Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer+internet Problems


  • This topic is locked This topic is locked
7 replies to this topic

#1 Shoelace

Shoelace

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 01 March 2008 - 06:32 PM

My computer has been acting up lately, and now the internet is being impossible. (I'm on my laptop which is connected to the internet through the same router/modem.) Ventrilo connects, but nothing else (browsers/Yahoo widgets) do. Can anyone please help me? :thumbsup:

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:33 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\windows\system32\pmropn.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zone Alarm Pro] D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [Screen shot Utility] D:\Program Files\ScreenShot Utility\ScreenshotUtility.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [WindowBlinds] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbload.exe auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmls.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 15344 bytes

Thank you in advance.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 PM

Posted 09 March 2008 - 01:47 PM

Hello Shoelace and welcome to the BC HijackThis forum. Let's see what else we can find. Follow the steps below in order:

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Shoelace

Shoelace
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 09 March 2008 - 09:09 PM

Thanks for the reply. :thumbsup:

WinPFind35 logfile created on: 3/9/2008 10:04:55 PM
WinPFind35U Version 1.0.4.1	 Folder = C:\Documents and Settings\Admin\Desktop\Misc Desk\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
509.98 Mb Total Physical Memory | 115.88 Mb Available Physical Memory | 22.72% Memory free
1.22 Gb Paging File | 0.35 Gb Available in Paging File | 28.66% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.81 Gb Total Space | 11.51 Gb Free Space | 16.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 103.5.9.2 | Size = 239264 bytes | Modified Date = 6/13/2006 3:02:50 PM | Attr =	]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 177768 bytes | Modified Date = 1/8/2007 6:03:20 PM | Attr =	]
issvc.exe -> %ProgramFiles%\Norton Internet Security\ISSVC.exe -> Symantec Corporation [Ver = 8.2.0.34 | Size = 83584 bytes | Modified Date = 3/15/2005 4:34:10 PM | Attr =	]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 AM | Attr =	]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 185960 bytes | Modified Date = 1/8/2007 6:03:20 PM | Attr =	]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 6:24:33 PM | Attr =	]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 8/8/2007 11:39:48 PM | Attr =	]
ctsvccda.exe -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 10:01:00 AM | Attr =	]
navapsvc.exe -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe -> Symantec Corporation [Ver = 11.5.7.5 | Size = 128160 bytes | Modified Date = 4/10/2006 6:00:12 PM | Attr =	]
riomsc.exe -> %SystemRoot%\SYSTEM32\RioMSC.exe -> Digital Networks North America, Inc. [Ver = 2.94 build 1 | Size = 303104 bytes | Modified Date = 12/2/2004 4:47:12 PM | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr =	]
symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\symwsc.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 4:59:50 PM | Attr =	]
motivesb.exe -> %ProgramFiles%\Verizon\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.22.asst_classic.smartbridge.20060421_153000 | Size = 438359 bytes | Modified Date = 6/23/2006 12:33:02 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 49768 bytes | Modified Date = 1/8/2007 6:03:20 PM | Attr =	]
hkcmd.exe -> %SystemRoot%\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 10:32:24 AM | Attr =	]
igfxpers.exe -> %SystemRoot%\SYSTEM32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 10:36:20 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 4:45:20 PM | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/27/2006 8:07:05 PM | Attr =	]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/9/2007 1:02:00 AM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 4:45:06 PM | Attr =	]
mim.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mim.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 416768 bytes | Modified Date = 1/19/2006 11:06:16 AM | Attr =	]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 3:42:54 PM | Attr =	]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 1/15/2008 6:54:54 PM | Attr =	]
plaxohelper.exe -> %ProgramFiles%\Plaxo\2.13.1.3\PlaxoHelper.exe -> Plaxo, Inc. [Ver = 2.13.1.3 | Size = 227914 bytes | Modified Date = 12/11/2007 6:21:12 PM | Attr =	]
cursorxp.exe -> %ProgramFiles%\CursorXP\CursorXP.exe ->   [Ver = 1, 3, 0, 0 | Size = 128000 bytes | Modified Date = 1/19/2005 5:34:16 PM | Attr =	]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/17/2007 5:19:45 PM | Attr =	]
rocketdock.exe -> %ProgramFiles%\RocketDock\RocketDock.exe ->  [Ver =  | Size = 630784 bytes | Modified Date = 3/19/2007 12:05:02 AM | Attr =	]
mmdiag.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 102400 bytes | Modified Date = 1/19/2006 11:06:18 AM | Attr =	]
camtray.exe -> %ProgramFiles%\Creative\Shared Files\CamTray.exe -> Creative Technology Ltd [Ver = 3.60.07 | Size = 299008 bytes | Modified Date = 10/27/2005 6:00:22 AM | Attr =	]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 3:06:00 AM | Attr =	]
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 7:11:12 PM | Attr =	]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 4.00.121 | Size = 692224 bytes | Modified Date = 4/23/2007 4:00:00 AM | Attr =	]
sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe ->  [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:35 PM | Attr =	]
yahoowidgetengine.exe -> %ProgramFiles%\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.5 | Size = 2913584 bytes | Modified Date = 7/20/2007 1:57:16 PM | Attr =	]
sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe ->  [Ver = 2.02.0001 | Size = 233472 bytes | Modified Date = 8/29/2003 11:14:56 AM | Attr =	]
yahoowidgetengine.exe -> %ProgramFiles%\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.5 | Size = 2913584 bytes | Modified Date = 7/20/2007 1:57:16 PM | Attr =	]
yahoowidgetengine.exe -> %ProgramFiles%\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.5 | Size = 2913584 bytes | Modified Date = 7/20/2007 1:57:16 PM | Attr =	]
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KhalShared\KHALMNPR.exe -> Logitech Inc. [Ver = 4.00.101 | Size = 56080 bytes | Modified Date = 4/11/2007 3:32:22 PM | Attr =	]
vsmon.exe -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/9/2007 1:01:58 AM | Attr =	]
symscui.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\SymSCUI.exe -> Symantec Corporation [Ver = 2005.1.00.111 | Size = 382080 bytes | Modified Date = 8/5/2004 6:23:08 PM | Attr =	]
aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.2.3290 | Size = 61440 bytes | Modified Date = 7/29/2003 1:44:46 PM | Attr =	]
igfxsrvc.exe -> %SystemRoot%\SYSTEM32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 159744 bytes | Modified Date = 9/20/2005 10:32:16 AM | Attr =	]
skin-pack-1.exe -> %AppData%\Opera\Opera\profile\cache4\temporary_download\Skin-Pack-1.exe ->  [Ver =  | Size = 40242673 bytes | Modified Date = 3/8/2008 5:28:57 PM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 1/2/2006 2:20:28 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\Misc Desk\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 310784 bytes | Modified Date = 3/8/2008 5:37:12 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe ->  [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 8/28/2005 2:04:55 AM | Attr =	]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 6:24:33 PM | Attr =	]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 8/8/2007 11:39:48 PM | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 185960 bytes | Modified Date = 1/8/2007 6:03:20 PM | Attr =	]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 103.5.9.2 | Size = 239264 bytes | Modified Date = 6/13/2006 3:02:50 PM | Attr =	]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 83560 bytes | Modified Date = 1/8/2007 6:03:20 PM | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 177768 bytes | Modified Date = 1/8/2007 6:03:20 PM | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 10:01:00 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 4:45:06 PM | Attr =	]
