Attr =	]
RTHDCPL -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.0.8.0 | Size = 16261632 bytes | Modified Date = 7/21/2006 5:56:38 PM | Attr =	]
SkyTel -> %SystemRoot%\SkyTel.EXE -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 5/16/2006 7:04:26 PM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 12/16/2005 4:32:58 PM | Attr =	]
Wbutton -> %ProgramFiles%\Launch Manager\Wbutton.exe ->  [Ver = 1, 0, 7, 3 | Size = 86016 bytes | Modified Date = 4/20/2006 9:23:58 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Acer Empowering Technology.lnk -> %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe -> Acer Inc. [Ver = 2.3.2026.0 | Size = 45056 bytes | Modified Date = 8/3/2006 3:34:04 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 53248 bytes | Modified Date = 11/4/2004 7:50:52 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 7:28:24 PM | Attr =	]
< dennis davis Startup Folder > -> C:\Documents and Settings\dennis davis\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4497 | Size = 139264 bytes | Modified Date = 2/7/2006 8:35:12 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1640 domain(s) found. -> 
8 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 20 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 2, 0, 28 | Size = 106496 bytes | Modified Date = 3/8/2006 10:44:00 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 2, 0, 28 | Size = 106496 bytes | Modified Date = 3/8/2006 10:44:00 PM | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{33931289-F864-4096-AA23-861637F8AD8A} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{80D2227F-7C97-486F-9DBF-19E937EF97FC} ->	(Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) -> 
{A9B3C663-19CD-40AE-A77D-0D591C81BD25} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 



