Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo (virtumonde) Trojan - Hijackthis Log


  • This topic is locked This topic is locked
10 replies to this topic

#1 TriciaD

TriciaD

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 04 March 2008 - 01:29 AM

[b]Below is my HijackThis log. I have the Vundo (VirtuMonde) Trojan.

I also ran Comboxfix and posted the log at this link:
My Combofix Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:07 AM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\AOL\1203396880\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/lo...webmail.aol.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.screenname.aol.com/_cqr/login/login.psp?siteId=atlasaol&authLev=2&mcState=initialized&triedAimAuth=y"); (C:\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&seamless=novl&sitedomain=beta.webmail.aol.com&lang=en&locale=us&authLev=2&siteState=ld%3awebmail.aol.com"); (C:\Documents and Settings\TRICIA D\Application Data\Mozilla\Profiles\default\m9d1cgfn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TRICIA D\Application Data\Mozilla\Profiles\default\m9d1cgfn.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: ProxyReset Class - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - C:\WINDOWS\System32\AHIEHelp.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203396880\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Explorer.lnk = C:\WINDOWS\EXPLORER.EXE
O4 - Startup: Netscape 9.lnk = C:\Program Files\Netscape\Navigator 9\navigator.exe
O4 - Startup: Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: @Home - {C9E11044-E57A-435F-B054-60A60A0D9A61} - (value not set) (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203125384000
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...185/mcfscan.cab
O20 - Winlogon Notify: ivn4reg - C:\Documents and Settings\All Users\Documents\Settings\ivn4.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9502 bytes

Thanks !

BC AdBot (Login to Remove)

 


#2 TriciaD

TriciaD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 04 March 2008 - 09:38 AM

I needed to uninstall SpyBot - Search and Destroy since it did not appear to be compatible with my McAfee virus program and my computer freezed during start up. Everything started fine after I uninstalled SpyBot. Below is an updated HijackThis log file since I have removed a program since posting the last log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:05 AM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\AOL\1203396880\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Process Explorer\procexp.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Nortel Networks\Extranet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/lo...webmail.aol.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.screenname.aol.com/_cqr/login/login.psp?siteId=atlasaol&authLev=2&mcState=initialized&triedAimAuth=y"); (C:\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&seamless=novl&sitedomain=beta.webmail.aol.com&lang=en&locale=us&authLev=2&siteState=ld%3awebmail.aol.com"); (C:\Documents and Settings\TRICIA D\Application Data\Mozilla\Profiles\default\m9d1cgfn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TRICIA D\Application Data\Mozilla\Profiles\default\m9d1cgfn.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: ProxyReset Class - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - C:\WINDOWS\System32\AHIEHelp.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203396880\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Explorer.lnk = C:\WINDOWS\EXPLORER.EXE
O4 - Startup: Netscape 9.lnk = C:\Program Files\Netscape\Navigator 9\navigator.exe
O4 - Startup: Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: @Home - {C9E11044-E57A-435F-B054-60A60A0D9A61} - (value not set) (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203125384000
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...185/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A82D436-FADE-4B86-A653-75C34380635E}: NameServer = 166.29.2.72,166.17.13.36
O20 - Winlogon Notify: ivn4reg - C:\Documents and Settings\All Users\Documents\Settings\ivn4.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9253 bytes

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:46 PM

Posted 13 March 2008 - 11:36 AM

Hello TriciaD and welcome to the BC HijackThis forum. I don't see anything in the HJT log. It appears to be clean.

Let's get a little broader picture and see if anything shows up in that. If that doesn't find anything then you should be all set.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 TriciaD

TriciaD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 14 March 2008 - 12:14 AM