(ISSVC) ISSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\ISSVC.exe -> Symantec Corporation [Ver = 8.2.0.34 | Size = 83584 bytes | Modified Date = 3/15/2005 4:34:10 PM | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.166 | Size = 2086592 bytes | Modified Date = 5/15/2006 6:24:33 PM | Attr =	]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe ->  [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 2/23/2006 11:05:26 PM | Attr =	]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe -> Symantec Corporation [Ver = 11.5.7.5 | Size = 128160 bytes | Modified Date = 4/10/2006 6:00:12 PM | Attr =	]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.6.3.0 | Size = 143360 bytes | Modified Date = 12/17/2003 2:59:48 PM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 9:31:02 PM | Attr =	]
(RioMSC) Rio MSC Manager [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\RioMSC.exe -> Digital Networks North America, Inc. [Ver = 2.94 build 1 | Size = 303104 bytes | Modified Date = 12/2/2004 4:47:12 PM | Attr =	]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 2:22:48 PM | Attr =	]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.5.7.2 | Size = 67184 bytes | Modified Date = 10/7/2005 2:56:46 PM | Attr =	]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 AM | Attr =	]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,0,122 | Size = 992864 bytes | Modified Date = 3/15/2005 4:33:52 PM | Attr =	]
(SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\symwsc.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 4:59:50 PM | Attr =	]
(Ventrilo) Ventrilo [Win32_Own | Auto | Stopped] -> %ProgramFiles%\VentSrv\ventrilo_svc.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 7/13/2005 9:18:10 PM | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr =	]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/9/2007 1:01:58 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 2:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr =	]
(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 2:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 2:51:58 PM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 11000 bytes | Modified Date = 8/8/2007 11:39:45 PM | Attr =	]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 9/5/2006 12:03:16 PM | Attr =	]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 2:51:54 PM | Attr =	]
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0172-0.75.1810 (beta-release) | Size = 130192 bytes | Modified Date = 9/22/2003 9:48:00 AM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 2:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMBOOT.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMIO.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.03a | Size = 87488 bytes | Modified Date = 12/1/2004 4:22:00 AM | Attr =	]
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\drvnddm.sys -> Sonic Solutions [Ver = 2.56.43a | Size = 40480 bytes | Modified Date = 11/23/2004 3:56:00 AM | Attr =	]
(dtscsi) dtscsi [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dtscsi.sys -> DT Soft Ltd. [Ver = 4.03.0.0 built by: WinDDK | Size = 223128 bytes | Modified Date = 7/6/2006 8:45:51 PM | Attr =	]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 7.1.12.0 built by: WinDDK | Size = 154112 bytes | Modified Date = 2/10/2004 4:49:14 PM | Attr =	]
(EagleNT) EagleNT [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EagleNT.sys -> File not found
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 395312 bytes | Modified Date = 9/5/2007 4:00:00 AM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 1:21:04 AM | Attr =	]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\hpzid412.sys -> HP [Ver = 6, 0, 0, 0 | Size = 51024 bytes | Modified Date = 3/9/2003 9:31:00 PM | Attr =	]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZipr12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 16080 bytes | Modified Date = 3/9/2003 9:31:02 PM | Attr =	]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZius12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 21456 bytes | Modified Date = 3/9/2003 9:31:02 PM | Attr =	]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 212224 bytes | Modified Date = 11/17/2003 4:59:20 PM | Attr =	]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 1042432 bytes | Modified Date = 11/17/2003 4:56:26 PM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4396 | Size = 1302332 bytes | Modified Date = 9/20/2005 11:00:54 AM | Attr =	]
(ISODrive) ISO DVD/CD-ROM Device Driver [File_System | System | Running] -> %ProgramFiles%\UltraISO\drivers\ISODrive.sys -> EZB Systems, Inc. [Ver = 3.11 built by: WinDDK | Size = 68096 bytes | Modified Date = 4/13/2007 5:42:16 PM | Attr =	]
(Jukebox3) Jukebox3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ctpdusb.sys -> Creative Technology Ltd. [Ver = 2.01.00.00 | Size = 17280 bytes | Modified Date = 1/19/2006 2:01:00 AM | Attr =	]
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\L8042Kbd.sys -> Logitech Inc. [Ver = 4.00.101.00 | Size = 20496 bytes | Modified Date = 4/11/2007 3:32:30 PM | Attr =	]
(L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\L8042mou.Sys -> Logitech Inc. [Ver = 4.00.101.00 | Size = 63248 bytes | Modified Date = 4/11/2007 3:32:38 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\LMouKE.Sys -> Logitech Inc. [Ver = 4.00.101.00 | Size = 79376 bytes | Modified Date = 4/11/2007 3:33:06 PM | Attr =	]
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 8/22/2005 12:13:56 AM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 2:48:08 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr =	]
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MREMPR5.sys -> Motive, Inc. [Ver = 503.1658.1 | Size = 19345 bytes | Modified Date = 7/5/2006 2:10:23 PM | Attr =	]
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 7/5/2006 2:10:23 PM | Attr =	]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20071121.002\NAVENG.SYS -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 81232 bytes | Modified Date = 11/14/2007 5:00:00 AM | Attr =	]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20071121.002\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 865904 bytes | Modified Date = 11/14/2007 5:00:00 AM | Attr =	]
(nocashio) nocashio [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nocashio.sys ->  [Ver =  | Size = 4096 bytes | Modified Date = 4/28/2007 8:08:11 PM | Attr =	]
(npkcrypt) npkcrypt [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Gravity\RO\npkcrypt.sys -> INCA Internet Co., Ltd. [Ver = 2004. 12. 27. 1 | Size = 21442 bytes | Modified Date = 2/1/2005 4:55:40 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\NV4_MINI.SYS -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 11:29:56 PM | Attr =	]
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.0172-0.75.1810 (beta-release) | Size = 178672 bytes | Modified Date = 9/22/2003 9:47:00 AM | Attr =	]
(P17) Sound Blaster Live! 24-bit [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\P17.sys -> Creative Technology Ltd. [Ver = 5.12.01.315 | Size = 840960 bytes | Modified Date = 6/9/2004 1:16:00 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/7/2007 7:51:00 PM | Attr =	]
(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 2:52:18 PM | Attr =	]
(SAVRT) SAVRT [Kernel | On_Demand | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -> Symantec Corporation [Ver = 9.7.0.10 | Size = 334984 bytes | Modified Date = 8/26/2005 2:22:48 PM | Attr =	]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -> Symantec Corporation [Ver = 9.7.0.10 | Size = 53896 bytes | Modified Date = 8/26/2005 2:22:50 PM | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr =	]
