Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Don't Know What Else To Do.


  • Please log in to reply
7 replies to this topic

#1 ledzeplnrulz

ledzeplnrulz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 15 March 2008 - 11:47 PM

Ok before I post my Hijack This Log I'd like to share with you all a dilemma I'm having. My computer randomly shutsdown/restarts and I cannot seem to find the problem. All I know is the CPU seems to be taking a beating, possibly resulting in the shuttingdown but I don't know.

My computer is a HP Pavillion dv8315nr notebook.
Specs:
US Product Number EZ580UA#ABA
Microprocessor 1.8 GHz AMD Turion™ 64 Mobile Technology ML-34
Microprocessor Cache 1MB L2 Cache
Memory 1024MB 333MHz DDR (2 Dimm)
Memory Max 2048MB ***I have 2GB
Video Graphics ATI RADEON® XPRESS 200M IGP
Video Memory 128MB DDR (dedicated)
Hard Drive 100GB (4200RPM)
Multimedia Drive LightScribe Super Multi 8X DVD±R/RW with Double Layer Support
Display 17.0” WXGA+ High-Definition BrightView Widescreen Display (1440 x 900)
Fax/Modem High speed 56k modem
Network Card Integrated 10/100BASE-T Ethernet LAN (RJ-45 connector)
Wireless Connectivity 54g™ 802.11b/g WLAN with 125HSM / SpeedBooster support


1. I've tried reformatting, but when the computer reads the media center OS disc, it shutsdown and won't let me continue.
2. I've followed the rules step-by-step for posting a Hijack-This log. Though problems have occured...
3. I did Run-"cleanmgr" and deleted temp files/temp internet files and recycle bin.
4. I ran Ad-Aware, updated it, and did a complete scan and deleted everything twice.
5. Tried to run SpyBot but in the middle of scanning my computer restarted, I did this like 3-4 times before moving to the next program.
6. Ran Housecall, it did what it did. No problems
7. I tried to run Stinger but my computer restarted in the middle of scanning and again and again....
8. I ran a Bootime scan with AVAST and it found no viruses, tried running it in safe-mode, but it restarted.
9. The firewall I have is the one that XP comes with and everything is golden.
10. I've ran Microsoft Update and updated everything.

Now for the Hijack This Log:
==============================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:33 AM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201421016196
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201421118509
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8092 bytes
================================================================

I don't know what else to do guys. Anything you guys post to aid me is greatly appreciated and thanks in advance.
I took my computer up to BestBuy because its still under warranty and they said nothing was wrong with it. And they said if
I really wanted to get it looked at (because they can't do repairs..) I could have it sent to Cleveland and it'd take 1-3 weeks
for it get back to me and I can't go that long since I'm in college...So yeah. Anything is appreciated once again. Thanks everyone!!!!

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:33 PM

Posted 28 March 2008 - 10:42 AM

Hello ledzeplnrulz and welcome to the BC HijackThis forum. I don't see anything in the log. It's clean. From what you are describing it sounds like a hardware issue.

Let's get a liitle broader look at the system and see if any malware shows up. If not, then the system might need to be sent back to HP for an evaluation, especially since it is still under warrenty.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      Evnt - EventViewer Errors/Warnings (last 7 days)
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 ledzeplnrulz

ledzeplnrulz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 28 March 2008 - 01:13 PM

OTScanIt logfile created on: 3/28/2008 2:11:10 PM

OTScanIt by OldTimer - Version 1.0.7.0	 Folder = C:\Documents and Settings\Joe\Desktop\OTScanIt

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.72% Memory free

3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.59% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 93.15 Gb Total Space | 41.55 Gb Free Space | 44.60% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: JOSEPH

Current User Name: Joe

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 393216 bytes | Modified Date = 12/1/2005 11:42:00 PM | Attr =	]

aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 3/15/2008 6:13:34 PM | Attr =	]

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 393216 bytes | Modified Date = 12/1/2005 11:42:00 PM | Attr =	]

ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 9:00:16 AM | Attr =	]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 3:40:04 AM | Attr =	]

mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =	]

ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 8:59:53 AM | Attr =	]

syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 1015808 bytes | Modified Date = 9/15/2007 3:27:20 AM | Attr =	]

hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 3, 1 | Size = 507904 bytes | Modified Date = 12/13/2005 5:45:58 PM | Attr =	]

atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5173 | Size = 344064 bytes | Modified Date = 12/1/2005 10:05:00 PM | Attr =	]

winampa.exe -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 1/15/2008 6:54:54 PM | Attr =	]

jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 5:25:21 AM | Attr =	]

res.exe -> %ProgramFiles%\USBToolbox\res.exe -> ali [Ver = 1, 0, 0, 1 | Size = 118784 bytes | Modified Date = 1/15/2002 10:23:54 AM | Attr =	]

hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 90.0.43.000 | Size = 49152 bytes | Modified Date = 3/11/2007 10:34:40 PM | Attr =	]

ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 9:00:23 AM | Attr =	]

ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2/19/2008 2:10:32 PM | Attr =	]

aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 4:35:36 PM | Attr =	]

hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 210520 bytes | Modified Date = 3/11/2007 10:26:24 PM | Attr =	]

ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 2:10:24 PM | Attr =	]

hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 151552 bytes | Modified Date = 3/11/2007 10:32:42 PM | Attr =	]

pythonw.exe -> %SystemDrive%\Python25\pythonw.exe ->  [Ver =  | Size = 24576 bytes | Modified Date = 4/18/2007 9:51:42 AM | Attr =	]

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.13: 2008031114 | Size = 7660656 bytes | Modified Date = 3/26/2008 7:02:55 PM | Attr =	]

otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.7.0 | Size = 369152 bytes | Modified Date = 3/27/2008 12:38:50 AM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 3/15/2008 6:13:34 PM | Attr =	]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 3:40:04 AM | Attr =	]

(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 10:36:33 AM | Attr =	]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 393216 bytes | Modified Date = 12/1/2005 11:42:00 PM | Attr =	]

(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 9:00:16 AM | Attr =	]

(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 8:59:53 AM | Attr =	]

(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 8:59:01 AM | Attr =	]

(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:50 AM | Attr =	]

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found

(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 2:10:24 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 10:49:02 AM | Attr =	]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found

(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(AmdPPM) AMD HwPState Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdPPM.sys -> Advanced Micro Devices [Ver = 1.0.0 built by: WinDDK | Size = 33792 bytes | Modified Date = 4/16/2007 10:46:00 PM | Attr =	]

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 10:55:46 AM | Attr =	]

(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 10:53:39 AM | Attr =	]

(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 10:51:52 AM | Attr =	]

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6587 | Size = 1412608 bytes | Modified Date = 12/1/2005 11:49:00 PM | Attr =	]

(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.100.15.5 | Size = 604928 bytes | Modified Date = 10/13/2006 1:26:56 AM | Attr =	]

(CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\camc6aud.sys -> Conexant Systems Inc. [Ver = 6.14.10.0595 | Size = 38016 bytes | Modified Date = 8/1/2005 6:58:00 PM | Attr =	]

(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\camc6hal.sys -> Conexant Systems Inc. [Ver = 6.14.10.0595 | Size = 349312 bytes | Modified Date = 8/1/2005 7:00:00 PM | Attr =	]

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 12:07:18 AM | Attr =	]

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 12:07:18 AM | Attr =	]

(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 1:00:00 AM | Attr =	]

(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found

(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =	]

(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 1/27/2008 1:55:38 AM | Attr =	]

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 3 | Size = 49920 bytes | Modified Date = 3/8/2007 12:20:48 AM | Attr = R  ]

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 16496 bytes | Modified Date = 3/8/2007 12:20:49 AM | Attr = R  ]

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 21568 bytes | Modified Date = 3/8/2007 12:20:50 AM | Attr = R  ]

(HSFHWATI) HSFHWATI [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWATI.sys -> Conexant Systems, Inc. [Ver = 7.33.00 built by: WinDDK | Size = 231424 bytes | Modified Date = 8/22/2005 4:06:14 PM | Attr =	]

(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.33.00 built by: WinDDK | Size = 1035008 bytes | Modified Date = 8/22/2005 5:07:00 PM | Attr =	]

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 11:04:14 AM | Attr =	]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 1:00:00 AM | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 1/4/2008 5:58:46 PM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.687.0225.2008 built by: WinDDK | Size = 105088 bytes | Modified Date = 2/25/2008 12:54:56 PM | Attr =	]

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:34 PM | Attr =	]

(SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\system32\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 9, 0, 0 | Size = 33292 bytes | Modified Date = 1/20/2008 3:07:58 AM | Attr =	]

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 716272 bytes | Modified Date = 2/1/2008 3:02:57 AM | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found

(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found

(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found

(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 213696 bytes | Modified Date = 9/15/2007 3:09:44 AM | Attr =	]

(tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.2 | Size = 162432 bytes | Modified Date = 9/20/2005 11:30:56 AM | Attr =	]

(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 3/15/2008 6:38:49 PM | Attr =	]

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.33.00 built by: WinDDK | Size = 718464 bytes | Modified Date = 8/22/2005 4:06:10 PM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr =	]

ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5173 | Size = 344064 bytes | Modified Date = 12/1/2005 10:05:00 PM | Attr =	]

avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 9:00:23 AM | Attr =	]

HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 90.0.43.000 | Size = 49152 bytes | Modified Date = 3/11/2007 10:34:40 PM | Attr =	]

hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 3, 1 | Size = 507904 bytes | Modified Date = 12/13/2005 5:45:58 PM | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2/19/2008 2:10:32 PM | Attr =	]

NBKeyScan -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe -> File not found

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2/1/2008 12:13:08 AM | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 5:25:21 AM | Attr =	]

SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 1015808 bytes | Modified Date = 9/15/2007 3:27:20 AM | Attr =	]

SynTPStart -> %ProgramFiles%\Synaptics\SynTP\SynTPStart.exe -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 102400 bytes | Modified Date = 9/15/2007 3:29:10 AM | Attr =	]

USB Storage Toolbox -> %ProgramFiles%\USBToolbox\res.exe -> ali [Ver = 1, 0, 0, 1 | Size = 118784 bytes | Modified Date = 1/15/2002 10:23:54 AM | Attr =	]

WinampAgent -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 1/15/2008 6:54:54 PM | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 210520 bytes | Modified Date = 3/11/2007 10:26:24 PM | Attr =	]

< Joe Startup Folder > -> C:\Documents and Settings\Joe\Start Menu\Programs\Startup -> 

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 47104 bytes | Modified Date = 12/1/2005 11:43:00 PM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> -1 -> 

< HOSTS File > (228383 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4250 domain(s) found. -> 

32 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4249 domain(s) found. -> 

31 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{0347C33E-8762-4905-BF09-768834316C61} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 1298024 bytes | Modified Date = 3/2/2007 5:52:24 PM | Attr = R  ]

{053F9267-DC04-4294-A72C-58F732D338C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 177768 bytes | Modified Date = 3/2/2007 5:52:08 PM | Attr = R  ]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> File not found

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr =	]

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr =	]

{58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 3/2/2007 5:53:20 PM | Attr = R  ]

{700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 3/2/2007 5:53:20 PM | Attr = R  ]

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 4:35:36 PM | Attr =	]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 3/2/2007 5:53:20 PM | Attr = R  ]

CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 3/2/2007 5:53:20 PM | Attr = R  ]

CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 4:35:36 PM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{2D0EDE27-205C-4A8E-A72A-43EFF6901CC1} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 

{3C4EB477-5685-49A6-8628-0DD149B4AC38} ->	() -> 

{3F07B6E6-F6B9-4477-B464-9DA3DEFC5142} ->	(1394 Net Adapter) -> 

{ACED7F7C-31E7-46F0-B3D7-C3A888BB2268} ->	(Broadcom 802.11b/g WLAN) -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201421016196[WUWebControl Class] -> 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201421118509[MUWebControl Class] -> 

{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 

{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> 

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 744 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 1:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 51578 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 4:35:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitLord\BitLord.exe -> C:\Program Files\BitLord\BitLord.exe [C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord] -> www.BitLord.com [Ver = 1.1. | Size = 2224128 bytes | Modified Date = 5/6/2005 8:47:08 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Hamachi\hamachi.exe -> C:\Program Files\Hamachi\hamachi.exe [C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client] -> LogMeIn Inc. [Ver = 1, 0, 2, 5 | Size = 624416 bytes | Modified Date = 1/27/2008 1:55:38 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IBM\WebSphere\AppServer\java\bin\java.exe -> C:\Program Files\IBM\WebSphere\AppServer\java\bin\java.exe [C:\Program Files\IBM\WebSphere\AppServer\java\bin\java.exe:*:Enabled:Java launcher] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe -> C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe [C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.13: 2008031114 | Size = 7660656 bytes | Modified Date = 3/26/2008 7:02:55 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.1.9 | Size = 19897640 bytes | Modified Date = 2/19/2008 2:10:26 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 1/22/2008 6:03:55 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 

< EventViewer Logs > -> Errors and Warnings -> Description

System - Warning - 3/21/2008 2:13:31 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/21/2008 7:45:42 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:42 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:43 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:43 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:45 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/21/2008 7:45:45 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = PlugPlayManager -> Description = Timed out sending notification of device interface change to window of CProgram FileshpqHP Wireless AssistantHP Wireless Assistantexe

System - Warning - 3/22/2008 4:03:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0016D434C20A  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server

System - Warning - 3/22/2008 4:07:35 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Error - 3/22/2008 4:30:29 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Service Control Manager -> Description = The avast Antivirus service terminated unexpectedly  It has done this 1 time(s)