[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 2/12/2008 8:44:40 AM | Attr = RH ]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 3/9/2008 5:55:52 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 3/9/2008 6:10:06 PM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 2/29/2008 10:15:54 PM | Attr =  HS]
WebReg .job -> %SystemRoot%\tasks\WebReg .job ->  [Ver =  | Size = 276 bytes | Created Date = 2/21/2008 10:02:25 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2/22/2008 12:18:11 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/25/2008 1:40:03 PM | Attr =	]
rx_audio.Cache -> %UserProfile%\Local Settings\Application Data\rx_audio.Cache ->  [Ver =  | Size = 84320 bytes | Created Date = 2/22/2008 10:52:59 AM | Attr =	]
hats -> %UserProfile%\My Documents\hats ->  [Folder | Created Date = 2/11/2008 1:04:56 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1698 bytes | Created Date = 2/25/2008 1:40:07 PM | Attr =	]
trucks -> %UserProfile%\Desktop\trucks ->  [Folder | Created Date = 2/25/2008 12:16:45 PM | Attr =	]
aaw2007.exe -> %UserProfile%\Desktop\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Created Date = 2/25/2008 1:37:42 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481997 bytes | Created Date = 3/9/2008 12:15:21 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/9/2008 12:15:40 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Created Date = 3/9/2008 5:50:48 PM | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Created Date = 3/9/2008 5:51:39 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 2/12/2008 8:44:42 AM | Attr = RH ]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 3/9/2008 5:55:54 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 3/9/2008 6:10:08 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 3/9/2008 12:11:36 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 247104 bytes | Modified Date = 3/9/2008 12:11:22 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 832 bytes | Modified Date = 2/22/2008 10:06:36 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/14/2008 7:58:32 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/9/2008 6:02:30 PM | Attr =   S]
ComponentList.xml -> %SystemRoot%\ComponentList.xml ->  [Ver =  | Size = 98 bytes | Modified Date = 3/9/2008 6:00:46 PM | Attr =	]
outlook.pst -> %SystemRoot%\outlook.pst ->  [Ver =  | Size = 360448 bytes | Modified Date = 2/22/2008 10:15:16 AM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2/29/2008 10:15:56 PM | Attr =  HS]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/9/2008 6:01:48 PM | Attr =  H ]
WebReg .job -> %SystemRoot%\tasks\WebReg .job ->  [Ver =  | Size = 276 bytes | Modified Date = 2/22/2008 10:02:10 AM | Attr =	]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 7:01:38 AM | Attr =  H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 8:24:24 AM | Attr =  H ]
eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 8:26:10 AM | Attr =  H ]
eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 9:34:28 AM | Attr =  H ]
eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 9:34:56 AM | Attr =  H ]
eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 8:55:52 PM | Attr =  H ]
eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 8:58:22 PM | Attr =  H ]
eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 8:59:52 PM | Attr =  H ]
eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 9:01:10 PM | Attr =  H ]
eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 9:03:36 PM | Attr =  H ]
eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 10:08:24 PM | Attr =  H ]
eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 10:23:50 PM | Attr =  H ]
eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 11:19:02 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 2/13/2008 10:51:40 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/13/2008 10:51:40 AM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
daas_s.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/9/2008 6:11:18 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsbld.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/9/2008 6:11:22 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/9/2008 6:11:14 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/9/2008 6:11:14 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/9/2008 6:11:18 PM | Attr =	]
fsblu.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/9/2008 6:11:22 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 552954 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
ext.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
sae.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
sai.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
perf.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 3/9/2008 7:42:02 PM | Attr =	]
ext.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
sae.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
sai.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 552954 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/9/2008 6:11:18 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/9/2008 6:10:50 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/9/2008 6:10:50 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/9/2008 6:11:22 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/9/2008 6:11:14 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/9/2008 6:10:50 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/9/2008 6:10:50 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/9/2008 6:11:14 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/9/2008 6:11:18 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/9/2008 6:11:22 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/22/2008 12:18:12 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/25/2008 1:40:04 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4470416 bytes | Modified Date = 3/9/2008 5:59:34 PM | Attr =  H ]
rx_audio.Cache -> %UserProfile%\Local Settings\Application Data\rx_audio.Cache ->  [Ver =  | Size = 84320 bytes | Modified Date = 2/25/2008 3:22:16 PM | Attr =	]
hats -> %UserProfile%\My Documents\hats ->  [Folder | Modified Date = 2/11/2008 1:04:58 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1698 bytes | Modified Date = 2/25/2008 1:40:08 PM | Attr =	]
trucks -> %UserProfile%\Desktop\trucks ->  [Folder | Modified Date = 2/25/2008 12:16:46 PM | Attr =	]
aaw2007.exe -> %UserProfile%\Desktop\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Modified Date = 2/25/2008 1:37:44 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481997 bytes | Modified Date = 3/9/2008 12:15:28 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/9/2008 12:15:42 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Modified Date = 3/9/2008 5:50:52 PM | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Modified Date = 3/9/2008 5:51:40 PM | Attr =	]

< End of report >


#7 noobalicious

noobalicious
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 09 March 2008 - 11:10 PM

Desktop is much more responsive, my browser is no longer hijacked, and all the other prompts that were going off have also ceased. It seems to be operating normally.

Thanks so much.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:42 AM

Posted 10 March 2008 - 01:10 AM

Hi noobalicious. That's good news. The log looks fine but can you boot the system normally and run a scan or is there a problem with normal bootups?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 noobalicious

noobalicious
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 10 March 2008 - 01:59 AM

Boots up normal..no obvious telltale signs of nefarious processes, although I am getting some beeping noises that I normally associate with malware .exe startups, but nothing bad is actually happening. It's my buddies laptop, and he's not the kind of guy who knows how to turn off all unnecessary services and startups, so he just has all sorts of stuff running that may be beeping or whatever. I'll be sure to set him up a folder full all the malware scanners he should be updating and using on a weekly basis.

Thanks again. You guys are money. I wish I had the time to keep up with all the latest Malware/removal methods. It's a priceless skill these days.



Here's a final HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:37 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\dennis davis\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10085 bytes

And the WinPFind32u scan log. I checked the "File - Additional Folder Scans" like last time.