Thanks ! Here is my OTScanIt results

OTScanIt logfile created on: 3/14/2008 1:06:28 AM
OTScanIt by OldTimer - Version 1.0.5.1	 Folder = C:\Program Files\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.00 Mb Total Physical Memory | 647.89 Mb Available Physical Memory | 63.33% Memory free
2.40 Gb Paging File | 2.11 Gb Available in Paging File | 87.71% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 20.85 Gb Free Space | 18.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CC901882-A
Current User Name: Tricia D
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 2:27:08 PM | Attr =	]
dsentry.exe -> %SystemRoot%\SYSTEM32\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 12:27:40 PM | Attr =	]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1203396880\ee\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 1:16:08 PM | Attr =	]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 102400 bytes | Modified Date = 9/14/2006 8:56:06 AM | Attr =	]
aolacsd.exe -> %CommonProgramFiles%\AOL\acs\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2			   | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:35 AM | Attr = R  ]
ctsvccda.exe -> %SystemRoot%\SYSTEM32\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 3:01:00 AM | Attr =	]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 1:09:12 PM | Attr =	]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 5:22:12 PM | Attr =	]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 5:36:10 AM | Attr =	]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 7:03:36 PM | Attr =	]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 5:21:40 PM | Attr =	]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 4/12/2007 10:33:42 AM | Attr =	]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 4:42:42 PM | Attr =	]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 6/25/2007 11:56:42 AM | Attr =	]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 9:55:24 AM | Attr =	]
mps.exe -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 4/18/2007 3:08:06 PM | Attr =	]
nvsvc32.exe -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4354 | Size = 69632 bytes | Modified Date = 4/24/2003 6:58:00 PM | Attr =	]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 11:27:44 AM | Attr =	]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 5:21:16 PM | Attr =	]
mpsevh.exe -> %ProgramFiles%\McAfee\MPS\mpsevh.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 304680 bytes | Modified Date = 4/18/2007 3:08:10 PM | Attr =	]
aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr =	]
mcupdmgr.exe -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 1/5/2007 5:22:18 PM | Attr =	]
mcupdui.exe -> %ProgramFiles%\McAfee\MSC\mcupdui.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 343640 bytes | Modified Date = 1/5/2007 5:22:02 PM | Attr =	]
otscanit.exe -> %ProgramFiles%\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.5.1 | Size = 310272 bytes | Modified Date = 3/13/2008 10:41:12 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 2:27:08 PM | Attr =	]
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 102400 bytes | Modified Date = 9/14/2006 8:56:06 AM | Attr =	]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\acs\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2			   | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:35 AM | Attr = R  ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 3:01:00 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr =	]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,214,0 | Size = 341328 bytes | Modified Date = 10/5/2007 6:33:26 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 6/1/2007 4:51:22 PM | Attr =	]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 1:09:12 PM | Attr =	]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 1/5/2007 5:22:18 PM | Attr =	]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 5:22:12 PM | Attr =	]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 5:36:10 AM | Attr =	]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 7:03:36 PM | Attr =	]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 5:21:40 PM | Attr =	]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 4/12/2007 10:33:42 AM | Attr =	]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 4:42:42 PM | Attr =	]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] ->  -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 5:01:58 PM | Attr =	]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 9:55:24 AM | Attr =	]
(MPS9) McAfee Privacy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 4/18/2007 3:08:06 PM | Attr =	]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 3:33:40 PM | Attr =	]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4354 | Size = 69632 bytes | Modified Date = 4/24/2003 6:58:00 PM | Attr =	]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 11:27:44 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(ADSEXPB) ADS DVD Xpress B [Kernel | Auto | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\adsexpb.sys -> Cirrus Logic Inc. [Ver = 1.8 | Size = 32084 bytes | Modified Date = 10/8/2003 7:34:24 PM | Attr = R  ]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 4:15:00 PM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 7/16/2003 4:24:09 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 2:07:42 AM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 7/16/2003 4:24:22 PM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 7/16/2003 4:24:23 PM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr =	]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\TRICIA~1\LOCALS~1\Temp\catchme.sys -> File not found
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdr4_xp.sys -> Roxio [Ver = 5.3.2.34 | Size = 61424 bytes | Modified Date = 12/4/2003 3:06:58 AM | Attr =	]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdralw2k.sys -> Roxio [Ver = 5.3.2.34 | Size = 23420 bytes | Modified Date = 12/4/2003 3:06:58 AM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 7/16/2003 4:25:32 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 7/16/2003 4:26:33 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 2:07:17 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 2:07:16 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 7/16/2003 4:27:04 PM | Attr =	]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.65a | Size = 84576 bytes | Modified Date = 7/31/2003 5:21:00 AM | Attr =	]
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\drvnddm.sys -> Sonic Solutions [Ver = 2.56.38a | Size = 40448 bytes | Modified Date = 6/20/2003 4:56:00 AM | Attr =	]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 7.0.26.0 built by: WinDDK | Size = 145408 bytes | Modified Date = 3/4/2003 1:56:26 PM | Attr =	]
(Eacfilt) Eacfilt Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\eacfilt.sys -> Nortel Networks [Ver = 05,01,0,110 | Size = 11113 bytes | Modified Date = 4/4/2005 8:21:00 PM | Attr =	]
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] ->  -> File not found
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr =	]
(i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 161020 bytes | Modified Date = 8/4/2004 1:29:36 AM | Attr =	]
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12415 bytes | Modified Date = 8/4/2004 1:29:37 AM | Attr =	]