System - Warning - 3/22/2008 5:27:54 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Error - 3/22/2008 5:34:55 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Service Control Manager -> Description = The avast Antivirus service terminated unexpectedly  It has done this 1 time(s)

System - Warning - 3/22/2008 5:35:29 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/22/2008 6:27:21 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/22/2008 8:24:53 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/22/2008 8:58:49 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0014A5B3B2E7  The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server

System - Warning - 3/22/2008 8:58:51 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Dhcp -> Description = Your computer has automatically configured the IP address for the NetworkCard with network address 0014A5B3B2E7  The IP address being used is 16925411279

System - Warning - 3/23/2008 12:10:07 AM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/23/2008 10:42:20 AM -> Computer Name = JOSEPH - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized

System - Warning - 3/23/2008 4:17:05 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0016D434C20A  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server

System - Warning - 3/23/2008 4:19:25 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/23/2008 4:43:29 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/23/2008 5:12:06 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/23/2008 6:58:13 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/23/2008 9:21:44 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/24/2008 5:58:06 AM -> Computer Name = JOSEPH - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized

System - Error - 3/24/2008 2:59:59 PM -> Computer Name = JOSEPH - User Name = JOSEPH\Joe - Source = DCOM -> Description = 

System - Error - 3/25/2008 5:21:18 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Service Control Manager -> Description = The avast Web Scanner service terminated unexpectedly  It has done this 1 time(s)

System - Warning - 3/26/2008 9:11:23 AM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Error - 3/26/2008 5:40:48 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 351118836 for the Network Card with network address 0016D434C20A has beendenied by the DHCP server 0000 (The DHCP Server sent a DHCPNACK message)

System - Error - 3/26/2008 5:51:38 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = MRxSmb -> Description = 

System - Error - 3/26/2008 7:27:31 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = MRxSmb -> Description = 

System - Error - 3/26/2008 9:03:25 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = MRxSmb -> Description = 

System - Error - 3/26/2008 10:03:31 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = MRxSmb -> Description = 

System - Error - 3/26/2008 11:15:34 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = MRxSmb -> Description = 

System - Error - 3/27/2008 9:38:01 AM -> Computer Name = JOSEPH - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681103 for the Network Card with network address 0016D434C20A has beendenied by the DHCP server 358245 (The DHCP Server sent a DHCPNACK message)

System - Error - 3/27/2008 9:41:23 AM -> Computer Name = JOSEPH - User Name = (blank) - Source = Service Control Manager -> Description = The avast iAVS4 Control Service service terminated unexpectedly  It has done this 1 time(s)

System - Error - 3/27/2008 9:41:27 AM -> Computer Name = JOSEPH - User Name = (blank) - Source = Service Control Manager -> Description = The avast Web Scanner service terminated unexpectedly  It has done this 1 time(s)

System - Warning - 3/27/2008 9:02:25 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/27/2008 10:43:02 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/27/2008 11:36:50 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

System - Warning - 3/28/2008 5:43:03 AM -> Computer Name = JOSEPH - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized

System - Warning - 3/28/2008 11:33:55 AM -> Computer Name = JOSEPH - User Name = (blank) - Source = Tcpip -> Description = 

Antivirus - Warning - 3/22/2008 4:04:58 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004

Antivirus - Warning - 3/22/2008 4:04:58 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs

Antivirus - Error - 3/22/2008 4:33:13 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = avast! -> Description = AAVM - scanning error Aavm FetchGlobalCounters cannot open mapping - server DOWN 00000002

Antivirus - Error - 3/22/2008 5:35:04 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = avast! -> Description = AAVM - scanning error Aavm FetchGlobalCounters cannot open mapping - server DOWN 00000002

Antivirus - Warning - 3/23/2008 4:06:24 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004

Antivirus - Warning - 3/23/2008 4:06:25 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs

Antivirus - Warning - 3/23/2008 4:18:24 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004

Antivirus - Warning - 3/23/2008 4:18:25 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs

Antivirus - Warning - 3/27/2008 1:43:56 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004

Antivirus - Warning - 3/27/2008 1:43:56 PM -> Computer Name = JOSEPH - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs





[Files/Folders - Created Within 30 days]

tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 3/15/2008 6:39:55 PM | Attr =	]

appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Created Date = 2/29/2008 2:26:10 AM | Attr =	]