WinPFind35 logfile created on: 3/9/2008 11:36:50 PM
WinPFind35U Version 1.0.4.1	 Folder = C:\Documents and Settings\dennis davis\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.11 Mb Total Physical Memory | 585.93 Mb Available Physical Memory | 57.78% Memory free
2.38 Gb Paging File | 1.91 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.19 Gb Total Space | 41.11 Gb Free Space | 77.28% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 53.68 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-47253A5CC0
Current User Name: dennis davis
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 11:29:00 AM | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 11:31:32 AM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 12/16/2005 4:32:58 PM | Attr =	]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 14:50:01 | Size = 88204 bytes | Modified Date = 12/12/2005 2:50:02 PM | Attr =	]
igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 94208 bytes | Modified Date = 2/7/2006 8:39:20 AM | Attr =	]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 77824 bytes | Modified Date = 2/7/2006 8:36:06 AM | Attr =	]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 118784 bytes | Modified Date = 2/7/2006 8:40:02 AM | Attr =	]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.0.8.0 | Size = 16261632 bytes | Modified Date = 7/21/2006 5:56:38 PM | Attr =	]
launchap.exe -> %ProgramFiles%\Launch Manager\LaunchAp.exe ->  [Ver = 1, 0, 1, 0 | Size = 32768 bytes | Modified Date = 7/25/2005 1:36:40 PM | Attr =	]
hotkeyapp.exe -> %ProgramFiles%\Launch Manager\HotkeyApp.exe -> Wistron [Ver = 1, 0, 7, 6 | Size = 69632 bytes | Modified Date = 4/19/2006 3:08:08 PM | Attr =	]
osdctrl.exe -> %ProgramFiles%\Launch Manager\OSDCtrl.exe ->  [Ver = 1, 0, 1, 2 | Size = 241664 bytes | Modified Date = 7/25/2005 10:45:00 AM | Attr =	]
wbutton.exe -> %ProgramFiles%\Launch Manager\Wbutton.exe ->  [Ver = 1, 0, 7, 3 | Size = 86016 bytes | Modified Date = 4/20/2006 9:23:58 AM | Attr =	]
edsloader.exe -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSloader.exe -> HiTRUST [Ver = 2.2.0.40 | Size = 345088 bytes | Modified Date = 3/17/2006 3:00:50 PM | Attr =	]
epower_dmc.exe -> %SystemDrive%\Acer\Empowering Technology\ePower\ePower_DMC.exe ->  [Ver = 0.22 | Size = 421888 bytes | Modified Date = 3/30/2006 6:47:56 PM | Attr =	]
epresentation.exe -> %SystemDrive%\Acer\Empowering Technology\ePresentation\ePresentation.exe ->  [Ver = 2, 0, 200, 8 | Size = 204800 bytes | Modified Date = 3/31/2006 4:39:28 PM | Attr =	]
eragent.exe -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRAgent.exe -> Acer Inc. [Ver = 1.0.0.16 | Size = 413696 bytes | Modified Date = 6/1/2006 2:40:54 PM | Attr =	]
lvcomsx.exe -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech [Ver = 9.4.4.1082 | Size = 225280 bytes | Modified Date = 6/23/2006 10:39:54 AM | Attr =	]
elkctrl.exe -> %SystemRoot%\system32\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 11/1/2004 6:22:22 PM | Attr =	]
avgcc.exe -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/9/2008 8:22:08 AM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 3:49:00 PM | Attr =	]
lvprcsrv.exe -> %CommonProgramFiles%\logitech\lvmvfm\LVPrcSrv.exe -> Logitech [Ver = 9.4.4.1082 | Size = 86016 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr =	]
acer.empowering.framework.launcher.exe -> %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe -> Acer Inc. [Ver = 2.3.2026.0 | Size = 45056 bytes | Modified Date = 8/3/2006 3:34:04 PM | Attr =	]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 7:28:24 PM | Attr =	]
hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 425984 bytes | Modified Date = 11/4/2004 7:36:46 PM | Attr =	]
memcheck.exe -> %SystemDrive%\Acer\Empowering Technology\ePerformance\MemCheck.exe -> Acer Inc. [Ver = 2.0.2007.0 | Size = 28672 bytes | Modified Date = 3/29/2006 8:53:34 PM | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.154 | Size = 100032 bytes | Modified Date = 1/19/2006 11:29:54 AM | Attr =	]
avgamsvr.exe -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/9/2008 8:22:08 AM | Attr =	]
avgupsvc.exe -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/14/2007 5:48:24 PM | Attr =	]
avgemc.exe -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/9/2008 8:22:10 AM | Attr =	]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 11:28:14 AM | Attr =	]
roxmediadb.exe -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxMediaDB.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 856064 bytes | Modified Date = 9/19/2005 4:24:00 PM | Attr =	]