(senfilt) senfilt [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\senfilt.sys -> Creative Technology Ltd. [Ver = 5.10.00.3614 | Size = 732928 bytes | Modified Date = 9/17/2004 10:02:54 AM | Attr =	]
(SilverLink) Texas Instruments SilverLink (USB GraphLink) Cable [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SilvrLnk.sys -> Texas Instruments Incorporated [Ver = 1.20.000 | Size = 21456 bytes | Modified Date = 1/28/2004 3:03:26 PM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr =	]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5246 | Size = 260352 bytes | Modified Date = 1/27/2005 4:31:06 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr =	]
(SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,5,0,122 | Size = 372832 bytes | Modified Date = 3/15/2005 4:33:52 PM | Attr =	]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sptd.sys ->  [Ver =  | Size = 642560 bytes | Modified Date = 7/6/2006 8:37:24 PM | Attr =	]
(srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 162, 0 | Size = 50416 bytes | Modified Date = 1/18/2007 6:39:20 AM | Attr =	]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 12:29:04 PM | Attr =	]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 12:28:50 PM | Attr =	]
(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 3:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 3:07:36 PM | Attr =	]
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symdns.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 11512 bytes | Modified Date = 4/5/2005 11:16:52 AM | Attr =	]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Modified Date = 9/15/2006 10:52:12 PM | Attr =	]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symfw.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 173208 bytes | Modified Date = 4/5/2005 11:16:54 AM | Attr =	]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symids.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 36984 bytes | Modified Date = 4/5/2005 11:16:58 AM | Attr =	]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20080305.002\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 2/13/2008 12:18:19 PM | Attr =	]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symndis.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 47192 bytes | Modified Date = 4/5/2005 11:16:56 AM | Attr =	]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symredrv.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 17976 bytes | Modified Date = 4/5/2005 11:17:00 AM | Attr =	]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symtdi.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 267192 bytes | Modified Date = 4/5/2005 11:17:02 AM | Attr =	]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 3:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 3:07:42 PM | Attr =	]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25883 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr =	]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr =	]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr =	]
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr =	]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86586 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr =	]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15227 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr =	]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr =	]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr =	]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 12/6/2004 2:05:00 AM | Attr =	]
(TICalc) TICalc [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\Ticalc.sys ->  [Ver =  | Size = 9152 bytes | Modified Date = 8/30/1999 2:51:42 PM | Attr =	]
(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 2:52:22 PM | Attr =	]
(V0260VID) Live! Cam Vista IM [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\V0260Vid.sys -> Creative Technology Ltd. [Ver = 1, 0, 2, 0 | Size = 162176 bytes | Modified Date = 4/1/2006 11:16:44 AM | Attr = R  ]
(vsdatant) vsdatant [Kernel | Auto | Stopped] ->  -> File not found
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.06.00 built by: WinDDK | Size = 680704 bytes | Modified Date = 11/17/2003 4:58:02 PM | Attr =	]
(XTrapD12) XTrapD12 [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\HEROON~1\XTrap\XTrapD12.sys -> File not found
(XDva004) XDva004 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\XDva004.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.5.10.3 | Size = 49768 bytes | Modified Date = 1/8/2007 6:03:20 PM | Attr =	]
DeadAIM ->  -> File not found
igfxhkcmd -> %SystemRoot%\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 10:32:24 AM | Attr =	]
igfxpers -> %SystemRoot%\SYSTEM32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 10:36:20 AM | Attr =	]
igfxtray -> %SystemRoot%\SYSTEM32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 9/20/2005 10:35:40 AM | Attr =	]
IntelliType -> %ProgramFiles%\Microsoft Hardware\Keyboard\type32.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 4:45:20 PM | Attr =	]
Lexmark X73 Button Manager -> D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe -> File not found
Lexmark X73 Button Monitor -> D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe -> File not found
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 4.00.101 | Size = 56080 bytes | Modified Date = 4/11/2007 3:32:22 PM | Attr =	]
MimBoot -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 11776 bytes | Modified Date = 1/19/2006 11:06:16 AM | Attr =	]
Motive SmartBridge -> %ProgramFiles%\Verizon\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.22.asst_classic.smartbridge.20060421_153000 | Size = 438359 bytes | Modified Date = 6/23/2006 12:33:02 PM | Attr =	]
MSPY2002 -> %SystemRoot%\SYSTEM32\IME\PINTLGNT\IMSCINST.EXE ->  [Ver =  | Size = 59392 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
NeroFilterCheck -> %SystemRoot%\SYSTEM32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr =	]
NvCplDaemon -> %SystemRoot%\System32\NvCpl.DLL -> File not found
nwiz ->  -> File not found
POINTER -> %ProgramFiles%\Microsoft Hardware\Mouse\point32.exe -> File not found
PrinTray -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\printray.exe -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/27/2006 8:07:05 PM | Attr =	]
Screen shot Utility -> D:\Program Files\ScreenShot Utility\ScreenshotUtility.exe -> File not found
SoundMan ->  -> File not found
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 3:42:54 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 1/2/2006 2:20:28 PM | Attr =	]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 1/15/2008 6:54:54 PM | Attr =	]
WindowBlinds -> %ProgramFiles%\Stardock\Object Desktop\WindowBlinds\wbload.exe -> Stardock Systems, Inc [Ver = 5.0 | Size = 232448 bytes | Modified Date = 11/25/2005 7:30:58 PM | Attr =	]
WinPatrol -> %SystemDrive%\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe -> File not found
Zone Alarm Pro -> D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe -> File not found
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/9/2007 1:02:00 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AMP Agent -> %CommonProgramFiles%\ARS Company\Agent\agent.exe ->  [Ver = 1.0.1.8 | Size = 37888 bytes | Modified Date = 2/28/2002 9:43:00 AM | Attr =	]
Creative WebCam Tray -> %ProgramFiles%\Creative\Shared Files\CamTray.exe -> Creative Technology Ltd [Ver = 3.60.07 | Size = 299008 bytes | Modified Date = 10/27/2005 6:00:22 AM | Attr =	]
CursorXP -> %ProgramFiles%\CursorXP\CursorXP.exe ->   [Ver = 1, 3, 0, 0 | Size = 128000 bytes | Modified Date = 1/19/2005 5:34:16 PM | Attr =	]
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/17/2007 5:19:45 PM | Attr =	]
PlaxoUpdate -> %ProgramFiles%\Plaxo\2.13.1.3\PlaxoHelper.exe -> Plaxo, Inc. [Ver = 2.13.1.3 | Size = 227914 bytes | Modified Date = 12/11/2007 6:21:12 PM | Attr =	]