1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Created Date = 3/25/2008 5:42:59 PM | Attr =  H ]

java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/5/2008 2:34:14 PM | Attr =	]

javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/5/2008 2:34:14 PM | Attr =	]

javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/5/2008 2:34:14 PM | Attr =	]

abndfefg3dgfdfs3.ini -> %SystemRoot%\abndfefg3dgfdfs3.ini ->  [Ver =  | Size = 4888 bytes | Created Date = 3/23/2008 11:52:40 PM | Attr =	]

hpoins14.dat.temp -> %SystemRoot%\hpoins14.dat.temp ->  [Ver =  | Size = 141199 bytes | Created Date = 3/20/2008 4:53:50 PM | Attr =	]

hpomdl14.dat.temp -> %SystemRoot%\hpomdl14.dat.temp ->  [Ver =  | Size = 2000 bytes | Created Date = 3/20/2008 4:53:50 PM | Attr =	]

Progs_.ini -> %SystemRoot%\Progs_.ini ->  [Ver =  | Size = 24 bytes | Created Date = 3/23/2008 11:49:44 PM | Attr =	]

pss -> %SystemRoot%\pss ->  [Folder | Created Date = 3/15/2008 8:02:03 PM | Attr =	]

3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 3/1/2008 3:27:00 PM | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 3/1/2008 3:27:00 PM | Attr =  H ]

qwxsdrtn32snghlp.dll -> %SystemRoot%\qwxsdrtn32snghlp.dll ->  [Ver =  | Size = 4888 bytes | Created Date = 3/23/2008 11:52:40 PM | Attr =	]

sdeertrtsddf25dr.sys -> %SystemRoot%\sdeertrtsddf25dr.sys ->  [Ver =  | Size = 4888 bytes | Created Date = 3/23/2008 11:52:40 PM | Attr =	]

Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 7680 bytes | Created Date = 3/26/2008 11:27:28 PM | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 3/15/2008 6:18:25 PM | Attr =	]

TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 3/23/2008 11:57:11 PM | Attr =	]

Move Networks -> %AppData%\Move Networks ->  [Folder | Created Date = 3/9/2008 11:12:08 PM | Attr =	]

Publish Providers -> %AppData%\Publish Providers ->  [Folder | Created Date = 3/20/2008 11:10:19 PM | Attr =	]

Sony -> %AppData%\Sony ->  [Folder | Created Date = 3/20/2008 11:10:00 PM | Attr =	]

vghd -> %AppData%\vghd ->  [Folder | Created Date = 3/1/2008 3:29:05 PM | Attr =	]

Sony -> %UserProfile%\Local Settings\Application Data\Sony ->  [Folder | Created Date = 3/21/2008 12:55:28 AM | Attr =	]

{17CF2B0F-9A67-4912-A4D6-6BBCECBDFAE1} -> %UserProfile%\Local Settings\Application Data\{17CF2B0F-9A67-4912-A4D6-6BBCECBDFAE1} ->  [Folder | Created Date = 3/23/2008 11:56:23 PM | Attr =	]

iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Created Date = 3/1/2008 3:26:40 PM | Attr =	]

234practiceEXAM3.pdf -> %UserProfile%\Desktop\234practiceEXAM3.pdf ->  [Ver =  | Size = 31967 bytes | Created Date = 3/24/2008 8:15:08 PM | Attr =	]

ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 3/28/2008 2:06:58 PM | Attr =	]

Clerks -> %UserProfile%\Desktop\Clerks ->  [Folder | Created Date = 3/21/2008 12:39:17 AM | Attr =	]

HiJackThis -> %UserProfile%\Desktop\HiJackThis ->  [Folder | Created Date = 3/15/2008 5:41:42 PM | Attr =	]

Movies -> %UserProfile%\Desktop\Movies ->  [Folder | Created Date = 3/12/2008 9:09:32 PM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 3/28/2008 2:08:38 PM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 540404 bytes | Created Date = 3/28/2008 2:08:02 PM | Attr =	]

Quiz 6 outlines, SS 2008 doc.doc -> %UserProfile%\Desktop\Quiz 6 outlines, SS 2008 doc.doc ->  [Ver =  | Size = 24064 bytes | Created Date = 3/27/2008 7:01:07 PM | Attr =	]

Shortcut to zsnesw.lnk -> %UserProfile%\Desktop\Shortcut to zsnesw.lnk ->  [Ver =  | Size = 519 bytes | Created Date = 3/16/2008 1:32:51 AM | Attr =	]

Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 3/15/2008 6:18:30 PM | Attr =	]

stng380.opt -> %UserProfile%\Desktop\stng380.opt ->  [Ver =  | Size = 17 bytes | Created Date = 3/15/2008 8:00:37 PM | Attr =	]

The IT Crowd -> %UserProfile%\Desktop\The IT Crowd ->  [Folder | Created Date = 3/14/2008 11:43:05 PM | Attr =	]

The Riches -> %UserProfile%\Desktop\The Riches ->  [Folder | Created Date = 3/14/2008 11:47:53 PM | Attr =	]