roxwatch.exe -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatch.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 155648 bytes | Modified Date = 9/19/2005 4:20:58 PM | Attr =	]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1247600 bytes | Modified Date = 10/14/2007 5:14:00 PM | Attr =	]
elockserv.exe -> %SystemDrive%\Acer\Empowering Technology\eLock\Service\eLockServ.exe ->   [Ver = 2.1.2004.0 | Size = 20480 bytes | Modified Date = 8/29/2006 5:56:22 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 310784 bytes | Modified Date = 3/8/2008 5:37:12 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(AcerMemUsageCheckService) Memory Check Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\ePerformance\MemCheck.exe -> Acer Inc. [Ver = 2.0.2007.0 | Size = 28672 bytes | Modified Date = 3/29/2006 8:53:34 PM | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.154 | Size = 100032 bytes | Modified Date = 1/19/2006 11:29:54 AM | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/9/2008 8:22:08 AM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/14/2007 5:48:24 PM | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/9/2008 8:22:10 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(eLockService) eLock Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eLock\Service\eLockServ.exe ->   [Ver = 2.1.2004.0 | Size = 20480 bytes | Modified Date = 8/29/2006 5:56:22 PM | Attr =	]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 11:29:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> Symantec Corporation [Ver = 3.0.0.154 | Size = 2041536 bytes | Modified Date = 1/19/2006 11:29:54 AM | Attr =	]
(LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\logitech\lvmvfm\LVPrcSrv.exe -> Logitech [Ver = 9.4.4.1082 | Size = 86016 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr =	]
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 11:28:14 AM | Attr =	]
(RoxLiveShare) LiveShare P2P Server [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxLiveShare.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 229376 bytes | Modified Date = 9/19/2005 4:25:20 PM | Attr =	]
(RoxMediaDB) RoxMediaDB [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxMediaDB.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 856064 bytes | Modified Date = 9/19/2005 4:24:00 PM | Attr =	]
(RoxUPnPRenderer) RoxUPnPRenderer [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -> Sonic Solutions [Ver = 8.0.0.212  | Size = 45056 bytes | Modified Date = 9/19/2005 3:57:14 PM | Attr =	]
(RoxUpnpServer) RoxUpnpServer [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -> Sonic Solutions [Ver = 8.0.1.72 | Size = 401408 bytes | Modified Date = 9/19/2005 3:56:32 PM | Attr =	]
(RoxWatch) Roxio Hard Drive Watcher [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatch.exe -> Sonic Solutions [Ver = 8.0.1.93 | Size = 155648 bytes | Modified Date = 9/19/2005 4:20:58 PM | Attr =	]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 11:31:32 AM | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->  [Ver =  | Size = 1247600 bytes | Modified Date = 10/14/2007 5:14:00 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.9.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.9.0 | Size = 21275 bytes | Modified Date = 2/7/2007 6:08:02 PM | Attr =	]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\AGRSM.sys -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 16:08:40 | Size = 1124097 bytes | Modified Date = 12/12/2005 4:08:44 PM | Attr =	]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]
(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/9/2008 8:21:58 AM | Attr =	]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 10/14/2007 5:48:32 PM | Attr =	]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 10/14/2007 5:48:32 PM | Attr =	]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/9/2008 8:22:12 AM | Attr =	]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\System32\Drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 10/14/2007 5:48:32 PM | Attr =	]
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\System32\drivers\Cdudf_xp.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 309632 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.07a | Size = 88016 bytes | Modified Date = 1/27/2005 3:22:00 AM | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\dvd_2k.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 27264 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(EpmPsd) Acer EPM Power Scheme Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\epm-psd.sys -> Acer Value Labs, USA [Ver = 1.02 | Size = 4096 bytes | Modified Date = 4/22/2005 4:57:06 PM | Attr =	]
(EpmShd) Acer EPM System Hardware Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\epm-shd.sys -> Acer Value Labs, USA [Ver = 1.23 | Size = 78208 bytes | Modified Date = 4/22/2005 4:57:06 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr =	]