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12127 bytes | Modified Date = 8/4/2004 1:29:37 AM | Attr =	]
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11775 bytes | Modified Date = 8/4/2004 1:29:37 AM | Attr =	]
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12063 bytes | Modified Date = 8/4/2004 1:29:47 AM | Attr =	]
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19455 bytes | Modified Date = 8/4/2004 1:29:49 AM | Attr =	]
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 29311 bytes | Modified Date = 8/4/2004 1:29:41 AM | Attr =	]
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19551 bytes | Modified Date = 8/4/2004 1:29:42 AM | Attr =	]
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] ->  -> File not found
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 33599 bytes | Modified Date = 8/4/2004 1:29:43 AM | Attr =	]
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 23615 bytes | Modified Date = 8/4/2004 1:29:45 AM | Attr =	]
(IPSECEXT) Nortel Extranet Access Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ipsecw2k.sys -> Nortel Networks NA, Inc. [Ver = 05,01,0,110 | Size = 149952 bytes | Modified Date = 4/4/2005 8:20:36 PM | Attr =	]
(IPSECSHM) Nortel IPSECSHM Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ipsecw2k.sys -> Nortel Networks NA, Inc. [Ver = 05,01,0,110 | Size = 149952 bytes | Modified Date = 4/4/2005 8:20:36 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.108.x86 | Size = 71496 bytes | Modified Date = 6/25/2007 3:54:44 PM | Attr =	]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 34184 bytes | Modified Date = 6/25/2007 11:57:10 AM | Attr =	]
(mfehidk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.142.x86 | Size = 171400 bytes | Modified Date = 2/6/2008 10:51:44 AM | Attr =	]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 32008 bytes | Modified Date = 6/25/2007 11:57:24 AM | Attr =	]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.136.x86 | Size = 37480 bytes | Modified Date = 6/25/2007 11:57:28 AM | Attr =	]
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\Mpfp.sys -> McAfee, Inc. [Ver = 8.3.111.0 | Size = 109608 bytes | Modified Date = 3/2/2007 3:16:52 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 7/16/2003 4:34:22 PM | Attr =	]
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.116 | Size = 28256 bytes | Modified Date = 4/23/2006 10:18:18 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.01.4354 | Size = 1271706 bytes | Modified Date = 4/24/2003 6:58:00 PM | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 3:45:06 PM | Attr =	]
(P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\P16X.sys -> Creative Technology Ltd. [Ver = 5.12.01.129 | Size = 1296384 bytes | Modified Date = 8/14/2003 12:58:12 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\PFMODNT.SYS -> Creative Technology Ltd. [Ver = 2.0.0.0 | Size = 6752 bytes | Modified Date = 12/17/1999 3:00:00 AM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 7/16/2003 4:42:18 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 2/27/2007 1:36:35 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 7/16/2003 4:42:24 PM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 7/16/2003 4:42:25 PM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 7/16/2003 4:42:26 PM | Attr =	]
(RapFile) RapFile [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\RapFile.sys -> Internet Security Systems, Inc. [Ver = 3.6.25.0 | Size = 36644 bytes | Modified Date = 2/25/2003 6:26:28 PM | Attr =	]
(RapNet) RapNet [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\RapNet.sys -> Internet Security Systems, Inc. [Ver = 3.6.25.0 | Size = 24344 bytes | Modified Date = 2/25/2003 6:26:44 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 2:07:42 AM | Attr =	]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3650 | Size = 578176 bytes | Modified Date = 6/18/2003 4:52:18 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 7/16/2003 4:46:15 PM | Attr =	]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 5621 bytes | Modified Date = 7/14/2003 1:28:40 PM | Attr =	]
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ssrtln.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 23219 bytes | Modified Date = 7/14/2003 1:28:22 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 7/16/2003 4:47:09 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 7/16/2003 4:47:09 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 7/16/2003 4:47:09 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 7/16/2003 4:47:10 PM | Attr =	]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 25685 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr =	]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 34837 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr =	]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 4117 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr =	]
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 2233 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr =	]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 83284 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr =	]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 14229 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr =	]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 6357 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr =	]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 98068 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr =	]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 100373 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 10/12/2007 1:31:08 AM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 7/16/2003 4:48:45 PM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 5:13:04 PM | Attr = R  ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr =	]
DVDSentry -> %SystemRoot%\SYSTEM32\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 12:27:40 PM | Attr =	]
HostManager -> %CommonProgramFiles%\AOL\1203396880\ee\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 1:16:08 PM | Attr =	]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 3:00:00 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Tricia D Startup Folder > -> C:\Documents and Settings\Tricia D\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Netscape 9.lnk -> %ProgramFiles%\Netscape\Navigator 9\navigator.exe -> Netscape [Ver = Personal | Size = 8249344 bytes | Modified Date = 12/6/2007 12:21:19 PM | Attr =	]
%UserProfile%\Start Menu\Programs\Startup\Process Explorer.lnk -> %ProgramFiles%\Process Explorer\procexp.exe -> Sysinternals [Ver = 11.04 | Size = 3564584 bytes | Modified Date = 11/5/2007 8:54:22 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
ivn4reg -> %AllUsersProfile%\Documents\Settings\ivn4.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> https://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&seamless=novl&sitedomain=beta.webmail.aol.com&lang=en&locale=us&authLev=2&siteState=ld%3awebmail.aol.com -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 859 domain(s) found. -> 
  .[msn] -> My Computer -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 1/5/2006 1:30:40 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.05b | Size = 106548 bytes | Modified Date = 8/6/2003 3:04:00 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.126.x86 | Size = 58688 bytes | Modified Date = 1/9/2008 10:09:38 AM | Attr =	]
{FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\ahiehelp.dll [ProxyReset Class] -> @Home Network, Inc. [Ver = 1.0.0.1 | Size = 28672 bytes | Modified Date = 12/4/2000 1:01:04 PM | Attr =	]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 1/5/2006 1:30:40 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 1/5/2006 1:30:40 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
{C9E11044-E57A-435F-B054-60A60A0D9A61}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{C9E11044-E57A-435F-B054-60A60A0D9A61}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{C9E11044-E57A-435F-B054-60A60A0D9A61}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{C9E11044-E57A-435F-B054-60A60A0D9A61}\\Exec [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{C9E11044-E57A-435F-B054-60A60A0D9A61}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{C9E11044-E57A-435F-B054-60A60A0D9A61}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
AtHome021SI -> IEAKExcite@Home -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1A82D436-FADE-4B86-A653-75C34380635E} ->	() -> 
{71C9023D-47AE-49B4-8786-1EEB112A945F} ->	(Intel(R) PRO/100 VE Network Connection) -> 
{DB6BA6BC-0083-480C-9548-F71079371E48} ->	(1394 Net Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203125384000[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> 
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5185/mcfscan.cab[McFreeScan Class] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr =	]
schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1356 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 16312 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nortel Networks\Extranet.exe -> C:\Program Files\Nortel Networks\Extranet.exe [C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client] -> Nortel Networks NA, Inc. [Ver = 05,01,0,110 | Size = 790528 bytes | Modified Date = 4/4/2005 8:09:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 81920 bytes | Modified Date = 3/9/2005 3:49:38 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.2.0.35 | Size = 14778432 bytes | Modified Date = 6/1/2007 4:51:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
DSC00805.JPG -> %SystemDrive%\DSC00805.JPG ->  [Ver =  | Size = 4015507 bytes | Created Date = 2/17/2008 7:17:30 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1072762880 bytes | Created Date = 3/4/2008 10:21:48 AM | Attr =  HS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 3/2/2008 12:18:30 PM | Attr =	]
wanatw4.sys -> %SystemRoot%\System32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Created Date = 2/19/2008 12:55:56 AM | Attr = R  ]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 3/2/2008 12:18:23 PM | Attr =	]
grep.exe -> %SystemRoot%\System32\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 3/2/2008 12:18:23 PM | Attr =	]
sed.exe -> %SystemRoot%\System32\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 3/2/2008 12:18:23 PM | Attr =	]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/2/2008 12:18:23 PM | Attr =	]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 3/2/2008 12:18:23 PM | Attr =	]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 3/2/2008 12:18:23 PM | Attr =	]
VFind.exe -> %SystemRoot%\System32\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 3/2/2008 12:18:23 PM | Attr =	]
zip.exe -> %SystemRoot%\System32\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 3/2/2008 12:18:23 PM | Attr =	]
aolshare -> %SystemRoot%\aolshare ->  [Folder | Created Date = 2/24/2008 2:32:07 PM | Attr =	]
13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 3/2/2008 12:20:54 PM | Attr =	]
msoffice.ini -> %SystemRoot%\msoffice.ini ->  [Ver =  | Size = 4 bytes | Created Date = 2/19/2008 12:21:39 AM | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/2/2008 12:18:23 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
AOL Downloads -> %AllUsersProfile%\Application Data\AOL Downloads ->  [Folder | Created Date = 2/17/2008 10:02:53 PM | Attr =	]
AOL OCP -> %AllUsersProfile%\Application Data\AOL OCP ->  [Folder | Created Date = 2/17/2008 10:07:17 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 3/3/2008 1:11:25 AM | Attr =	]
Macromedia -> %AllUsersProfile%\Application Data\Macromedia ->  [Folder | Created Date = 2/18/2008 12:28:51 AM | Attr =	]
acccore -> %AppData%\acccore ->  [Folder | Created Date = 2/18/2008 12:55:45 AM | Attr =	]
Snapfish -> %AppData%\Snapfish ->  [Folder | Created Date = 3/9/2008 11:24:41 PM | Attr =	]
AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Created Date = 2/17/2008 10:06:48 PM | Attr =	]
2007_Federal_Return.pdf -> %UserProfile%\My Documents\2007_Federal_Return.pdf ->  [Ver =  | Size = 45612 bytes | Created Date = 3/10/2008 6:19:00 PM | Attr =	]
AI2008.doc -> %UserProfile%\My Documents\AI2008.doc ->  [Ver =  | Size = 28160 bytes | Created Date = 2/15/2008 7:21:42 PM | Attr =	]
AI2008Girls.jpg -> %UserProfile%\My Documents\AI2008Girls.jpg ->  [Ver =  | Size = 39855 bytes | Created Date = 2/15/2008 6:32:38 PM | Attr =	]
AI2008Guys.jpg -> %UserProfile%\My Documents\AI2008Guys.jpg ->  [Ver =  | Size = 40277 bytes | Created Date = 2/15/2008 6:32:38 PM | Attr =	]
AOL Saved PFC -> %UserProfile%\My Documents\AOL Saved PFC ->  [Folder | Created Date = 2/19/2008 12:21:39 AM | Attr =	]
AOLError.jpg -> %UserProfile%\My Documents\AOLError.jpg ->  [Ver =  | Size = 73584 bytes | Created Date = 3/3/2008 9:23:08 PM | Attr =	]
AOLStuff -> %UserProfile%\My Documents\AOLStuff ->  [Folder | Created Date = 2/23/2008 2:55:35 AM | Attr =	]
BleepingComputerInstructions.pdf -> %UserProfile%\My Documents\BleepingComputerInstructions.pdf ->  [Ver =  | Size = 281275 bytes | Created Date = 3/2/2008 3:35:10 PM | Attr =	]
Calendar2008.doc -> %UserProfile%\My Documents\Calendar2008.doc ->  [Ver =  | Size = 178176 bytes | Created Date = 3/11/2008 7:40:00 PM | Attr =	]
CarMaintCougar.doc -> %UserProfile%\My Documents\CarMaintCougar.doc ->  [Ver =  | Size = 68096 bytes | Created Date = 3/7/2008 3:59:34 PM | Attr =	]
Clinique.doc -> %UserProfile%\My Documents\Clinique.doc ->  [Ver =  | Size = 83456 bytes | Created Date = 2/25/2008 8:55:00 PM | Attr =	]
ComputerProblems20071208.doc -> %UserProfile%\My Documents\ComputerProblems20071208.doc ->  [Ver =  | Size = 209408 bytes | Created Date = 3/3/2008 12:11:52 PM | Attr =	]
Dell Laptop 2008.doc -> %UserProfile%\My Documents\Dell Laptop 2008.doc ->  [Ver =  | Size = 44032 bytes | Created Date = 2/13/2008 1:46:36 PM | Attr =	]
Dell.doc -> %UserProfile%\My Documents\Dell.doc ->  [Ver =  | Size = 179712 bytes | Created Date = 2/13/2008 1:45:02 PM | Attr =	]
DellLaptopInspiron1525Receipt.pdf -> %UserProfile%\My Documents\DellLaptopInspiron1525Receipt.pdf ->  [Ver =  | Size = 43003 bytes | Created Date = 2/13/2008 1:22:20 PM | Attr =	]
DeltaDental.doc -> %UserProfile%\My Documents\DeltaDental.doc ->  [Ver =  | Size = 88064 bytes | Created Date = 2/15/2008 4:55:24 PM | Attr =	]
DirectionstoAllentown.doc -> %UserProfile%\My Documents\DirectionstoAllentown.doc ->  [Ver =  | Size = 582144 bytes | Created Date = 2/22/2008 3:27:02 PM | Attr =	]
DirectionstoChristinesBabyShower.doc -> %UserProfile%\My Documents\DirectionstoChristinesBabyShower.doc ->  [Ver =  | Size = 353792 bytes | Created Date = 2/14/2008 4:43:50 PM | Attr =	]
