Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please!


  • Please log in to reply
11 replies to this topic

#1 soulo

soulo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 06 April 2008 - 02:17 PM

For some reason when i scan my computer for ads and etc with ad-aware my computer shut down. Also when im surfing the internet or just leave the computer on some weird some comes on. you can say that advertisement sound comes on.

heres my hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:18 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\asck.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200988553463
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6329 bytes

BC AdBot (Login to Remove)

 


#2 soulo

soulo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 07 April 2008 - 12:54 PM

bump?

#3 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 PM

Posted 07 April 2008 - 08:13 PM

Download SDFix and save it to your desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

Please then reboot your computer in Safe Mode (without Networking) by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the C:\SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

REBOOT

Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Leave all the setting to the default except as noted below
  • Under Additional Scans sections, check the following
  • Reg - BotCheck
  • File - Additional Folder Scan
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Save that notepad file.
[/list]If the log is too large to post, use the ADDReply button, scroll down to the attachments section and attach the notepad file here.

Please post
  • C:\SDFix\report.txt
  • OtScanIt log
in your reply here

#4 soulo

soulo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 08 April 2008 - 02:46 PM

sdfix- report


SDFix: Version 1.167
Run by Ellie on Tue 04/08/2008 at 02:59 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :

Name:
efidriver

Path:
\??\C:\WINDOWS\system\efidriver.drv

efidriver - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\comsa32.sys - Deleted
C:\WINDOWS\system32\web.dat - Deleted
C:\WINDOWS\system\efidriver.drv - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 03:07:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:ac,da,ff,4f,1a,6a,7d,7d,5a,54,f7,31,df,95,69,f8,78,9d,ab,59,96,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,47,63,0b,a3,66,8e,30,d7,1b,61,c2,a6,d9,e8,be,7b,19,..
"hdf12"=hex:48,17,4d,e8,53,75,06,dc,72,82,7c,69,40,96,35,88,44,24,7b,f0,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:30,da,ea,30,16,37,ff,14,3d,d7,80,c5,bb,52,e3,95,6f,27,01,84,19,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:15,00,8c,64,eb,cd,cd,0e,79,62,e5,de,72,87,c9,be,d1,7d,b1,4b,d3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:33,18,27,bb,39,48,06,60,82,5c,cb,b9,f7,72,c4,a2,1c,97,30,6b,9a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:53,ea,fd,4c,cb,1b,f6,29,af,bf,a0,6a,7a,25,86,ed,35,f3,61,e6,56,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6f,ff,6b,a9,94,ea,59,40,83,05,0b,90,11,01,4c,13,f1,..
"khjeh"=hex:5b,c7,ec,0f,2c,fe,53,76,ec,20,fd,ec,8d,a1,1b,d6,6a,de,36,2c,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cf,bc,74,fb,7b,7d,b4,5a,f2,2e,e7,68,8b,93,11,c2,8c,50,de,eb,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:ac,da,ff,4f,1a,6a,7d,7d,5a,54,f7,31,df,95,69,f8,78,9d,ab,59,96,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,47,63,0b,a3,66,8e,30,d7,1b,61,c2,a6,d9,e8,be,7b,19,..
"hdf12"=hex:48,17,4d,e8,53,75,06,dc,72,82,7c,69,40,96,35,88,44,24,7b,f0,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:30,da,ea,30,16,37,ff,14,3d,d7,80,c5,bb,52,e3,95,6f,27,01,84,19,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:15,00,8c,64,eb,cd,cd,0e,79,62,e5,de,72,87,c9,be,d1,7d,b1,4b,d3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:33,18,27,bb,39,48,06,60,82,5c,cb,b9,f7,72,c4,a2,1c,97,30,6b,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:53,ea,fd,4c,cb,1b,f6,29,af,bf,a0,6a,7a,25,86,ed,35,f3,61,e6,56,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6f,ff,6b,a9,94,ea,59,40,83,05,0b,90,11,01,4c,13,f1,..
"khjeh"=hex:5b,c7,ec,0f,2c,fe,53,76,ec,20,fd,ec,8d,a1,1b,d6,6a,de,36,2c,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cf,bc,74,fb,7b,7d,b4,5a,f2,2e,e7,68,8b,93,11,c2,8c,50,de,eb,50,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\lxcycoms.exe"="C:\\WINDOWS\\system32\\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"="C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe:*:Enabled:Soulstorm"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Mon 4 Feb 2008 151,040 ..SH. --- "C:\WINDOWS\system32\VistaUltm.dll"
Fri 31 Dec 1999 27,648 ...HR --- "C:\WINDOWS\system32\WavMix32.dll"
Thu 24 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Thu 6 Mar 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Thu 14 Feb 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Thu 14 Feb 2008 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Wed 23 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 29 Dec 2005 8,947,290 A..H. --- "C:\Documents and Settings\Ellie\Desktop\Revolutionized1point1\1320v152S.exe"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Mon 9 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Mon 9 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Mon 9 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Mon 9 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Mon 9 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Mon 9 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Mon 9 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Mon 9 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Mon 9 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Mon 9 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Mon 9 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Mon 9 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT4.tmp"

Finished!