(Hotkey) Hotkey [Kernel | System | Running] -> %SystemRoot%\System32\drivers\HOTKEY.sys ->  [Ver =  | Size = 9867 bytes | Modified Date = 4/28/2003 11:27:06 AM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4497 | Size = 1399615 bytes | Modified Date = 2/7/2006 9:04:34 AM | Attr =	]
(int15) int15 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\int15.sys ->  [Ver =  | Size = 69632 bytes | Modified Date = 8/29/2006 4:02:00 PM | Attr =	]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5282 built by: WinDDK | Size = 4353024 bytes | Modified Date = 7/24/2006 5:15:04 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(lv321av) Logitech USB PC Camera (VC0321) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\lv321av.sys -> Logitech [Ver = 9.4.4.1082 | Size = 1097728 bytes | Modified Date = 6/19/2006 12:20:24 PM | Attr =	]
(lvmvdrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lvmvdrv.sys ->  [Ver =  | Size = 2400128 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr =	]
(LVPrcMon) Logitech LVPrcMon Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVPrcMon.sys ->  [Ver =  | Size = 16768 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr =	]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lvusbsta.sys -> Logitech [Ver = 9.4.4.1082 | Size = 39424 bytes | Modified Date = 6/19/2006 12:16:16 PM | Attr =	]
(mailKmd) mailKmd [Kernel | System | Stopped] ->  -> File not found
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\mmc_2k.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 27136 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr =	]
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Modified Date = 11/2/2005 2:32:02 PM | Attr =	]
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/3/2004 11:00:52 PM | Attr =	]
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 6 | Size = 6144 bytes | Modified Date = 5/24/2006 10:11:16 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(psdfilter) psdfilter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\Drivers\psdfilter.sys -> HiTRUST [Ver = 2, 2, 0, 10 | Size = 12288 bytes | Modified Date = 4/7/2006 8:17:34 PM | Attr =	]
(psdvdisk) psdvdisk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\Drivers\psdvdisk.sys -> HiTRUST [Ver = 2, 2, 0, 4 | Size = 60416 bytes | Modified Date = 3/8/2006 5:10:52 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Pwd_2k.sys -> Sonic Solutions [Ver = 8.0.5.9 | Size = 119168 bytes | Modified Date = 9/19/2005 11:05:00 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.09a | Size = 46080 bytes | Modified Date = 8/19/2005 6:00:00 PM | Attr =	]
(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr =	]
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\Rtenicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.638.1116.2005 built by: WinDDK | Size = 78976 bytes | Modified Date = 11/16/2005 4:08:16 PM | Attr =	]
(RxFilter) RxFilter [File_System | System | Running] -> %SystemRoot%\system32\DRIVERS\RxFilter.sys -> Sonic Solutions [Ver = 8.0.1.47 built by: WinDDK | Size = 50176 bytes | Modified Date = 9/19/2005 6:08:50 PM | Attr =	]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\s24trans.sys -> Intel Corporation [Ver = 10, 1, 0, 2 | Size = 13568 bytes | Modified Date = 11/28/2005 12:09:26 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:54 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr =	]
(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr =	]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 9/8/2006 3:43:18 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr =	]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 191936 bytes | Modified Date = 12/16/2005 4:15:06 PM | Attr =	]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.1 | Size = 162176 bytes | Modified Date = 6/23/2005 10:16:08 PM | Attr =	]
(tvicport) tvicport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tvicport.sys -> EnTech Taiwan [Ver = 4.0 | Size = 14544 bytes | Modified Date = 8/29/2006 4:02:02 PM | Attr =	]
(UBHelper) UBHelper [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\UBHelper.sys ->  [Ver =  | Size = 13952 bytes | Modified Date = 12/17/2004 4:14:44 PM | Attr =	]
(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr =	]
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\w39n51.sys -> Intel® Corporation [Ver = 10010-11 Driver | Size = 1427968 bytes | Modified Date = 11/27/2005 7:36:08 AM | Attr =	]