RocketDock -> %ProgramFiles%\RocketDock\RocketDock.exe ->  [Ver =  | Size = 630784 bytes | Modified Date = 3/19/2007 12:05:02 AM | Attr =	]
SP2 Connection Patcher -> %ProgramFiles%\SP2 Connection Patcher\SP2ConnPatcher.exe ->  [Ver =  | Size = 409600 bytes | Modified Date = 7/11/2005 7:51:08 AM | Attr =	]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 5:45:08 PM | Attr = R  ]
< Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe ->  [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:35 PM | Attr =	]
%UserProfile%\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.5 | Size = 2913584 bytes | Modified Date = 7/20/2007 1:57:16 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 3:06:00 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 7:11:12 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/17/2007 5:19:45 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 4.00.121 | Size = 692224 bytes | Modified Date = 4/23/2007 4:00:00 AM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
wbsys.dll -> %SystemRoot%\SYSTEM32\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 11:27:44 PM | Attr =	]
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 8/8/2007 11:39:47 PM | Attr =	]
{81559C35-8464-49F7-BB0E-07A383BEF910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [SpywareGuard] ->  [Ver = 2.02 | Size = 126976 bytes | Modified Date = 8/2/2003 11:20:57 PM | Attr = R  ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\SYSTEM32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 9/20/2005 10:31:28 AM | Attr =	]
WBSrv -> %ProgramFiles%\Stardock\Object Desktop\WindowBlinds\WbSrv.dll -> Stardock [Ver = 5, 0, 0, 1 | Size = 176128 bytes | Modified Date = 12/6/2005 9:16:30 PM | Attr =	]
WRNotifier ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> (binary data) -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3429 domain(s) found. -> 
free_aol.com [http] -> Trusted sites -> 
toolbar_imageshack.us [http] -> Trusted sites -> 
91 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 86 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{6932D140-ABC4-4073-A44C-D4A541665E35} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\ImageShackToolbar\ImageShackToolbar.dll [ImageShack Toolbar] -> ImageShack Corp. [Ver = 2, 0, 0, 36 | Size = 368640 bytes | Modified Date = 10/19/2006 9:47:18 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Norton AntiVirus] -> File not found
WebBrowser\\{EEE1A699-C438-486B-8B23-347A37F77328} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Blingo Toolbar\blingobar.dll [Blingo Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 106496 bytes | Modified Date = 3/4/2005 2:10:36 PM | Attr =	]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.2.3290 | Size = 61440 bytes | Modified Date = 7/29/2003 1:44:46 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr =	]
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 106496 bytes | Modified Date = 3/4/2005 2:10:36 PM | Attr =	]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.2.3290 | Size = 61440 bytes | Modified Date = 7/29/2003 1:44:46 PM | Attr =	]
CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Post Image to Blog -> %SystemRoot%\ImageShackToolbar\ImageShackToolbar.dll -> ImageShack Corp. [Ver = 2, 0, 0, 36 | Size = 368640 bytes | Modified Date = 10/19/2006 9:47:18 PM | Attr =	]
Tag This Image -> %SystemRoot%\ImageShackToolbar\ImageShackToolbar.dll -> ImageShack Corp. [Ver = 2, 0, 0, 36 | Size = 368640 bytes | Modified Date = 10/19/2006 9:47:18 PM | Attr =	]
Upload All Images to ImageShack -> %SystemRoot%\ImageShackToolbar\ImageShackToolbar.dll -> ImageShack Corp. [Ver = 2, 0, 0, 36 | Size = 368640 bytes | Modified Date = 10/19/2006 9:47:18 PM | Attr =	]
Upload Image to ImageShack -> %SystemRoot%\ImageShackToolbar\ImageShackToolbar.dll -> ImageShack Corp. [Ver = 2, 0, 0, 36 | Size = 368640 bytes | Modified Date = 10/19/2006 9:47:18 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
Avant Browser -> IEAK -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{45FCDB2F-26A7-4E2D-B47C-679616BF22E3} ->	(Intel(R) PRO/100 VE Network Connection) -> 
{93FDC839-C4C7-4A55-B902-FCE440340B81} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 2/17/2007 5:19:45 PM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02}[HKEY_LOCAL_MACHINE] -> http://housecall60.trendmicro.com/housecall/xscan60.cab[HouseCall Control] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{48884C41-EFAC-433D-958A-9FADAC41408E}[HKEY_LOCAL_MACHINE] -> https://www.e-games.com.my/com/EGamesPlugin.cab[EGamesPlugin Class] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://www.bitdefender.com/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{6932D140-ABC4-4073-A44C-D4A541665E35}[HKEY_LOCAL_MACHINE] -> http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab[ImageShack Toolbar] -> 
{6F750200-1362-4815-A476-88533DE61D0C}[HKEY_LOCAL_MACHINE] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab[Ofoto Upload Manager Class] -> 
{7B297BFD-85E4-4092-B2AF-16A91B2EA103}[HKEY_LOCAL_MACHINE] -> http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[WScanCtl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{94B82441-A413-4E43-8422-D49930E69764}[HKEY_LOCAL_MACHINE] -> http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{EB387D2F-E27B-4D36-979E-847D1036C65D}[HKEY_LOCAL_MACHINE] -> http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326[QDiagHUpdateObj Class] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\SYSTEM32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\SYSTEM32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 564 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\SYSTEM32\SCECLI.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\NTMARTA.DLL [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 19332 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\IPNATHLP.DLL [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/17/2007 5:19:45 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIMb\aim.exe -> C:\Program Files\AIMb\aim.exe [C:\Program Files\AIMb\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\;\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Starcraft\starcraft.exe -> C:\Program Files\Starcraft\StarCraft.exe [C:\Program Files\Starcraft\starcraft.exe:*:Enabled:Starcraft] -> Blizzard Entertainment [Ver = 1.15.0 | Size = 1220608 bytes | Modified Date = 5/8/2007 3:14:08 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe -> C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe [C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe:*:Enabled:Inspector Parker Game Executable] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 81920 bytes | Modified Date = 8/15/2005 12:38:13 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 10/31/2005 11:56:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 14144000 bytes | Modified Date = 2/23/2006 5:31:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2/17/2007 5:19:45 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIMb\aim.exe -> C:\Program Files\AIMb\aim.exe [C:\Program Files\AIMb\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\Orb.exe -> C:\Program Files\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbTray.exe -> C:\Program Files\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe -> C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\pmropn.exe -> c:\WINDOWS\SYSTEM32\pmropn.exe [c:\windows\system32\pmropn.exe:*:Enabled:pmropn.exe] -> PremierOpinion [Ver = 1.3.315.388 (Build 315.388) | Size = 1622016 bytes | Modified Date = 10/13/2007 2:33:43 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\WUAUSERV.DLL [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 534827008 bytes | Created Date = 3/2/2008 5:13:23 PM | Attr =  HS]
mGame -> %SystemDrive%\mGame ->  [Folder | Created Date = 3/6/2008 12:02:08 AM | Attr =	]