#5 soulo

soulo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 08 April 2008 - 02:48 PM

otscanit


OTScanIt logfile created on: 4/8/2008 12:24:54 PM
OTScanIt by OldTimer - Version 1.0.9.0	 Folder = C:\Documents and Settings\Ellie\My Documents\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.50 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 66.00% Memory free
3.35 Gb Paging File | 3.01 Gb Available in Paging File | 89.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 17.80 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
Drive D: | 44.61 Gb Total Space | 13.96 Gb Free Space | 31.29% Space Free | Partition Type: NTFS
Drive E: | 49.89 Gb Total Space | 5.06 Gb Free Space | 10.14% Space Free | Partition Type: NTFS
Drive F: | 43.96 Gb Total Space | 5.64 Gb Free Space | 12.83% Space Free | Partition Type: NTFS
Drive G: | 12.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
Drive I: | 47.85 Gb Total Space | 16.72 Gb Free Space | 34.95% Space Free | Partition Type: NTFS

Computer Name: SUAPIA-3P80GKFO
Current User Name: Ellie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
lxcycoms.exe -> %SystemRoot%\system32\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Modified Date = 6/20/2007 7:28:56 AM | Attr =	]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 4:08:06 AM | Attr =	]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 9:15:18 PM | Attr =	]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 1:36:04 PM | Attr =	]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 1:02:14 PM | Attr =	]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 4:54:42 PM | Attr =	]
nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 9/20/2007 10:51:46 AM | Attr =	]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr =	]
perfs.exe -> %SystemRoot%\system32\perfs.exe ->  [Ver = 2.0.0.4 | Size = 31232 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr =	]
routing.exe -> %SystemRoot%\system32\routing.exe ->  [Ver = 2.0.0.4 | Size = 31232 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 2:38:08 PM | Attr =	]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 11:33:14 PM | Attr =	]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 2:41:52 AM | Attr =	]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.27 | Size = 67072 bytes | Modified Date = 5/14/2004 12:47:18 AM | Attr =	]
pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 200704 bytes | Modified Date = 8/6/2007 5:05:46 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
lxcymon.exe -> %ProgramFiles%\Lexmark 3400 Series\lxcymon.exe ->  [Ver = 0.1.25.0 | Size = 291504 bytes | Modified Date = 6/25/2007 11:34:56 AM | Attr =	]
ezprint.exe -> %ProgramFiles%\Lexmark 3400 Series\ezprint.exe -> Lexmark International Inc. [Ver = 3.18.0.0 | Size = 82608 bytes | Modified Date = 6/25/2007 11:34:58 AM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 4/4/2008 3:33:29 AM | Attr =	]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 9:15:06 AM | Attr =	]
nmbgmonitor.exe -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe -> Nero AG [Ver = 3.1.0.0 | Size = 202024 bytes | Modified Date = 9/20/2007 4:35:10 PM | Attr =	]
daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.11.2.0 | Size = 486856 bytes | Modified Date = 12/29/2007 5:05:17 AM | Attr =	]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, S.L. [Ver = 1.0 (32-bit) | Size = 394856 bytes | Modified Date = 12/3/2007 12:10:00 PM | Attr = R  ]
nmindexingservice.exe -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.1.0.0 | Size = 382248 bytes | Modified Date = 9/20/2007 4:35:38 PM | Attr =	]
nmindexstoresvr.exe -> %CommonProgramFiles%\Nero\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 3.1.0.0 | Size = 1410344 bytes | Modified Date = 9/20/2007 4:35:40 PM | Attr =	]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 10:16:08 AM | Attr =	]
otscanit.exe -> %UserProfile%\My Documents\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 4/4/2008 12:24:38 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 1/23/2008 1:03:19 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:50 AM | Attr =	]
(lxcy_device) lxcy_device [Win32_Own | Auto | Running] -> %SystemRoot%\system32\lxcycoms.exe ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Modified Date = 6/20/2007 7:28:56 AM | Attr =	]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 4:08:06 AM | Attr =	]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 9:15:18 PM | Attr =	]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/25/2007 3:16:16 AM | Attr =	]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 1:36:04 PM | Attr =	]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] ->  -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 2:41:52 AM | Attr =	]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 4:54:42 PM | Attr =	]