ZSNES -> %UserProfile%\Desktop\ZSNES ->  [Folder | Created Date = 3/15/2008 5:12:33 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 3/19/2008 11:05:46 AM | Attr = RHS]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/24/2008 12:06:44 AM | Attr = R  ]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/26/2008 11:27:28 PM | Attr =	]

etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 3/15/2008 6:19:42 PM | Attr =	]

hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 228383 bytes | Modified Date = 3/15/2008 6:19:42 PM | Attr = R  ]

tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 3/15/2008 6:38:49 PM | Attr =	]

appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Modified Date = 2/29/2008 2:26:11 AM | Attr =	]

1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/23/2008 5:06:24 PM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 3/12/2008 11:15:42 PM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/16/2008 12:27:17 AM | Attr =	]

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 188200 bytes | Modified Date = 2/27/2008 10:01:47 PM | Attr =	]

GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Modified Date = 3/25/2008 5:42:59 PM | Attr =  H ]

Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 3/19/2008 8:26:24 PM | Attr =	]

perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 85526 bytes | Modified Date = 3/27/2008 10:42:15 AM | Attr =	]

perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 465892 bytes | Modified Date = 3/27/2008 10:42:15 AM | Attr =	]

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 4766 bytes | Modified Date = 3/27/2008 10:42:15 AM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 3/27/2008 10:38:16 AM | Attr =	]

abndfefg3dgfdfs3.ini -> %SystemRoot%\abndfefg3dgfdfs3.ini ->  [Ver =  | Size = 4888 bytes | Modified Date = 3/23/2008 11:52:40 PM | Attr =	]

avisplitter.INI -> %SystemRoot%\avisplitter.INI ->  [Ver =  | Size = 38 bytes | Modified Date = 3/9/2008 7:37:01 PM | Attr =	]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/27/2008 10:37:59 AM | Attr =   S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/19/2008 4:01:59 PM | Attr =   S]

3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2/27/2008 9:55:37 PM | Attr = R S]

hpoins14.dat -> %SystemRoot%\hpoins14.dat ->  [Ver =  | Size = 140692 bytes | Modified Date = 3/20/2008 4:56:33 PM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/20/2008 4:50:53 PM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/27/2008 11:18:58 PM | Attr =  HS]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 2/28/2008 9:41:07 AM | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/28/2008 2:09:10 PM | Attr =	]

Progs_.ini -> %SystemRoot%\Progs_.ini ->  [Ver =  | Size = 24 bytes | Modified Date = 3/23/2008 11:49:44 PM | Attr =	]

pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 3/15/2008 8:02:08 PM | Attr =	]

QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 3/1/2008 3:27:00 PM | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/27/2008 10:38:14 AM | Attr =  H ]

qwxsdrtn32snghlp.dll -> %SystemRoot%\qwxsdrtn32snghlp.dll ->  [Ver =  | Size = 4888 bytes | Modified Date = 3/23/2008 11:52:40 PM | Attr =	]

sdeertrtsddf25dr.sys -> %SystemRoot%\sdeertrtsddf25dr.sys ->  [Ver =  | Size = 4888 bytes | Modified Date = 3/23/2008 11:52:40 PM | Attr =	]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 3/19/2008 11:05:46 AM | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/27/2008 11:20:12 PM | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/28/2008 2:07:09 PM | Attr =	]

Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 7680 bytes | Modified Date = 3/26/2008 11:27:28 PM | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 552 bytes | Modified Date = 3/20/2008 4:55:29 PM | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 3/25/2008 8:43:01 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/27/2008 10:38:06 AM | Attr =  H ]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 3/20/2008 1:42:04 AM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 3/20/2008 1:42:04 AM | Attr =	]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11092 bytes | Modified Date = 1/27/2008 3:56:44 AM | Attr =	]

AIM_PH.dat -> C:\Documents and Settings\Joe\Local Settings\Temp\AIM_PH.dat ->  [Ver =  | Size = 1270 bytes | Modified Date = 3/28/2008 2:11:19 PM | Attr =	]

1 C:\Documents and Settings\Joe\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Joe\Local Settings\Temp\*.tmp -> 

Perflib_Perfdata_700.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_700.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/11/2008 5:46:56 AM | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Nero -> %AllUsersProfile%\Application Data\Nero ->  [Folder | Modified Date = 2/29/2008 2:24:30 AM | Attr =	]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 3/15/2008 6:41:17 PM | Attr =	]

TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 3/23/2008 11:57:11 PM | Attr =	]

LimeWire -> %AppData%\LimeWire ->  [Folder | Modified Date = 3/4/2008 8:14:01 PM | Attr =	]

Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 3/27/2008 11:19:14 PM | Attr =   S]

Move Networks -> %AppData%\Move Networks ->  [Folder | Modified Date = 3/9/2008 11:12:08 PM | Attr =	]

Publish Providers -> %AppData%\Publish Providers ->  [Folder | Modified Date = 3/20/2008 11:10:19 PM | Attr =	]

Sony -> %AppData%\Sony ->  [Folder | Modified Date = 3/20/2008 11:10:00 PM | Attr =	]

vghd -> %AppData%\vghd ->  [Folder | Modified Date = 3/1/2008 3:29:05 PM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 88576 bytes | Modified Date = 3/26/2008 11:27:27 PM | Attr =	]

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 44728 bytes | Modified Date = 2/28/2008 11:39:26 AM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 6291456 bytes | Modified Date = 3/16/2008 12:02:28 AM | Attr =  H ]

Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 3/27/2008 11:19:14 PM | Attr =	]

Sony -> %UserProfile%\Local Settings\Application Data\Sony ->  [Folder | Modified Date = 3/21/2008 12:55:28 AM | Attr =	]

{17CF2B0F-9A67-4912-A4D6-6BBCECBDFAE1} -> %UserProfile%\Local Settings\Application Data\{17CF2B0F-9A67-4912-A4D6-6BBCECBDFAE1} ->  [Folder | Modified Date = 3/23/2008 11:56:23 PM | Attr =	]

My Music -> %AllUsersProfile%\Documents\My Music ->  [Folder | Modified Date = 3/23/2008 1:54:54 AM | Attr = R  ]

Incomplete -> %UserProfile%\My Documents\Incomplete ->  [Folder | Modified Date = 3/4/2008 8:37:43 PM | Attr =	]

Joe's Music -> %UserProfile%\My Documents\Joe's Music ->  [Folder | Modified Date = 3/24/2008 10:44:41 AM | Attr =	]

My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 3/24/2008 10:41:18 PM | Attr = R  ]

Powertabs -> %UserProfile%\My Documents\Powertabs ->  [Folder | Modified Date = 3/23/2008 5:42:09 PM | Attr =	]

Torrents -> %UserProfile%\My Documents\Torrents ->  [Folder | Modified Date = 3/26/2008 8:22:20 PM | Attr =	]

Word Documents -> %UserProfile%\My Documents\Word Documents ->  [Folder | Modified Date = 3/17/2008 9:03:37 PM | Attr =	]

iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 3/25/2008 10:55:23 AM | Attr =	]

234practiceEXAM3.pdf -> %UserProfile%\Desktop\234practiceEXAM3.pdf ->  [Ver =  | Size = 31967 bytes | Modified Date = 3/24/2008 8:15:06 PM | Attr =	]

ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/28/2008 2:06:57 PM | Attr =	]

Clerks -> %UserProfile%\Desktop\Clerks ->  [Folder | Modified Date = 3/26/2008 8:22:23 PM | Attr =	]

HiJackThis -> %UserProfile%\Desktop\HiJackThis ->  [Folder | Modified Date = 3/16/2008 12:41:31 AM | Attr =	]

Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk ->  [Ver =  | Size = 2497 bytes | Modified Date = 3/23/2008 6:34:05 PM | Attr =	]

Movies -> %UserProfile%\Desktop\Movies ->  [Folder | Modified Date = 3/15/2008 1:12:46 AM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 3/28/2008 2:10:07 PM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 540404 bytes | Modified Date = 3/28/2008 2:08:04 PM | Attr =	]

Power Tab Editor 1.7.lnk -> %UserProfile%\Desktop\Power Tab Editor 1.7.lnk ->  [Ver =  | Size = 2445 bytes | Modified Date = 3/27/2008 11:51:45 PM | Attr =	]

Quiz 6 outlines, SS 2008 doc.doc -> %UserProfile%\Desktop\Quiz 6 outlines, SS 2008 doc.doc ->  [Ver =  | Size = 24064 bytes | Modified Date = 3/27/2008 7:01:05 PM | Attr =	]

Shortcut to zsnesw.lnk -> %UserProfile%\Desktop\Shortcut to zsnesw.lnk ->  [Ver =  | Size = 519 bytes | Modified Date = 3/16/2008 1:32:51 AM | Attr =	]

Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 3/15/2008 6:18:30 PM | Attr =	]

stng380.opt -> %UserProfile%\Desktop\stng380.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 3/15/2008 8:00:37 PM | Attr =	]

The IT Crowd -> %UserProfile%\Desktop\The IT Crowd ->  [Folder | Modified Date = 3/14/2008 11:43:05 PM | Attr =	]