NetGame -> %SystemDrive%\NetGame ->  [Folder | Created Date = 3/1/2008 3:30:42 PM | Attr =	]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 3/2/2008 5:29:05 PM | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 3/2/2008 6:05:32 PM | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 3/2/2008 5:29:05 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 3/2/2008 6:05:32 PM | Attr =  H ]
V0260Cmd.sys -> %SystemRoot%\System32\drivers\V0260Cmd.sys -> Creative Technology Ltd. [Ver = 1, 0, 2, 0 | Size = 24829 bytes | Created Date = 2/19/2008 3:42:59 PM | Attr = R  ]
V0260Vid.sys -> %SystemRoot%\System32\drivers\V0260Vid.sys -> Creative Technology Ltd. [Ver = 1, 0, 2, 0 | Size = 162176 bytes | Created Date = 2/19/2008 3:42:59 PM | Attr = R  ]
CtCamMgr.dll -> %SystemRoot%\System32\CtCamMgr.dll -> Creative Technology Ltd. [Ver = 1.07.01.00 | Size = 36864 bytes | Created Date = 2/19/2008 3:42:59 PM | Attr = R  ]
CtCamPin.crl -> %SystemRoot%\System32\CtCamPin.crl -> Creative Technology Ltd. [Ver = 1.00.01.00 | Size = 24576 bytes | Created Date = 2/19/2008 3:43:00 PM | Attr = R  ]
pmls.dll -> %SystemRoot%\System32\pmls.dll -> PremierOpinion [Ver = 3.0.60.88 (Build 60.88) | Size = 368640 bytes | Created Date = 2/20/2008 7:40:14 PM | Attr =	]
pmropn.exe -> %SystemRoot%\System32\pmropn.exe -> PremierOpinion [Ver = 1.3.315.388 (Build 315.388) | Size = 1622016 bytes | Created Date = 2/20/2008 7:40:16 PM | Attr =	]
V0260530.set -> %SystemRoot%\System32\V0260530.set ->  [Ver =  | Size = 74685 bytes | Created Date = 2/19/2008 3:42:59 PM | Attr = R  ]
V0260Ext.ax -> %SystemRoot%\System32\V0260Ext.ax -> Creative Technology Ltd. [Ver = 1.00.04.00 | Size = 94208 bytes | Created Date = 2/19/2008 3:43:00 PM | Attr = R  ]
V0260Ext.crl -> %SystemRoot%\System32\V0260Ext.crl -> Creative Technology Ltd. [Ver = 1.00.02.00 | Size = 20480 bytes | Created Date = 2/19/2008 3:43:00 PM | Attr = R  ]
V0260Hwx.dll -> %SystemRoot%\System32\V0260Hwx.dll -> Creative Technology Ltd. [Ver = 1.00.04.00 | Size = 28672 bytes | Created Date = 2/19/2008 3:43:00 PM | Attr = R  ]
V0260Pin.dll -> %SystemRoot%\System32\V0260Pin.dll -> Creative Technology Ltd. [Ver = 1.00.04.00 | Size = 36864 bytes | Created Date = 2/19/2008 3:43:00 PM | Attr = R  ]
V0260Srv.exe -> %SystemRoot%\System32\V0260Srv.exe -> Creative Technology Ltd. [Ver = 1.00.01.00 | Size = 20564 bytes | Created Date = 2/19/2008 3:43:00 PM | Attr = R  ]
V0260Vfw.dll -> %SystemRoot%\System32\V0260Vfw.dll -> Creative Technology Ltd. [Ver = 1.00.02.6784 | Size = 126976 bytes | Created Date = 2/19/2008 3:43:02 PM | Attr = R  ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 3/2/2008 4:50:43 PM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 3/2/2008 4:50:43 PM | Attr =  H ]
CtDrvIns.exe -> %SystemRoot%\CtDrvIns.exe -> Creative Technology Ltd. [Ver = 2.17.01.00 | Size = 86016 bytes | Created Date = 2/19/2008 3:43:02 PM | Attr = R  ]
CtDrvInstall -> %SystemRoot%\CtDrvInstall ->  [Folder | Created Date = 2/19/2008 3:40:47 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 2/22/2008 11:44:15 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 2/22/2008 11:44:15 PM | Attr =  H ]
rmg.ini -> %SystemRoot%\rmg.ini ->  [Ver =  | Size = 303 bytes | Created Date = 3/8/2008 9:35:10 PM | Attr =	]
V0260Cfg.exe -> %SystemRoot%\V0260Cfg.exe -> Creative Technology Ltd. [Ver = 1.00.04.00 | Size = 32874 bytes | Created Date = 2/19/2008 3:43:02 PM | Attr = R  ]
VF0260.uns -> %SystemRoot%\VF0260.uns ->  [Ver =  | Size = 4352 bytes | Created Date = 2/19/2008 3:43:02 PM | Attr = R  ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
AOL OCP -> %AllUsersProfile%\Application Data\AOL OCP ->  [Folder | Created Date = 2/15/2008 6:21:55 PM | Attr =	]
WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller ->  [Folder | Created Date = 2/15/2008 6:30:13 PM | Attr =	]
Viewpoint -> %AppData%\Viewpoint ->  [Folder | Created Date = 2/15/2008 6:22:20 PM | Attr =	]
AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Created Date = 2/15/2008 6:23:27 PM | Attr =	]
AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP ->  [Folder | Created Date = 2/15/2008 6:22:32 PM | Attr =	]
28475696yu2.gif -> %UserProfile%\My Documents\28475696yu2.gif ->  [Ver =  | Size = 1834 bytes | Created Date = 2/21/2008 9:10:11 PM | Attr =	]
32hb3.gif -> %UserProfile%\My Documents\32hb3.gif ->  [Ver =  | Size = 2346 bytes | Created Date = 2/21/2008 9:11:05 PM | Attr =	]
35axm1.gif -> %UserProfile%\My Documents\35axm1.gif ->  [Ver =  | Size = 476 bytes | Created Date = 2/21/2008 9:10:59 PM | Attr =	]
40wu7.gif -> %UserProfile%\My Documents\40wu7.gif ->  [Ver =  | Size = 1783 bytes | Created Date = 2/21/2008 9:11:17 PM | Attr =	]
bio_hotkeys.bmp -> %UserProfile%\My Documents\bio_hotkeys.bmp ->  [Ver =  | Size = 703110 bytes | Created Date = 2/19/2008 7:48:46 PM | Attr =	]
Dankins -> %UserProfile%\My Documents\Dankins ->  [Folder | Created Date = 2/20/2008 2:15:56 AM | Attr =	]
emot-awesome.gif -> %UserProfile%\My Documents\emot-awesome.gif ->  [Ver =  | Size = 622 bytes | Created Date = 2/22/2008 1:35:03 PM | Attr =	]
Eng.doc -> %UserProfile%\My Documents\Eng.doc ->  [Ver =  | Size = 26624 bytes | Created Date = 2/11/2008 12:17:22 AM | Attr =	]
HOs.JPG -> %UserProfile%\My Documents\HOs.JPG ->  [Ver =  | Size = 19221 bytes | Created Date = 2/19/2008 8:52:14 PM | Attr =	]
IMAGE_003.jpg -> %UserProfile%\My Documents\IMAGE_003.jpg ->  [Ver =  | Size = 25621 bytes | Created Date = 2/10/2008 1:27:00 AM | Attr =	]
IMAGE_148.jpg -> %UserProfile%\My Documents\IMAGE_148.jpg ->  [Ver =  | Size = 213294 bytes | Created Date = 2/23/2008 9:57:16 PM | Attr =	]
Miranda IM -> %UserProfile%\My Documents\Miranda IM ->  [Folder | Created Date = 2/17/2008 12:20:21 PM | Attr =	]
My Received Files -> %UserProfile%\My Documents\My Received Files ->  [Folder | Created Date = 2/15/2008 6:45:16 PM | Attr =	]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 559 bytes | Created Date = 2/15/2008 6:48:16 PM | Attr =	]
pink_rose -> %UserProfile%\My Documents\pink_rose ->  [Folder | Created Date = 3/8/2008 6:14:37 PM | Attr =	]
PvM.bmp -> %UserProfile%\My Documents\PvM.bmp ->  [Ver =  | Size = 341934 bytes | Created Date = 3/8/2008 6:58:08 PM | Attr =	]
PvM.JPG -> %UserProfile%\My Documents\PvM.JPG ->  [Ver =  | Size = 40114 bytes | Created Date = 3/8/2008 6:57:57 PM | Attr =	]
PVP.PNG -> %UserProfile%\My Documents\PVP.PNG ->  [Ver =  | Size = 32692 bytes | Created Date = 2/9/2008 10:27:36 PM | Attr =	]
Ragnarok Online Emoticons -> %UserProfile%\My Documents\Ragnarok Online Emoticons ->  [Folder | Created Date = 2/21/2008 9:16:30 PM | Attr =	]
screenParadiseRO302.JPG -> %UserProfile%\My Documents\screenParadiseRO302.JPG ->  [Ver =  | Size = 128441 bytes | Created Date = 3/6/2008 9:45:59 PM | Attr =	]
screenParadiseRO305.JPG -> %UserProfile%\My Documents\screenParadiseRO305.JPG ->  [Ver =  | Size = 145533 bytes | Created Date = 3/6/2008 10:00:05 PM | Attr =	]
SnipB.JPG -> %UserProfile%\My Documents\SnipB.JPG ->  [Ver =  | Size = 40201 bytes | Created Date = 3/7/2008 6:53:34 PM | Attr =	]
SnipC.bmp -> %UserProfile%\My Documents\SnipC.bmp ->  [Ver =  | Size = 1256406 bytes | Created Date = 3/7/2008 6:57:34 PM | Attr =	]
the_ataris-i_wont_spend_another_night_alone-7816.ptb -> %UserProfile%\My Documents\the_ataris-i_wont_spend_another_night_alone-7816.ptb ->  [Ver =  | Size = 29927 bytes | Created Date = 2/23/2008 11:49:50 PM | Attr =	]
the_ataris-i_wont_spend_another_night_alone-8055 (1).ptb -> %UserProfile%\My Documents\the_ataris-i_wont_spend_another_night_alone-8055 (1).ptb ->  [Ver =  | Size = 33426 bytes | Created Date = 2/24/2008 4:37:49 PM | Attr =	]
WebCam Center -> %UserProfile%\My Documents\WebCam Center ->  [Folder | Created Date = 2/19/2008 4:03:54 PM | Attr =	]
WinsockxpFix.exe -> %UserProfile%\My Documents\WinsockxpFix.exe -> Option^Explicit Software Solutions [Ver = 1.00 | Size = 1445888 bytes | Created Date = 3/2/2008 5:53:58 PM | Attr =	]
Creative WebCam Center.lnk -> %AllUsersProfile%\Desktop\Creative WebCam Center.lnk ->  [Ver =  | Size = 1938 bytes | Created Date = 2/19/2008 3:36:01 PM | Attr =	]