DirectionstoHamptonInn.doc -> %UserProfile%\My Documents\DirectionstoHamptonInn.doc ->  [Ver =  | Size = 26112 bytes | Created Date = 3/1/2008 3:40:41 PM | Attr =	]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Created Date = 3/3/2008 1:03:36 AM | Attr =	]
FootSpas.doc -> %UserProfile%\My Documents\FootSpas.doc ->  [Ver =  | Size = 34816 bytes | Created Date = 3/10/2008 4:06:54 PM | Attr =	]
Lasik.doc -> %UserProfile%\My Documents\Lasik.doc ->  [Ver =  | Size = 62976 bytes | Created Date = 3/10/2008 3:02:48 PM | Attr =	]
LasikMyopia.pdf -> %UserProfile%\My Documents\LasikMyopia.pdf ->  [Ver =  | Size = 281815 bytes | Created Date = 3/10/2008 1:48:32 PM | Attr =	]
MapChristinesBabyShower4.jpg -> %UserProfile%\My Documents\MapChristinesBabyShower4.jpg ->  [Ver =  | Size = 89674 bytes | Created Date = 2/14/2008 4:23:34 PM | Attr =	]
MapChristinesBabyShower5.jpg -> %UserProfile%\My Documents\MapChristinesBabyShower5.jpg ->  [Ver =  | Size = 80248 bytes | Created Date = 2/14/2008 4:22:16 PM | Attr =	]
MapChristinesBabyShower6.jpg -> %UserProfile%\My Documents\MapChristinesBabyShower6.jpg ->  [Ver =  | Size = 85280 bytes | Created Date = 2/14/2008 4:28:46 PM | Attr =	]
MapChristinesBabyShower7.jpg -> %UserProfile%\My Documents\MapChristinesBabyShower7.jpg ->  [Ver =  | Size = 73469 bytes | Created Date = 2/14/2008 4:30:56 PM | Attr =	]
MapMcGuireAFB1.jpg -> %UserProfile%\My Documents\MapMcGuireAFB1.jpg ->  [Ver =  | Size = 84710 bytes | Created Date = 2/14/2008 3:05:36 PM | Attr =	]
MapMcGuireAFB2.jpg -> %UserProfile%\My Documents\MapMcGuireAFB2.jpg ->  [Ver =  | Size = 130632 bytes | Created Date = 2/14/2008 3:05:22 PM | Attr =	]
MapMcGuireAFB3.jpg -> %UserProfile%\My Documents\MapMcGuireAFB3.jpg ->  [Ver =  | Size = 106961 bytes | Created Date = 2/14/2008 3:12:26 PM | Attr =	]
MapMcGuireAFB4.jpg -> %UserProfile%\My Documents\MapMcGuireAFB4.jpg ->  [Ver =  | Size = 72925 bytes | Created Date = 2/14/2008 3:43:50 PM | Attr =	]
McGuireAFB.jpg -> %UserProfile%\My Documents\McGuireAFB.jpg ->  [Ver =  | Size = 85858 bytes | Created Date = 2/14/2008 3:01:56 PM | Attr =	]
MercerKelseyTheaterTicketMillie.pdf -> %UserProfile%\My Documents\MercerKelseyTheaterTicketMillie.pdf ->  [Ver =  | Size = 286277 bytes | Created Date = 2/17/2008 2:16:24 PM | Attr =	]
MercerKelseyTheaterTicketSingingintheRain.pdf -> %UserProfile%\My Documents\MercerKelseyTheaterTicketSingingintheRain.pdf ->  [Ver =  | Size = 396296 bytes | Created Date = 3/9/2008 12:41:16 PM | Attr =	]
MicrowaveSharp308J.pdf -> %UserProfile%\My Documents\MicrowaveSharp308J.pdf ->  [Ver =  | Size = 726461 bytes | Created Date = 3/2/2008 7:19:15 PM | Attr =	]
Oscars2008.doc -> %UserProfile%\My Documents\Oscars2008.doc ->  [Ver =  | Size = 44544 bytes | Created Date = 2/22/2008 5:41:48 PM | Attr =	]
SalsaHamptonInn20080216.jpg -> %UserProfile%\My Documents\SalsaHamptonInn20080216.jpg ->  [Ver =  | Size = 275449 bytes | Created Date = 3/1/2008 3:43:16 PM | Attr =	]
SalsaHamptonInn20080223.jpg -> %UserProfile%\My Documents\SalsaHamptonInn20080223.jpg ->  [Ver =  | Size = 216808 bytes | Created Date = 3/1/2008 3:43:55 PM | Attr =	]
stuff 2.doc -> %UserProfile%\My Documents\stuff 2.doc ->  [Ver =  | Size = 34304 bytes | Created Date = 3/6/2008 8:06:00 PM | Attr =	]
Stuff.zip -> %UserProfile%\My Documents\Stuff.zip ->  [Ver =  | Size = 798620 bytes | Created Date = 3/12/2008 7:49:00 PM | Attr =	]
stuffwork.doc -> %UserProfile%\My Documents\stuffwork.doc ->  [Ver =  | Size = 1380864 bytes | Created Date = 3/12/2008 4:28:42 PM | Attr =	]
TriciasThingstodo.doc -> %UserProfile%\My Documents\TriciasThingstodo.doc ->  [Ver =  | Size = 177152 bytes | Created Date = 3/12/2008 6:31:34 PM | Attr =	]
Vacation2008CruiseJE.doc -> %UserProfile%\My Documents\Vacation2008CruiseJE.doc ->  [Ver =  | Size = 299008 bytes | Created Date = 2/13/2008 4:10:38 PM | Attr =	]
Vacation2008CruiseJohnEddie.zip -> %UserProfile%\My Documents\Vacation2008CruiseJohnEddie.zip ->  [Ver =  | Size = 3055336 bytes | Created Date = 2/13/2008 10:54:00 AM | Attr =	]
VacationDatesAll.xls -> %UserProfile%\My Documents\VacationDatesAll.xls ->  [Ver =  | Size = 55808 bytes | Created Date = 3/7/2008 5:40:02 PM | Attr =	]
Wendypacketmagazine.pdf -> %UserProfile%\My Documents\Wendypacketmagazine.pdf ->  [Ver =  | Size = 949183 bytes | Created Date = 2/26/2008 8:04:00 PM | Attr =	]
WirelessCost.doc -> %UserProfile%\My Documents\WirelessCost.doc ->  [Ver =  | Size = 56320 bytes | Created Date = 2/28/2008 7:49:00 PM | Attr =	]
Word2007.doc -> %UserProfile%\My Documents\Word2007.doc ->  [Ver =  | Size = 25088 bytes | Created Date = 3/3/2008 7:15:30 PM | Attr =	]
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Created Date = 2/17/2008 2:23:15 PM | Attr =	]
AOL 9.1.lnk -> %AllUsersProfile%\Desktop\AOL 9.1.lnk ->  [Ver =  | Size = 612 bytes | Created Date = 2/19/2008 12:57:40 AM | Attr =	]
aolshare -> %CommonProgramFiles%\aolshare ->  [Folder | Created Date = 2/19/2008 12:54:28 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 3/3/2008 1:10:14 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
DSC00805.JPG -> %SystemDrive%\DSC00805.JPG ->  [Ver =  | Size = 4015507 bytes | Modified Date = 2/17/2008 7:17:31 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1072762880 bytes | Modified Date = 3/13/2008 11:05:07 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/14/2008 1:03:42 AM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 3/2/2008 12:40:11 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/7/2008 9:32:11 PM | Attr =	]
ETC -> %SystemRoot%\System32\drivers\ETC ->  [Folder | Modified Date = 3/4/2008 10:20:22 AM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\ETC\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 3/4/2008 10:20:22 AM | Attr = R  ]
hosts.20080304-092022.backup -> %SystemRoot%\System32\drivers\ETC\hosts.20080304-092022.backup ->  [Ver =  | Size = 27 bytes | Modified Date = 3/2/2008 12:33:33 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/18/2008 12:44:13 AM | Attr =	]
23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/8/2008 8:35:57 PM | Attr =	]
CONFIG -> %SystemRoot%\System32\CONFIG ->  [Folder | Modified Date = 3/2/2008 12:31:43 PM | Attr =	]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 11146 bytes | Modified Date = 3/14/2008 12:58:47 AM | Attr =	]
DLLCACHE -> %SystemRoot%\System32\DLLCACHE ->  [Folder | Modified Date = 3/1/2008 4:55:17 PM | Attr = RHS]
DRIVERS -> %SystemRoot%\System32\DRIVERS ->  [Folder | Modified Date = 3/13/2008 11:05:19 AM | Attr =	]
FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 3/13/2008 10:20:24 AM | Attr =	]
PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT ->  [Ver =  | Size = 68790 bytes | Modified Date = 3/13/2008 11:09:40 AM | Attr =	]
PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT ->  [Ver =  | Size = 433712 bytes | Modified Date = 3/13/2008 11:09:40 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 512282 bytes | Modified Date = 3/13/2008 11:09:40 AM | Attr =	]
WPA.DBL -> %SystemRoot%\System32\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 3/13/2008 11:06:24 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 9:09:57 PM | Attr =  H ]
13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
aolshare -> %SystemRoot%\aolshare ->  [Folder | Modified Date = 2/24/2008 2:32:07 PM | Attr =	]