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 9/20/2007 10:51:46 AM | Attr =	]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.1.0.0 | Size = 382248 bytes | Modified Date = 9/20/2007 4:35:38 PM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr =	]
(perfmons) perfmons Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\perfs.exe ->  [Ver = 2.0.0.4 | Size = 31232 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr =	]
(Routing) Routing Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\routing.exe ->  [Ver = 2.0.0.4 | Size = 31232 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 2:38:08 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
EzPrint -> %ProgramFiles%\Lexmark 3400 Series\ezprint.exe ["C:\Program Files\Lexmark 3400 Series\ezprint.exe"] -> Lexmark International Inc. [Ver = 3.18.0.0 | Size = 82608 bytes | Modified Date = 6/25/2007 11:34:58 AM | Attr =	]
LXCYCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\lxcytime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16] -> Lexmark International Inc. [Ver = 1.32.0.0 | Size = 106496 bytes | Modified Date = 11/21/2006 2:27:06 PM | Attr =	]
lxcymon.exe -> %ProgramFiles%\Lexmark 3400 Series\lxcymon.exe ["C:\Program Files\Lexmark 3400 Series\lxcymon.exe"] ->  [Ver = 0.1.25.0 | Size = 291504 bytes | Modified Date = 6/25/2007 11:34:56 AM | Attr =	]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 11:33:14 PM | Attr =	]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe [C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 3/1/2007 4:57:24 PM | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr =	]
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE [C:\Program Files\PowerISO\PWRISOVM.EXE] -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 200704 bytes | Modified Date = 8/6/2007 5:05:46 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 1/31/2008 11:13:08 PM | Attr =	]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5.1.0.27 | Size = 67072 bytes | Modified Date = 5/14/2004 12:47:18 AM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 4/4/2008 3:33:29 AM | Attr =	]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 9:15:06 AM | Attr =	]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 3.1.0.0 | Size = 202024 bytes | Modified Date = 9/20/2007 4:35:10 PM | Attr =	]
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe"] -> DT Soft Ltd [Ver = 4.11.2.0 | Size = 486856 bytes | Modified Date = 12/29/2007 5:05:17 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, S.L. [Ver = 1.0 (32-bit) | Size = 394856 bytes | Modified Date = 12/3/2007 12:10:00 PM | Attr = R  ]
< Ellie Startup Folder > -> C:\Documents and Settings\Ellie\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 8:16:50 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4241 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4240 domain(s) found. -> 
  .[msn] -> My Computer -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 3:37:24 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] ->  [Ver =  | Size = 184320 bytes | Modified Date = 8/9/2006 3:37:24 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
QS 4.2.1.0 ->  -> 
SV1 ->  -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200988553463[WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 792 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 12834 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> Azureus Inc [Ver = 3.0.0.0 | Size = 254976 bytes | Modified Date = 3/6/2008 12:05:38 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 9:15:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 10/27/2006 4:16:48 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/27/2006 4:37:44 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/27/2006 4:03:04 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\lxcycoms.exe -> C:\WINDOWS\system32\lxcycoms.exe [C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:Lexmark Communications System] ->   [Ver = 6.4.29.0 | Size = 537264 bytes | Modified Date = 6/20/2007 7:28:56 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] ->  [Ver =  | Size = 159744 bytes | Modified Date = 6/21/2006 7:58:33 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 9:15:06 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe -> C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe [C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm] -> THQ Canada Inc. [Ver = 1, 4, 0, 0 | Size = 20239730 bytes | Modified Date = 3/5/2008 11:43:30 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8866E545-B8DC-4020-8A08-135682DEA610} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 272 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 1:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 3/20/2008 2:34:31 AM | Attr =	]