Holic.lnk -> %AllUsersProfile%\Desktop\Holic.lnk ->  [Ver =  | Size = 441 bytes | Created Date = 3/6/2008 12:02:41 AM | Attr =	]
SCIONS OF FATE.url -> %AllUsersProfile%\Desktop\SCIONS OF FATE.url ->  [Ver =  | Size = 159 bytes | Created Date = 3/1/2008 3:31:13 PM | Attr =	]
BitWise.lnk -> %UserProfile%\Desktop\BitWise.lnk ->  [Ver =  | Size = 616 bytes | Created Date = 2/17/2008 12:03:53 PM | Attr =	]
Emoticon Packs for Messenger -> %UserProfile%\Desktop\Emoticon Packs for Messenger ->  [Folder | Created Date = 2/20/2008 7:38:18 PM | Attr =	]
Holic_USA.exe -> %UserProfile%\Desktop\Holic_USA.exe ->  [Ver =  | Size = 999673726 bytes | Created Date = 3/5/2008 7:49:33 PM | Attr =	]
Miranda IM.lnk -> %UserProfile%\Desktop\Miranda IM.lnk ->  [Ver =  | Size = 701 bytes | Created Date = 2/17/2008 12:22:26 PM | Attr =	]
Opera.lnk -> %UserProfile%\Desktop\Opera.lnk ->  [Ver =  | Size = 592 bytes | Created Date = 2/25/2008 12:05:04 AM | Attr =	]
Skin Windows Vista Black 8.5.1238.601.lnk -> %UserProfile%\Desktop\Skin Windows Vista Black 8.5.1238.601.lnk ->  [Ver =  | Size = 1729 bytes | Created Date = 2/20/2008 2:35:04 AM | Attr =	]
Start LunaRO.lnk -> %UserProfile%\Desktop\Start LunaRO.lnk ->  [Ver =  | Size = 759 bytes | Created Date = 3/6/2008 11:37:47 PM | Attr =	]
Thursday_WoE_6b.wmv -> %UserProfile%\Desktop\Thursday_WoE_6b.wmv ->  [Ver =  | Size = 231648371 bytes | Created Date = 2/17/2008 8:29:10 AM | Attr =	]
Thursday_WoE_7.wmv -> %UserProfile%\Desktop\Thursday_WoE_7.wmv ->  [Ver =  | Size = 95774739 bytes | Created Date = 2/21/2008 2:50:33 PM | Attr =	]
Thursday_WoE_8.wmv -> %UserProfile%\Desktop\Thursday_WoE_8.wmv ->  [Ver =  | Size = 140127795 bytes | Created Date = 3/1/2008 2:59:31 PM | Attr =	]
WoE_24th.wmv -> %UserProfile%\Desktop\WoE_24th.wmv ->  [Ver =  | Size = 399824905 bytes | Created Date = 2/27/2008 12:32:03 AM | Attr =	]
ARS Company -> %CommonProgramFiles%\ARS Company ->  [Folder | Created Date = 3/8/2008 9:30:38 PM | Attr =	]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller ->  [Folder | Created Date = 2/15/2008 6:31:24 PM | Attr =  HS]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 3/2/2008 5:13:17 PM | Attr =	]
Fraps -> %SystemDrive%\Fraps ->  [Folder | Modified Date = 2/10/2008 6:48:43 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 534827008 bytes | Modified Date = 3/2/2008 5:57:20 PM | Attr =  HS]
hpfr3420.xml -> %SystemDrive%\hpfr3420.xml ->  [Ver =  | Size = 522 bytes | Modified Date = 3/7/2008 1:52:39 AM | Attr =	]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 2774 bytes | Modified Date = 2/15/2008 6:23:27 PM | Attr =  H ]
mGame -> %SystemDrive%\mGame ->  [Folder | Modified Date = 3/6/2008 12:02:41 AM | Attr =	]
NetGame -> %SystemDrive%\NetGame ->  [Folder | Modified Date = 3/1/2008 8:19:06 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/8/2008 9:30:31 PM | Attr = R  ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 3/2/2008 5:29:05 PM | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 3/2/2008 6:05:32 PM | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 3/2/2008 5:29:05 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 3/2/2008 6:05:32 PM | Attr =  H ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/8/2008 9:35:10 PM | Attr =	]
ETC -> %SystemRoot%\System32\drivers\ETC ->  [Folder | Modified Date = 3/2/2008 5:54:29 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\ETC\hosts ->  [Ver =  | Size = 736 bytes | Modified Date = 3/2/2008 5:54:09 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/2/2008 5:58:51 PM | Attr =	]
CONFIG -> %SystemRoot%\System32\CONFIG ->  [Folder | Modified Date = 3/2/2008 5:12:24 PM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 3/2/2008 4:54:04 PM | Attr =	]
DLLCACHE -> %SystemRoot%\System32\DLLCACHE ->  [Folder | Modified Date = 2/19/2008 4:01:28 PM | Attr = RHS]
DRIVERS -> %SystemRoot%\System32\DRIVERS ->  [Folder | Modified Date = 2/19/2008 4:01:23 PM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 2/15/2008 6:44:01 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 309992 bytes | Modified Date = 3/2/2008 5:13:25 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %SystemRoot%\System32\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 92296 bytes | Modified Date = 3/3/2008 7:10:18 PM | Attr =	]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml ->  [Ver =  | Size = 49615 bytes | Modified Date = 3/2/2008 6:06:45 PM | Attr =  H ]
WBEM -> %SystemRoot%\System32\WBEM ->  [Folder | Modified Date = 3/2/2008 5:10:40 PM | Attr =	]
WPA.DBL -> %SystemRoot%\System32\WPA.DBL ->  [Ver =  | Size = 2206 bytes | Modified Date = 3/2/2008 5:59:55 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 4:43:10 PM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 3/2/2008 4:50:43 PM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 3/2/2008 4:50:44 PM | Attr =  H ]
ASSEMBLY -> %SystemRoot%\ASSEMBLY ->  [Folder | Modified Date = 2/15/2008 6:47:04 PM | Attr = R S]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/2/2008 5:57:24 PM | Attr =   S]
CtDrvInstall -> %SystemRoot%\CtDrvInstall ->  [Folder | Modified Date = 2/19/2008 3:40:47 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/20/2008 12:09:58 AM | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 3/2/2008 4:51:57 PM | Attr =   S]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/14/2008 10:50:38 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Modified Date = 3/2/2008 4:35:49 PM | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 2/19/2008 3:42:10 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/2/2008 4:52:31 PM | Attr =  HS]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Modified Date = 3/3/2008 5:28:21 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2/19/2008 3:46:27 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 2/19/2008 4:18:51 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/9/2008 9:47:04 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/22/2008 11:44:15 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/4/2008 11:39:16 PM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 3/2/2008 5:10:35 PM | Attr =	]
rmg.ini -> %SystemRoot%\rmg.ini ->  [Ver =  | Size = 303 bytes | Modified Date = 3/8/2008 9:37:21 PM | Attr =	]
SYSTEM32 -> %SystemRoot%\SYSTEM32 ->  [Folder | Modified Date = 3/3/2008 9:17:00 PM | Attr =	]
temp -> %SystemRoot%\temp ->  [Folder | Modified Date = 3/9/2008 9:53:20 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2/15/2008 6:42:55 PM | Attr =	]
B1301EA39587943F.job -> %SystemRoot%\tasks\B1301EA39587943F.job ->  [Ver =  | Size = 268 bytes | Modified Date = 3/9/2008 10:00:00 PM | Attr =  H ]
Norton AntiVirus - Scan my computer - Admin.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Admin.job ->  [Ver =  | Size = 548 bytes | Modified Date = 3/6/2008 8:44:12 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/2/2008 5:57:38 PM | Attr =  H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job ->  [Ver =  | Size = 366 bytes | Modified Date = 3/9/2008 10:05:00 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 3/2/2008 6:00:04 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 3/2/2008 6:00:04 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 5/5/2006 9:36:54 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Modified Date = 3/8/2008 6:29:10 PM | Attr =	]
AOL OCP -> %AllUsersProfile%\Application Data\AOL OCP ->  [Folder | Modified Date = 2/15/2008 6:24:01 PM | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 2/29/2008 8:31:01 PM | Attr =   S]
Viewpoint -> %AllUsersProfile%\Application Data\Viewpoint ->  [Folder | Modified Date = 2/15/2008 6:22:21 PM | Attr =	]
WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller ->  [Folder | Modified Date = 2/20/2008 2:43:54 AM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 3/9/2008 7:30:08 PM | Attr =	]
Creative -> %AppData%\Creative ->  [Folder | Modified Date = 2/19/2008 4:03:39 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 2/15/2008 6:46:34 PM | Attr =   S]