The Riches -> %UserProfile%\Desktop\The Riches ->  [Folder | Modified Date = 3/15/2008 12:03:51 AM | Attr =	]

ZSNES -> %UserProfile%\Desktop\ZSNES ->  [Folder | Modified Date = 3/20/2008 1:51:04 PM | Attr =	]

Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2/27/2008 9:55:28 PM | Attr =	]

Nero -> %CommonProgramFiles%\Nero ->  [Folder | Modified Date = 2/29/2008 2:24:32 AM | Attr =	]



< End of report >


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:33 PM

Posted 28 March 2008 - 03:00 PM

Hi ledzeplnrulz. I only see two questionable files in the log. Let's have them checked out.

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan:
c:\windows\qwxsdrtn32snghlp.dll
c:\windows\sdeertrtsddf25dr.sys

Several scanning engines will be used to check the file for any threats. Please post the results of the scans back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 ledzeplnrulz

ledzeplnrulz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 29 March 2008 - 12:22 AM

Service
Service load:
0% 100%
File: qwxsdrtn32snghlp.dll
Status:
OK
MD5: 3495b457e38a50d2a52493c0a81e231c
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 29 Mar 2008 05:19:06 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing




Service
Service load:
0% 100%
File: sdeertrtsddf25dr.sys
Status:
OK
MD5: 0f843003d4082e32d4c1406d0e28be3b
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 29 Mar 2008 05:20:45 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Basically both send nothing about them. Sorry if I didn't say anything sooner but Thank YOU SOO MUCH for helping me w/ this!

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:33 PM

Posted 29 March 2008 - 09:12 AM

Hi ledzeplnrulz. I still think those are kind of fishy. Let's move them out once anyway and do a little general housekeeping and see what happens.

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> NBKeyScan -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IBM\WebSphere\AppServer\java\bin\java.exe -> C:\Program Files\IBM\WebSphere\AppServer\java\bin\java.exe [C:\Program Files\IBM\WebSphere\AppServer\java\bin\java.exe:*:Enabled:Java launcher]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe -> C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe [C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter]
[Files/Folders - Created Within 30 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> abndfefg3dgfdfs3.ini -> %SystemRoot%\abndfefg3dgfdfs3.ini
NY -> hpoins14.dat.temp -> %SystemRoot%\hpoins14.dat.temp
NY -> hpomdl14.dat.temp -> %SystemRoot%\hpomdl14.dat.temp
NY -> Progs_.ini -> %SystemRoot%\Progs_.ini
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> qwxsdrtn32snghlp.dll -> %SystemRoot%\qwxsdrtn32snghlp.dll
NY -> sdeertrtsddf25dr.sys -> %SystemRoot%\sdeertrtsddf25dr.sys
[Files/Folders - Modified Within 30 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> abndfefg3dgfdfs3.ini -> %SystemRoot%\abndfefg3dgfdfs3.ini
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> Progs_.ini -> %SystemRoot%\Progs_.ini
NY -> qwxsdrtn32snghlp.dll -> %SystemRoot%\qwxsdrtn32snghlp.dll
NY -> sdeertrtsddf25dr.sys -> %SystemRoot%\sdeertrtsddf25dr.sys
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that OTScanIt is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 ledzeplnrulz

ledzeplnrulz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 30 March 2008 - 09:26 PM

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NBKeyScan deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IBM\WebSphere\AppServer\java\bin\java.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\abndfefg3dgfdfs3.ini moved successfully.
C:\WINDOWS\hpoins14.dat.temp moved successfully.
C:\WINDOWS\hpomdl14.dat.temp moved successfully.
C:\WINDOWS\Progs_.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\qwxsdrtn32snghlp.dll
C:\WINDOWS\qwxsdrtn32snghlp.dll NOT unregistered.
C:\WINDOWS\qwxsdrtn32snghlp.dll moved successfully.
C:\WINDOWS\sdeertrtsddf25dr.sys moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\abndfefg3dgfdfs3.ini not found!
File C:\WINDOWS\Progs_.ini not found!
File C:\WINDOWS\qwxsdrtn32snghlp.dll not found!
File C:\WINDOWS\sdeertrtsddf25dr.sys not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\WV01WYZV\tcode[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\WMKH3XZ1\AIM_UAC[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\TO2K0QC1\client[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.7.0 fix logfile created on 03302008_222313

There ya go

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:33 PM

Posted 30 March 2008 - 09:34 PM

Hi ledzeplnrulz. that all cleaned up fine. run the system for a couple of days and see if you still get the shutdown issues. If so, we might need to send you over to the XP forum and have them take a look at it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users