(Wbutton) Wbutton [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\Wbutton.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(zntport) zntport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\zntport.sys -> Zeal SoftStudio [Ver = 2, 3, 0, 1 | Size = 6080 bytes | Modified Date = 8/29/2006 4:02:00 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Acer ePresentation HPD -> %SystemDrive%\Acer\Empowering Technology\ePresentation\ePresentation.exe ->  [Ver = 2, 0, 200, 8 | Size = 204800 bytes | Modified Date = 3/31/2006 4:39:28 PM | Attr =	]
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 14:50:01 | Size = 88204 bytes | Modified Date = 12/12/2005 2:50:02 PM | Attr =	]
Alcmtr -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 7:43:28 PM | Attr =	]
AVG7_CC -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/9/2008 8:22:08 AM | Attr =	]
CtrlVol -> %ProgramFiles%\Launch Manager\CtrlVol.exe -> Wistron [Ver = 1, 0, 0, 7 | Size = 20480 bytes | Modified Date = 9/16/2003 2:28:26 PM | Attr =	]
eDataSecurity Loader -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSloader.exe -> HiTRUST [Ver = 2.2.0.40 | Size = 345088 bytes | Modified Date = 3/17/2006 3:00:50 PM | Attr =	]
ePower_DMC -> %SystemDrive%\Acer\Empowering Technology\ePower\ePower_DMC.exe ->  [Ver = 0.22 | Size = 421888 bytes | Modified Date = 3/30/2006 6:47:56 PM | Attr =	]
eRecoveryService -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRAgent.exe -> Acer Inc. [Ver = 1.0.0.16 | Size = 413696 bytes | Modified Date = 6/1/2006 2:40:54 PM | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 9/13/2004 3:49:00 PM | Attr =	]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 77824 bytes | Modified Date = 2/7/2006 8:36:06 AM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 118784 bytes | Modified Date = 2/7/2006 8:40:02 AM | Attr =	]
igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 94208 bytes | Modified Date = 2/7/2006 8:39:20 AM | Attr =	]
LaunchAp -> %ProgramFiles%\Launch Manager\LaunchAp.exe ->  [Ver = 1, 0, 1, 0 | Size = 32768 bytes | Modified Date = 7/25/2005 1:36:40 PM | Attr =	]
LManager -> %ProgramFiles%\Launch Manager\HotkeyApp.exe -> Wistron [Ver = 1, 0, 7, 6 | Size = 69632 bytes | Modified Date = 4/19/2006 3:08:08 PM | Attr =	]
LMgrOSD -> %ProgramFiles%\Launch Manager\OSDCtrl.exe ->  [Ver = 1, 0, 1, 2 | Size = 241664 bytes | Modified Date = 7/25/2005 10:45:00 AM | Attr =	]
LogitechCameraService(E) -> %SystemRoot%\system32\ElkCtrl.exe -> Logitech Inc. [Ver = 8.5.0.1137 | Size = 262144 bytes | Modified Date = 11/1/2004 6:22:22 PM | Attr =	]
LVCOMSX -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech [Ver = 9.4.4.1082 | Size = 225280 bytes | Modified Date = 6/23/2006 10:39:54 AM | Attr =	]
MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\ImScInst.exe ->  [Ver =  | Size = 59392 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr =	]
ntiMUI -> %ProgramFiles%\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 5/11/2005 5:15:08 PM | Attr =	]
preload -> %SystemRoot%\RUNXMLPL.exe -> Wistron [Ver = 1, 0, 0, 2 | Size = 32768 bytes | Modified Date = 5/19/2005 5:09:52 PM | Attr =	]
RTHDCPL -> %SystemRoot%\RTHDCPL.EXE -> Realtek Semiconductor Corp. [Ver = 2.0.8.0 | Size = 16261632 bytes | Modified Date = 7/21/2006 5:56:38 PM | Attr =	]
SkyTel -> %SystemRoot%\SkyTel.EXE -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 5/16/2006 7:04:26 PM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 12/16/2005 4:32:58 PM | Attr =	]
Wbutton -> %ProgramFiles%\Launch Manager\Wbutton.exe ->  [Ver = 1, 0, 7, 3 | Size = 86016 bytes | Modified Date = 4/20/2006 9:23:58 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Acer Empowering Technology.lnk -> %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe -> Acer Inc. [Ver = 2.3.2026.0 | Size = 45056 bytes | Modified Date = 8/3/2006 3:34:04 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 53248 bytes | Modified Date = 11/4/2004 7:50:52 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 7:28:24 PM | Attr =	]
< dennis davis Startup Folder > -> C:\Documents and Settings\dennis davis\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4497 | Size = 139264 bytes | Modified Date = 2/7/2006 8:35:12 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1640 domain(s) found. -> 
8 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 20 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 2, 0, 28 | Size = 106496 bytes | Modified Date = 3/8/2006 10:44:00 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 2, 0, 28 | Size = 106496 bytes | Modified Date = 3/8/2006 10:44:00 PM | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 10:09:00 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{33931289-F864-4096-AA23-861637F8AD8A} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{80D2227F-7C97-486F-9DBF-19E937EF97FC} ->	(Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) -> 
{A9B3C663-19CD-40AE-A77D-0D591C81BD25} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 