Viewpoint -> %AppData%\Viewpoint ->  [Folder | Modified Date = 2/15/2008 6:22:20 PM | Attr =	]
AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Modified Date = 2/15/2008 6:23:27 PM | Attr =	]
AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP ->  [Folder | Modified Date = 2/15/2008 6:22:32 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 92160 bytes | Modified Date = 2/15/2008 5:43:25 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 8224 bytes | Modified Date = 3/2/2008 5:18:42 PM | Attr =	]
Google -> %UserProfile%\Local Settings\Application Data\Google ->  [Folder | Modified Date = 2/17/2008 12:15:00 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 2/17/2008 4:50:42 PM | Attr =	]
28475696yu2.gif -> %UserProfile%\My Documents\28475696yu2.gif ->  [Ver =  | Size = 1834 bytes | Modified Date = 2/21/2008 9:10:11 PM | Attr =	]
32hb3.gif -> %UserProfile%\My Documents\32hb3.gif ->  [Ver =  | Size = 2346 bytes | Modified Date = 2/21/2008 9:11:05 PM | Attr =	]
35axm1.gif -> %UserProfile%\My Documents\35axm1.gif ->  [Ver =  | Size = 476 bytes | Modified Date = 2/21/2008 9:10:59 PM | Attr =	]
40wu7.gif -> %UserProfile%\My Documents\40wu7.gif ->  [Ver =  | Size = 1783 bytes | Modified Date = 2/21/2008 9:11:17 PM | Attr =	]
bio_hotkeys.bmp -> %UserProfile%\My Documents\bio_hotkeys.bmp ->  [Ver =  | Size = 703110 bytes | Modified Date = 2/19/2008 9:44:44 PM | Attr =	]
Dankins -> %UserProfile%\My Documents\Dankins ->  [Folder | Modified Date = 3/7/2008 11:48:05 PM | Attr =	]
download -> %UserProfile%\My Documents\download ->  [Folder | Modified Date = 3/3/2008 12:55:07 AM | Attr =	]
emot-awesome.gif -> %UserProfile%\My Documents\emot-awesome.gif ->  [Ver =  | Size = 622 bytes | Modified Date = 2/22/2008 1:35:03 PM | Attr =	]
Eng.doc -> %UserProfile%\My Documents\Eng.doc ->  [Ver =  | Size = 26624 bytes | Modified Date = 2/11/2008 12:28:45 AM | Attr =	]
Grade 11 -> %UserProfile%\My Documents\Grade 11 ->  [Folder | Modified Date = 2/21/2008 10:55:01 PM | Attr =	]
Grade 12 -> %UserProfile%\My Documents\Grade 12 ->  [Folder | Modified Date = 3/9/2008 9:44:30 PM | Attr =	]
HOs.JPG -> %UserProfile%\My Documents\HOs.JPG ->  [Ver =  | Size = 19221 bytes | Modified Date = 2/19/2008 8:52:14 PM | Attr =	]
IMAGE_003.jpg -> %UserProfile%\My Documents\IMAGE_003.jpg ->  [Ver =  | Size = 25621 bytes | Modified Date = 2/10/2008 2:32:19 PM | Attr =	]
IMAGE_148.jpg -> %UserProfile%\My Documents\IMAGE_148.jpg ->  [Ver =  | Size = 213294 bytes | Modified Date = 2/23/2008 9:57:16 PM | Attr =	]
Jess Is My World -> %UserProfile%\My Documents\Jess Is My World ->  [Folder | Modified Date = 3/4/2008 7:55:01 PM | Attr =	]
Miranda IM -> %UserProfile%\My Documents\Miranda IM ->  [Folder | Modified Date = 2/17/2008 12:28:14 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 2/12/2008 8:43:09 PM | Attr =   S]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 3/8/2008 11:51:15 PM | Attr =   S]
My Received Files -> %UserProfile%\My Documents\My Received Files ->  [Folder | Modified Date = 2/15/2008 6:59:33 PM | Attr =	]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 559 bytes | Modified Date = 3/3/2008 5:20:17 PM | Attr =	]
pink_rose -> %UserProfile%\My Documents\pink_rose ->  [Folder | Modified Date = 3/8/2008 6:14:46 PM | Attr =	]
PvM.bmp -> %UserProfile%\My Documents\PvM.bmp ->  [Ver =  | Size = 341934 bytes | Modified Date = 3/8/2008 6:58:08 PM | Attr =	]
PvM.JPG -> %UserProfile%\My Documents\PvM.JPG ->  [Ver =  | Size = 40114 bytes | Modified Date = 3/8/2008 6:57:57 PM | Attr =	]
PVP.PNG -> %UserProfile%\My Documents\PVP.PNG ->  [Ver =  | Size = 32692 bytes | Modified Date = 2/9/2008 10:27:36 PM | Attr =	]
Ragnarok Online Emoticons -> %UserProfile%\My Documents\Ragnarok Online Emoticons ->  [Folder | Modified Date = 2/21/2008 9:16:36 PM | Attr =	]
screenParadiseRO302.JPG -> %UserProfile%\My Documents\screenParadiseRO302.JPG ->  [Ver =  | Size = 128441 bytes | Modified Date = 3/6/2008 9:45:59 PM | Attr =	]
screenParadiseRO305.JPG -> %UserProfile%\My Documents\screenParadiseRO305.JPG ->  [Ver =  | Size = 145533 bytes | Modified Date = 3/6/2008 10:00:05 PM | Attr =	]
Shared -> %UserProfile%\My Documents\Shared ->  [Folder | Modified Date = 2/12/2008 8:43:16 PM | Attr =	]
Skin -> %UserProfile%\My Documents\Skin ->  [Folder | Modified Date = 3/8/2008 5:01:49 PM | Attr =	]
SnipB.JPG -> %UserProfile%\My Documents\SnipB.JPG ->  [Ver =  | Size = 40201 bytes | Modified Date = 3/7/2008 6:53:34 PM | Attr =	]
SnipC.bmp -> %UserProfile%\My Documents\SnipC.bmp ->  [Ver =  | Size = 1256406 bytes | Modified Date = 3/7/2008 6:57:34 PM | Attr =	]
Tabs -> %UserProfile%\My Documents\Tabs ->  [Folder | Modified Date = 2/27/2008 9:44:32 PM | Attr =	]
the_ataris-i_wont_spend_another_night_alone-7816.ptb -> %UserProfile%\My Documents\the_ataris-i_wont_spend_another_night_alone-7816.ptb ->  [Ver =  | Size = 29927 bytes | Modified Date = 2/23/2008 11:49:53 PM | Attr =	]
the_ataris-i_wont_spend_another_night_alone-8055 (1).ptb -> %UserProfile%\My Documents\the_ataris-i_wont_spend_another_night_alone-8055 (1).ptb ->  [Ver =  | Size = 33426 bytes | Modified Date = 2/24/2008 4:37:50 PM | Attr =	]
WebCam Center -> %UserProfile%\My Documents\WebCam Center ->  [Folder | Modified Date = 2/19/2008 4:03:54 PM | Attr =	]
WinsockxpFix.exe -> %UserProfile%\My Documents\WinsockxpFix.exe -> Option^Explicit Software Solutions [Ver = 1.00 | Size = 1445888 bytes | Modified Date = 3/2/2008 5:51:08 PM | Attr =	]
Creative WebCam Center.lnk -> %AllUsersProfile%\Desktop\Creative WebCam Center.lnk ->  [Ver =  | Size = 1938 bytes | Modified Date = 2/19/2008 3:36:03 PM | Attr =	]
Holic.lnk -> %AllUsersProfile%\Desktop\Holic.lnk ->  [Ver =  | Size = 441 bytes | Modified Date = 3/6/2008 12:02:41 AM | Attr =	]
SCIONS OF FATE.url -> %AllUsersProfile%\Desktop\SCIONS OF FATE.url ->  [Ver =  | Size = 159 bytes | Modified Date = 3/2/2008 7:54:57 PM | Attr =	]
BitWise.lnk -> %UserProfile%\Desktop\BitWise.lnk ->  [Ver =  | Size = 616 bytes | Modified Date = 2/17/2008 12:03:53 PM | Attr =	]
Emoticon Packs for Messenger -> %UserProfile%\Desktop\Emoticon Packs for Messenger ->  [Folder | Modified Date = 2/20/2008 7:38:29 PM | Attr =	]
Holic_USA.exe -> %UserProfile%\Desktop\Holic_USA.exe ->  [Ver =  | Size = 999673726 bytes | Modified Date = 3/5/2008 11:43:57 PM | Attr =	]
Miranda IM.lnk -> %UserProfile%\Desktop\Miranda IM.lnk ->  [Ver =  | Size = 701 bytes | Modified Date = 2/17/2008 12:58:05 PM | Attr =	]
Misc Desk -> %UserProfile%\Desktop\Misc Desk ->  [Folder | Modified Date = 3/9/2008 9:41:00 PM | Attr =	]
Opera.lnk -> %UserProfile%\Desktop\Opera.lnk ->  [Ver =  | Size = 592 bytes | Modified Date = 2/25/2008 12:05:05 AM | Attr =	]
Skin Windows Vista Black 8.5.1238.601.lnk -> %UserProfile%\Desktop\Skin Windows Vista Black 8.5.1238.601.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2/20/2008 2:35:04 AM | Attr =	]
Start LunaRO.lnk -> %UserProfile%\Desktop\Start LunaRO.lnk ->  [Ver =  | Size = 759 bytes | Modified Date = 3/6/2008 11:37:47 PM | Attr =	]
Thursday_WoE_6b.wmv -> %UserProfile%\Desktop\Thursday_WoE_6b.wmv ->  [Ver =  | Size = 231648371 bytes | Modified Date = 2/17/2008 8:36:21 AM | Attr =	]
Thursday_WoE_7.wmv -> %UserProfile%\Desktop\Thursday_WoE_7.wmv ->  [Ver =  | Size = 95774739 bytes | Modified Date = 2/21/2008 2:53:11 PM | Attr =	]
Thursday_WoE_8.wmv -> %UserProfile%\Desktop\Thursday_WoE_8.wmv ->  [Ver =  | Size = 140127795 bytes | Modified Date = 3/1/2008 3:04:05 PM | Attr =	]
WoE_24th.wmv -> %UserProfile%\Desktop\WoE_24th.wmv ->  [Ver =  | Size = 399824905 bytes | Modified Date = 2/27/2008 1:04:04 AM | Attr =	]
AOL -> %CommonProgramFiles%\AOL ->  [Folder | Modified Date = 3/2/2008 5:13:17 PM | Attr =	]
ARS Company -> %CommonProgramFiles%\ARS Company ->  [Folder | Modified Date = 3/8/2008 9:30:38 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2/21/2008 7:10:52 PM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 3/9/2008 12:29:31 AM | Attr =	]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller ->  [Folder | Modified Date = 2/15/2008 6:39:31 PM | Attr =  HS]