BMbbf53367.xml -> %SystemRoot%\BMbbf53367.xml ->  [Ver =  | Size = 13148 bytes | Modified Date = 2/27/2008 10:21:13 PM | Attr =	]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/13/2008 11:05:07 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/26/2008 8:14:59 PM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 3/2/2008 12:31:32 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 584 bytes | Modified Date = 2/13/2008 9:35:43 PM | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 3/3/2008 11:06:00 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/13/2008 3:53:20 PM | Attr =  HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP ->  [Ver =  | Size = 1072791552 bytes | Modified Date = 2/19/2008 2:28:28 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 13047 bytes | Modified Date = 3/9/2008 11:24:40 PM | Attr =	]
msoffice.ini -> %SystemRoot%\msoffice.ini ->  [Ver =  | Size = 4 bytes | Modified Date = 2/19/2008 12:23:08 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/14/2008 1:04:01 AM | Attr =	]
pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Modified Date = 2/28/2008 7:36:55 PM | Attr =	]
SECURITY -> %SystemRoot%\SECURITY ->  [Folder | Modified Date = 3/4/2008 10:21:10 AM | Attr =	]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel ->  [Folder | Modified Date = 2/17/2008 5:30:51 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 3/2/2008 12:34:13 PM | Attr =	]
SYSTEM32 -> %SystemRoot%\SYSTEM32 ->  [Folder | Modified Date = 3/13/2008 11:09:40 AM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/14/2008 1:00:23 AM | Attr =	]
WIN.INI -> %SystemRoot%\WIN.INI ->  [Ver =  | Size = 811 bytes | Modified Date = 3/14/2008 12:59:25 AM | Attr =	]
winzip32.ini -> %SystemRoot%\winzip32.ini ->  [Ver =  | Size = 2899 bytes | Modified Date = 3/14/2008 12:59:25 AM | Attr =	]
wpd99.drv -> %SystemRoot%\wpd99.drv ->  [Ver =  | Size = 59 bytes | Modified Date = 3/9/2008 12:41:16 PM | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 346 bytes | Modified Date = 2/15/2008 2:37:23 AM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 338 bytes | Modified Date = 3/1/2008 2:00:05 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/13/2008 11:05:17 AM | Attr =  H ]
about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\about.dat ->  [Ver =  | Size = 1528 bytes | Modified Date = 6/18/2003 2:00:00 PM | Attr =	]
college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\college.dat ->  [Ver =  | Size = 327746 bytes | Modified Date = 6/18/2003 2:00:00 PM | Attr =	]
moreinfo.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\moreinfo.dat ->  [Ver =  | Size = 102 bytes | Modified Date = 6/18/2003 2:00:00 PM | Attr =	]
ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ylpgscat.dat ->  [Ver =  | Size = 12283223 bytes | Modified Date = 6/18/2003 2:00:00 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6708 bytes | Modified Date = 3/13/2008 11:06:29 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6708 bytes | Modified Date = 3/13/2008 11:06:29 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11098 bytes | Modified Date = 1/6/2004 1:18:50 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat ->  [Ver =  | Size = 11902 bytes | Modified Date = 4/1/2005 8:06:22 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Modified Date = 2/17/2008 2:22:54 PM | Attr =	]
AOL -> %AllUsersProfile%\Application Data\AOL ->  [Folder | Modified Date = 2/24/2008 2:31:51 PM | Attr =	]
AOL Downloads -> %AllUsersProfile%\Application Data\AOL Downloads ->  [Folder | Modified Date = 2/24/2008 2:07:33 PM | Attr =	]
AOL OCP -> %AllUsersProfile%\Application Data\AOL OCP ->  [Folder | Modified Date = 2/17/2008 10:07:17 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 3/3/2008 1:12:09 AM | Attr =	]
Macromedia -> %AllUsersProfile%\Application Data\Macromedia ->  [Folder | Modified Date = 2/18/2008 12:28:51 AM | Attr =	]
pdf995 -> %AllUsersProfile%\Application Data\pdf995 ->  [Folder | Modified Date = 3/9/2008 12:41:17 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 3/4/2008 10:20:48 AM | Attr =	]
acccore -> %AppData%\acccore ->  [Folder | Modified Date = 2/18/2008 12:55:46 AM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 2/17/2008 2:54:23 PM | Attr =	]
AOL -> %AppData%\AOL ->  [Folder | Modified Date = 2/19/2008 12:58:08 AM | Attr =	]
Snapfish -> %AppData%\Snapfish ->  [Folder | Modified Date = 3/9/2008 11:24:52 PM | Attr =	]
AOL -> %UserProfile%\Local Settings\Application Data\AOL ->  [Folder | Modified Date = 2/17/2008 10:06:49 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 13312 bytes | Modified Date = 3/13/2008 5:46:34 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 3/2/2008 8:55:34 PM | Attr =	]
AOL Downloads -> %AllUsersProfile%\Documents\AOL Downloads ->  [Folder | Modified Date = 2/19/2008 12:23:09 AM | Attr =	]
2007_Federal_Return.pdf -> %UserProfile%\My Documents\2007_Federal_Return.pdf ->  [Ver =  | Size = 45612 bytes | Modified Date = 3/10/2008 6:19:00 PM | Attr =	]
AI2008.doc -> %UserProfile%\My Documents\AI2008.doc ->  [Ver =  | Size = 28160 bytes | Modified Date = 2/15/2008 7:21:42 PM | Attr =	]
AI2008Girls.jpg -> %UserProfile%\My Documents\AI2008Girls.jpg ->  [Ver =  | Size = 39855 bytes | Modified Date = 2/15/2008 6:32:38 PM | Attr =	]
AI2008Guys.jpg -> %UserProfile%\My Documents\AI2008Guys.jpg ->  [Ver =  | Size = 40277 bytes | Modified Date = 2/15/2008 6:32:38 PM | Attr =	]
AlbumLists.doc -> %UserProfile%\My Documents\AlbumLists.doc ->  [Ver =  | Size = 103424 bytes | Modified Date = 3/7/2008 9:12:28 PM | Attr =	]
AOL Mail Backup -> %UserProfile%\My Documents\AOL Mail Backup ->  [Folder | Modified Date = 3/10/2008 11:39:17 PM | Attr =  H ]
AOL Saved PFC -> %UserProfile%\My Documents\AOL Saved PFC ->  [Folder | Modified Date = 2/19/2008 12:21:39 AM | Attr =	]
AOLError.jpg -> %UserProfile%\My Documents\AOLError.jpg ->  [Ver =  | Size = 73584 bytes | Modified Date = 3/3/2008 9:23:08 PM | Attr =	]
AOLStuff -> %UserProfile%\My Documents\AOLStuff ->  [Folder | Modified Date = 2/23/2008 2:57:15 AM | Attr =	]
Bills -> %UserProfile%\My Documents\Bills ->  [Folder | Modified Date = 3/12/2008 8:05:05 PM | Attr =	]
BleepingComputerInstructions.pdf -> %UserProfile%\My Documents\BleepingComputerInstructions.pdf ->  [Ver =  | Size = 281275 bytes | Modified Date = 3/2/2008 3:35:17 PM | Attr =	]
Calendar2008.doc -> %UserProfile%\My Documents\Calendar2008.doc ->  [Ver =  | Size = 178176 bytes | Modified Date = 3/13/2008 2:33:31 PM | Attr =	]
CarMaintCougar.doc -> %UserProfile%\My Documents\CarMaintCougar.doc ->  [Ver =  | Size = 68096 bytes | Modified Date = 3/7/2008 3:59:34 PM | Attr =	]
Clinique.doc -> %UserProfile%\My Documents\Clinique.doc ->  [Ver =  | Size = 83456 bytes | Modified Date = 2/25/2008 8:55:00 PM | Attr =	]
ComputerProblems20071208.doc -> %UserProfile%\My Documents\ComputerProblems20071208.doc ->  [Ver =  | Size = 209408 bytes | Modified Date = 3/14/2008 1:06:20 AM | Attr =	]
Dell Laptop 2008.doc -> %UserProfile%\My Documents\Dell Laptop 2008.doc ->  [Ver =  | Size = 44032 bytes | Modified Date = 2/13/2008 1:46:36 PM | Attr =	]
Dell.doc -> %UserProfile%\My Documents\Dell.doc ->  [Ver =  | Size = 179712 bytes | Modified Date = 2/13/2008 1:45:02 PM | Attr =	]
DellLaptopInspiron1525Receipt.pdf -> %UserProfile%\My Documents\DellLaptopInspiron1525Receipt.pdf ->  [Ver =  | Size = 43003 bytes | Modified Date = 2/13/2008 1:22:20 PM | Attr =	]
DeltaDental.doc -> %UserProfile%\My Documents\DeltaDental.doc ->  [Ver =  | Size = 88064 bytes | Modified Date = 2/15/2008 4:55:24 PM | Attr =	]