[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 2/12/2008 8:44:40 AM | Attr = RH ]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 3/9/2008 5:55:52 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 3/9/2008 6:10:06 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063440384 bytes | Created Date = 3/9/2008 8:59:28 PM | Attr =  HS]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 2/29/2008 10:15:54 PM | Attr =  HS]
WebReg .job -> %SystemRoot%\tasks\WebReg .job ->  [Ver =  | Size = 276 bytes | Created Date = 2/21/2008 10:02:25 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2/22/2008 12:18:11 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/25/2008 1:40:03 PM | Attr =	]
rx_audio.Cache -> %UserProfile%\Local Settings\Application Data\rx_audio.Cache ->  [Ver =  | Size = 84320 bytes | Created Date = 2/22/2008 10:52:59 AM | Attr =	]
hats -> %UserProfile%\My Documents\hats ->  [Folder | Created Date = 2/11/2008 1:04:56 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1698 bytes | Created Date = 2/25/2008 1:40:07 PM | Attr =	]
trucks -> %UserProfile%\Desktop\trucks ->  [Folder | Created Date = 2/25/2008 12:16:45 PM | Attr =	]
aaw2007.exe -> %UserProfile%\Desktop\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Created Date = 2/25/2008 1:37:42 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481997 bytes | Created Date = 3/9/2008 12:15:21 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/9/2008 12:15:40 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Created Date = 3/9/2008 5:50:48 PM | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Created Date = 3/9/2008 5:51:39 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 2/12/2008 8:44:42 AM | Attr = RH ]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 3/9/2008 5:55:54 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 3/9/2008 6:10:08 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063440384 bytes | Modified Date = 3/9/2008 8:59:30 PM | Attr =  HS]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 3/9/2008 12:11:36 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 247104 bytes | Modified Date = 3/9/2008 12:11:22 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 832 bytes | Modified Date = 2/22/2008 10:06:36 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/14/2008 7:58:32 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/9/2008 8:59:32 PM | Attr =   S]
ComponentList.xml -> %SystemRoot%\ComponentList.xml ->  [Ver =  | Size = 98 bytes | Modified Date = 3/9/2008 8:59:38 PM | Attr =	]
outlook.pst -> %SystemRoot%\outlook.pst ->  [Ver =  | Size = 360448 bytes | Modified Date = 2/22/2008 10:15:16 AM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2/29/2008 10:15:56 PM | Attr =  HS]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/9/2008 8:59:42 PM | Attr =  H ]
WebReg .job -> %SystemRoot%\tasks\WebReg .job ->  [Ver =  | Size = 276 bytes | Modified Date = 2/22/2008 10:02:10 AM | Attr =	]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 7:01:38 AM | Attr =  H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 8:24:24 AM | Attr =  H ]
eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 8:26:10 AM | Attr =  H ]
eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 9:34:28 AM | Attr =  H ]
eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 3/17/2005 9:34:56 AM | Attr =  H ]
eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 8:55:52 PM | Attr =  H ]
eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 8:58:22 PM | Attr =  H ]
eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 8:59:52 PM | Attr =  H ]
eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 9:01:10 PM | Attr =  H ]
eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 9:03:36 PM | Attr =  H ]
eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 10:08:24 PM | Attr =  H ]
eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 10:23:50 PM | Attr =  H ]
eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 5/24/2006 11:19:02 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 2/13/2008 10:51:40 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/13/2008 10:51:40 AM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