< End of report >


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 PM

Posted 09 March 2008 - 10:31 PM

Hi Shoelace. There were some questionable file showing in the HijackThis log I wanted to look at but they are no longer showing in this log. Other than that there are no signs of malware in this log either. There is a little housekeeping that should be done so let's do that while you are here.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> DeadAIM -> 
YN -> IntelliType -> %ProgramFiles%\Microsoft Hardware\Keyboard\type32.exe
YN -> Lexmark X73 Button Manager -> D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
YN -> Lexmark X73 Button Monitor -> D:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
YN -> NvCplDaemon -> %SystemRoot%\System32\NvCpl.DLL
YN -> nwiz -> 
YN -> POINTER -> %ProgramFiles%\Microsoft Hardware\Mouse\point32.exe
YN -> PrinTray -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\printray.exe
YN -> Screen shot Utility -> D:\Program Files\ScreenShot Utility\ScreenshotUtility.exe
YN -> SoundMan -> 
YN -> WinPatrol -> %SystemDrive%\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
YN -> Zone Alarm Pro -> D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> WRNotifier -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIMb\aim.exe -> C:\Program Files\AIMb\aim.exe [C:\Program Files\AIMb\aim.exe:*:Enabled:AOL Instant Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe -> C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe [C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe:*:Enabled:Inspector Parker Game Executable]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIMb\aim.exe -> C:\Program Files\AIMb\aim.exe [C:\Program Files\AIMb\aim.exe:*:Enabled:AOL Instant Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\Orb.exe -> C:\Program Files\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbTray.exe -> C:\Program Files\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe -> C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\pmropn.exe -> c:\WINDOWS\SYSTEM32\pmropn.exe [c:\windows\system32\pmropn.exe:*:Enabled:pmropn.exe]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

Other than that, I can only suggest posting to the Windows XP Home and Professional forum.

The techs in that forum specialize in matters pertaining to the operating system, performance and applications. Let them know that you have been to this forum and that no malware was found.

When posting to any other forum, do not post a HijackThis log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis is used for and that is what we specialize in here in this forum.

Also, when posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Shoelace

Shoelace
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 10 March 2008 - 04:44 PM

Thanks for the help. Here's the update:

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeadAIM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IntelliType deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lexmark X73 Button Manager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lexmark X73 Button Monitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\POINTER deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PrinTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Screen shot Utility deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SoundMan deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinPatrol deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Zone Alarm Pro deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIMb\aim.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIMb\aim.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\Orb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\pmropn.exe deleted successfully.
c:\WINDOWS\SYSTEM32\pmropn.exe moved successfully.
< End of fix log >
WinPFind35U Version 1.0.4.1 fix logfile created on 03102008_174237


#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 PM

Posted 10 March 2008 - 04:59 PM

Hi Shoelace. That all looks good. Any other problems? If not, then let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start WinPFind35
    Click the CleanUp button
  • WinPFind35 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • WinPFind35 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Shoelace

Shoelace
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 12 March 2008 - 03:49 PM

Everything's good. Thank you for the help.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 PM

Posted 12 March 2008 - 07:14 PM

You are very welcome Shoelace, I'm glad that we could help.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users