Directions -> %UserProfile%\My Documents\Directions ->  [Folder | Modified Date = 3/8/2008 7:50:12 PM | Attr =	]
DirectionstoAllentown.doc -> %UserProfile%\My Documents\DirectionstoAllentown.doc ->  [Ver =  | Size = 582144 bytes | Modified Date = 2/22/2008 3:27:02 PM | Attr =	]
DirectionstoChristinesBabyShower.doc -> %UserProfile%\My Documents\DirectionstoChristinesBabyShower.doc ->  [Ver =  | Size = 353792 bytes | Modified Date = 2/14/2008 4:43:50 PM | Attr =	]
DirectionstoHamptonInn.doc -> %UserProfile%\My Documents\DirectionstoHamptonInn.doc ->  [Ver =  | Size = 26112 bytes | Modified Date = 3/1/2008 3:55:29 PM | Attr =	]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Modified Date = 3/4/2008 2:12:49 AM | Attr =	]
EmailList.doc -> %UserProfile%\My Documents\EmailList.doc ->  [Ver =  | Size = 123904 bytes | Modified Date = 3/10/2008 10:12:11 PM | Attr =	]
FootSpas.doc -> %UserProfile%\My Documents\FootSpas.doc ->  [Ver =  | Size = 34816 bytes | Modified Date = 3/10/2008 4:06:54 PM | Attr =	]
Lasik.doc -> %UserProfile%\My Documents\Lasik.doc ->  [Ver =  | Size = 62976 bytes | Modified Date = 3/10/2008 3:02:48 PM | Attr =	]
LasikMyopia.pdf -> %UserProfile%\My Documents\LasikMyopia.pdf ->  [Ver =  | Size = 281815 bytes | Modified Date = 3/10/2008 1:48:32 PM | Attr =	]
Lyrics2007.doc -> %UserProfile%\My Documents\Lyrics2007.doc ->  [Ver =  | Size = 73728 bytes | Modified Date = 3/10/2008 8:25:45 PM | Attr =	]
MapChristinesBabyShower4.jpg -> %UserProfile%\My Documents\MapChristinesBabyShower4.jpg ->  [Ver =  | Size = 89674 bytes | Modified Date = 2/14/2008 4:23:34 PM | Attr =	]
MapChristinesBabyShower5.jpg -> %UserProfile%\My Documents\MapChristinesBabyShower5.jpg ->  [Ver =  | Size = 80248 bytes | Modified Date = 2/14/2008 4:22:16 PM | Attr =	]
MapChristinesBabyShower6.jpg -> %UserProfile%\My Documents\MapChristinesBabyShower6.jpg ->  [Ver =  | Size = 85280 bytes | Modified Date = 2/14/2008 4:28:46 PM | Attr =	]
MapChristinesBabyShower7.jpg -> %UserProfile%\My Documents\MapChristinesBabyShower7.jpg ->  [Ver =  | Size = 73469 bytes | Modified Date = 2/14/2008 4:30:56 PM | Attr =	]
MapMcGuireAFB1.jpg -> %UserProfile%\My Documents\MapMcGuireAFB1.jpg ->  [Ver =  | Size = 84710 bytes | Modified Date = 2/14/2008 3:05:36 PM | Attr =	]
MapMcGuireAFB2.jpg -> %UserProfile%\My Documents\MapMcGuireAFB2.jpg ->  [Ver =  | Size = 130632 bytes | Modified Date = 2/14/2008 3:05:22 PM | Attr =	]
MapMcGuireAFB3.jpg -> %UserProfile%\My Documents\MapMcGuireAFB3.jpg ->  [Ver =  | Size = 106961 bytes | Modified Date = 2/14/2008 3:12:26 PM | Attr =	]
MapMcGuireAFB4.jpg -> %UserProfile%\My Documents\MapMcGuireAFB4.jpg ->  [Ver =  | Size = 72925 bytes | Modified Date = 2/14/2008 3:43:50 PM | Attr =	]
McGuireAFB.jpg -> %UserProfile%\My Documents\McGuireAFB.jpg ->  [Ver =  | Size = 85858 bytes | Modified Date = 2/14/2008 3:01:56 PM | Attr =	]
MercerKelseyTheaterTicketMillie.pdf -> %UserProfile%\My Documents\MercerKelseyTheaterTicketMillie.pdf ->  [Ver =  | Size = 286277 bytes | Modified Date = 2/17/2008 2:16:35 PM | Attr =	]
MercerKelseyTheaterTicketSingingintheRain.pdf -> %UserProfile%\My Documents\MercerKelseyTheaterTicketSingingintheRain.pdf ->  [Ver =  | Size = 396296 bytes | Modified Date = 3/9/2008 12:41:25 PM | Attr =	]
MicrowaveSharp308J.pdf -> %UserProfile%\My Documents\MicrowaveSharp308J.pdf ->  [Ver =  | Size = 726461 bytes | Modified Date = 3/2/2008 7:19:17 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 3/7/2008 9:19:11 PM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 3/10/2008 11:22:32 PM | Attr = R  ]
My Pictures 3 -> %UserProfile%\My Documents\My Pictures 3 ->  [Folder | Modified Date = 3/9/2008 10:36:34 PM | Attr =	]
My Space -> %UserProfile%\My Documents\My Space ->  [Folder | Modified Date = 3/9/2008 11:58:12 PM | Attr =	]
My Videos 4 -> %UserProfile%\My Documents\My Videos 4 ->  [Folder | Modified Date = 3/13/2008 4:44:13 PM | Attr =	]
MySpace.doc -> %UserProfile%\My Documents\MySpace.doc ->  [Ver =  | Size = 128512 bytes | Modified Date = 3/9/2008 11:56:47 PM | Attr =	]
Oscars2008.doc -> %UserProfile%\My Documents\Oscars2008.doc ->  [Ver =  | Size = 44544 bytes | Modified Date = 2/22/2008 5:41:48 PM | Attr =	]
OutdoorLights.doc -> %UserProfile%\My Documents\OutdoorLights.doc ->  [Ver =  | Size = 48640 bytes | Modified Date = 3/10/2008 7:45:22 PM | Attr =	]
Period.doc -> %UserProfile%\My Documents\Period.doc ->  [Ver =  | Size = 45568 bytes | Modified Date = 2/13/2008 1:57:47 AM | Attr =	]
SalsaHamptonInn20080216.jpg -> %UserProfile%\My Documents\SalsaHamptonInn20080216.jpg ->  [Ver =  | Size = 275449 bytes | Modified Date = 3/1/2008 3:43:18 PM | Attr =	]
SalsaHamptonInn20080223.jpg -> %UserProfile%\My Documents\SalsaHamptonInn20080223.jpg ->  [Ver =  | Size = 216808 bytes | Modified Date = 3/1/2008 3:43:55 PM | Attr =	]
Scan -> %UserProfile%\My Documents\Scan ->  [Folder | Modified Date = 3/4/2008 10:35:49 AM | Attr =	]
Stuff -> %UserProfile%\My Documents\Stuff ->  [Folder | Modified Date = 3/14/2008 12:59:08 AM | Attr =	]
stuff 2.doc -> %UserProfile%\My Documents\stuff 2.doc ->  [Ver =  | Size = 34304 bytes | Modified Date = 3/6/2008 8:06:00 PM | Attr =	]
Stuff.zip -> %UserProfile%\My Documents\Stuff.zip ->  [Ver =  | Size = 798620 bytes | Modified Date = 3/12/2008 7:49:00 PM | Attr =	]
stuffwork.doc -> %UserProfile%\My Documents\stuffwork.doc ->  [Ver =  | Size = 1380864 bytes | Modified Date = 3/13/2008 11:20:52 PM | Attr =	]
Taxes -> %UserProfile%\My Documents\Taxes ->  [Folder | Modified Date = 2/27/2008 12:42:08 AM | Attr =	]
TriciasThingstodo.doc -> %UserProfile%\My Documents\TriciasThingstodo.doc ->  [Ver =  | Size = 177152 bytes | Modified Date = 3/13/2008 11:21:02 PM | Attr =	]
Vacation2008CruiseJE.doc -> %UserProfile%\My Documents\Vacation2008CruiseJE.doc ->  [Ver =  | Size = 299008 bytes | Modified Date = 2/15/2008 12:06:42 AM | Attr =	]
Vacation2008CruiseJohnEddie.zip -> %UserProfile%\My Documents\Vacation2008CruiseJohnEddie.zip ->  [Ver =  | Size = 3055336 bytes | Modified Date = 2/13/2008 10:54:00 AM | Attr =	]
VacationDatesAll.xls -> %UserProfile%\My Documents\VacationDatesAll.xls ->  [Ver =  | Size = 55808 bytes | Modified Date = 3/7/2008 5:40:02 PM | Attr =	]
Wendypacketmagazine.pdf -> %UserProfile%\My Documents\Wendypacketmagazine.pdf ->  [Ver =  | Size = 949183 bytes | Modified Date = 2/26/2008 8:04:00 PM | Attr =	]
WirelessCost.doc -> %UserProfile%\My Documents\WirelessCost.doc ->  [Ver =  | Size = 56320 bytes | Modified Date = 2/28/2008 7:49:00 PM | Attr =	]
Word2007.doc -> %UserProfile%\My Documents\Word2007.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 3/3/2008 7:15:30 PM | Attr =	]
Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2/17/2008 2:23:15 PM | Attr =	]
AOL 9.1.lnk -> %AllUsersProfile%\Desktop\AOL 9.1.lnk ->  [Ver =  | Size = 612 bytes | Modified Date = 2/24/2008 2:36:06 PM | Attr =	]
Calculator.lnk -> %UserProfile%\Desktop\Calculator.lnk ->  [Ver =  | Size = 1380 bytes | Modified Date = 3/4/2008 12:24:18 AM | Attr =	]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 2/17/2008 2:23:10 PM | Attr =	]
AOL -> %CommonProgramFiles%\AOL ->  [Folder | Modified Date = 2/24/2008 2:34:12 PM | Attr =	]
aolshare -> %CommonProgramFiles%\aolshare ->  [Folder | Modified Date = 2/24/2008 2:32:08 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 3/3/2008 1:10:14 AM | Attr =	]