daas_s.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/9/2008 6:11:18 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsbld.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/9/2008 6:11:22 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/9/2008 6:11:14 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/9/2008 6:11:14 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/9/2008 6:11:18 PM | Attr =	]
fsblu.dll -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/9/2008 6:11:22 PM | Attr =	]
Perflib_Perfdata_79c.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\Perflib_Perfdata_79c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/9/2008 9:00:30 PM | Attr =	]
3 C:\Documents and Settings\dennis davis\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\dennis davis\Local Settings\Temp\*.tmp -> 
fsedb.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 552954 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
ext.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
sae.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
sai.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
perf.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 3/9/2008 7:42:02 PM | Attr =	]
ext.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
sae.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
sai.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 552954 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/9/2008 6:11:18 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/9/2008 6:10:50 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/9/2008 6:10:50 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/9/2008 6:11:22 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/9/2008 6:11:14 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/9/2008 6:10:52 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/9/2008 6:10:50 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/9/2008 6:10:50 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/9/2008 6:11:28 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/9/2008 6:11:24 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/9/2008 6:11:14 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/9/2008 6:11:18 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\dennis davis\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/9/2008 6:11:22 PM | Attr =	]
Perflib_Perfdata_520.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_520.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/9/2008 8:59:58 PM | Attr =	]
Perflib_Perfdata_f54.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_f54.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/9/2008 9:00:46 PM | Attr =	]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/22/2008 12:18:12 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/25/2008 1:40:04 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 2570608 bytes | Modified Date = 3/9/2008 8:58:44 PM | Attr =  H ]
rx_audio.Cache -> %UserProfile%\Local Settings\Application Data\rx_audio.Cache ->  [Ver =  | Size = 84320 bytes | Modified Date = 2/25/2008 3:22:16 PM | Attr =	]
hats -> %UserProfile%\My Documents\hats ->  [Folder | Modified Date = 2/11/2008 1:04:58 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1698 bytes | Modified Date = 2/25/2008 1:40:08 PM | Attr =	]
trucks -> %UserProfile%\Desktop\trucks ->  [Folder | Modified Date = 2/25/2008 12:16:46 PM | Attr =	]
aaw2007.exe -> %UserProfile%\Desktop\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Modified Date = 2/25/2008 1:37:44 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481997 bytes | Modified Date = 3/9/2008 12:15:28 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/9/2008 12:15:42 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 725212 bytes | Modified Date = 3/9/2008 5:50:52 PM | Attr =	]
avenger -> %UserProfile%\Desktop\avenger ->  [Folder | Modified Date = 3/9/2008 5:51:40 PM | Attr =	]

< End of report >


#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:42 AM

Posted 10 March 2008 - 09:48 AM

Hi noobalicious. That looks good. Run the system for a couple of days to make sure it remains stable and then get back to me so we can do some final cleanup.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users