< End of report >


#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:46 PM

Posted 14 March 2008 - 01:00 AM

Hi TriciaD. All in all it looks pretty good. Just a bit of housekeeping to do.

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> ivn4reg -> %AllUsersProfile%\Documents\Settings\ivn4.dll
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> {C9E11044-E57A-435F-B054-60A60A0D9A61}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {C9E11044-E57A-435F-B054-60A60A0D9A61}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {C9E11044-E57A-435F-B054-60A60A0D9A61}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {C9E11044-E57A-435F-B054-60A60A0D9A61}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {C9E11044-E57A-435F-B054-60A60A0D9A61}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {C9E11044-E57A-435F-B054-60A60A0D9A61}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> 13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that OTScanIt is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 TriciaD

TriciaD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 17 March 2008 - 11:55 PM

Here it is:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ivn4reg\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C9E11044-E57A-435F-B054-60A60A0D9A61}\\ButtonText deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C9E11044-E57A-435F-B054-60A60A0D9A61}\\CLSID deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C9E11044-E57A-435F-B054-60A60A0D9A61}\\Default Visible deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C9E11044-E57A-435F-B054-60A60A0D9A61}\\Exec deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C9E11044-E57A-435F-B054-60A60A0D9A61}\\HotIcon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{C9E11044-E57A-435F-B054-60A60A0D9A61}\\Icon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\msdownld.tmp folder deleted successfully.
[Files/Folders - Modified Within 30 days]
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Tricia D\Local Settings\Temp\MSIf06e3.LOG scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tricia D\Local Settings\Temp\Perflib_Perfdata_4f0.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tricia D\Local Settings\Temp\Perflib_Perfdata_e30.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tricia D\Local Settings\Temp\~DF7943.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_g8ScRu9RE6M1bYm scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_Z3itQrYz4aqBVWE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_3QM50kOexkkCVPa scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_4cKudf476pgkFCS scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_LSbwIutGc84kJEw scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.5.1 fix logfile created on 03182008_004500

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:46 PM

Posted 18 March 2008 - 12:40 AM

Hi TriciaD. Everything looks fine. Good job! How are things running? Any problems with anything?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 TriciaD

TriciaD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 March 2008 - 11:32 AM

Everything has been running great ! I think my problem has been resolved. Thanks so much !!

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:46 PM

Posted 18 March 2008 - 07:32 PM

That sounds great TriciaD. Then let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start OTScanIt
    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 TriciaD

TriciaD
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 23 March 2008 - 07:08 PM

All done. Thanks !!

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:46 PM

Posted 24 March 2008 - 12:03 AM

You are very welcome TriciaD, I'm glad that we could help.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users