Converted Music -> %SystemDrive%\Converted Music ->  [Folder | Created Date = 4/3/2008 1:01:21 AM | Attr =	]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 4/8/2008 2:55:13 AM | Attr =	]
lgusbbus.sys -> %SystemRoot%\System32\drivers\lgusbbus.sys -> LG Electronics Inc. [Ver = Ver 4.6 | Size = 21344 bytes | Created Date = 4/2/2008 11:46:25 PM | Attr =	]
lgusbdiag.sys -> %SystemRoot%\System32\drivers\lgusbdiag.sys -> LG Electronics Inc. [Ver = Ver 4.6 | Size = 38144 bytes | Created Date = 4/2/2008 11:46:25 PM | Attr =	]
lgusbmodem.sys -> %SystemRoot%\System32\drivers\lgusbmodem.sys -> LG Electronics Inc. [Ver = Ver 4.6 | Size = 39036 bytes | Created Date = 4/2/2008 11:46:26 PM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 3/20/2008 1:24:15 AM | Attr =	]
1.tsk -> %SystemRoot%\System32\1.tsk ->  [Ver =  | Size = 148 bytes | Created Date = 4/1/2008 11:47:22 PM | Attr =	]
adcklog.dat -> %SystemRoot%\System32\adcklog.dat ->  [Ver =  | Size = 175 bytes | Created Date = 4/8/2008 12:20:44 PM | Attr =	]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Created Date = 3/31/2008 12:33:13 AM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 4/3/2008 9:47:56 AM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 4/3/2008 9:47:56 AM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 4/3/2008 9:47:56 AM | Attr =	]
pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 4/4/2008 3:33:39 AM | Attr =	]
pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 4/4/2008 3:33:47 AM | Attr =	]
pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 4/4/2008 3:33:47 AM | Attr =	]
rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.50 | Size = 185944 bytes | Created Date = 4/4/2008 3:34:29 AM | Attr =	]
SIntf16.dll -> %SystemRoot%\System32\SIntf16.dll ->  [Ver =  | Size = 12067 bytes | Created Date = 3/22/2008 11:28:50 PM | Attr =	]
SIntf32.dll -> %SystemRoot%\System32\SIntf32.dll ->  [Ver =  | Size = 17212 bytes | Created Date = 3/22/2008 11:28:50 PM | Attr =	]
SIntfNT.dll -> %SystemRoot%\System32\SIntfNT.dll ->  [Ver =  | Size = 21840 bytes | Created Date = 3/22/2008 11:28:50 PM | Attr =	]
SpoonUninstall-dBpowerAMP Music Converter.bmp -> %SystemRoot%\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp ->  [Ver =  | Size = 27958 bytes | Created Date = 3/31/2008 9:51:09 AM | Attr =	]
SpoonUninstall-dBpowerAMP Music Converter.dat -> %SystemRoot%\System32\SpoonUninstall-dBpowerAMP Music Converter.dat ->  [Ver =  | Size = 17871 bytes | Created Date = 3/31/2008 9:51:09 AM | Attr =	]
SpoonUninstall.exe -> %SystemRoot%\System32\SpoonUninstall.exe ->  [Ver =  | Size = 167936 bytes | Created Date = 3/31/2008 9:51:09 AM | Attr =	]
tmp0_1292245850.bk -> %SystemRoot%\System32\tmp0_1292245850.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/11/2008 11:31:01 AM | Attr =	]
tmp0_27415878742.bk -> %SystemRoot%\System32\tmp0_27415878742.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/13/2008 11:31:20 AM | Attr =	]
tmp0_27556831859.bk -> %SystemRoot%\System32\tmp0_27556831859.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/15/2008 12:00:40 AM | Attr =	]
tmp0_299757204970.bk -> %SystemRoot%\System32\tmp0_299757204970.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/12/2008 12:01:09 AM | Attr =	]
tmp0_354310871909.bk -> %SystemRoot%\System32\tmp0_354310871909.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/10/2008 12:01:04 AM | Attr =	]
tmp0_360951881534.bk -> %SystemRoot%\System32\tmp0_360951881534.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/21/2008 11:01:56 PM | Attr =	]
tmp0_372828758216.bk -> %SystemRoot%\System32\tmp0_372828758216.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/16/2008 12:01:06 AM | Attr =	]
tmp0_496120695991.bk -> %SystemRoot%\System32\tmp0_496120695991.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/14/2008 12:01:28 AM | Attr =	]
tmp0_519380354273.bk -> %SystemRoot%\System32\tmp0_519380354273.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/22/2008 11:31:16 AM | Attr =	]
tmp0_63831533109.bk -> %SystemRoot%\System32\tmp0_63831533109.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/16/2008 11:00:43 PM | Attr =	]
tmp0_662262862581.bk -> %SystemRoot%\System32\tmp0_662262862581.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/20/2008 11:00:19 PM | Attr =	]
tmp0_735307306668.bk -> %SystemRoot%\System32\tmp0_735307306668.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/19/2008 11:30:30 AM | Attr =	]
tmp0_761831133871.bk -> %SystemRoot%\System32\tmp0_761831133871.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/23/2008 12:30:15 AM | Attr =	]
tmp0_871056417268.bk -> %SystemRoot%\System32\tmp0_871056417268.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/18/2008 3:05:22 PM | Attr =	]
tmp0_97981481624.bk -> %SystemRoot%\System32\tmp0_97981481624.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/20/2008 12:01:37 AM | Attr =	]
tmp1_118582843377.bk -> %SystemRoot%\System32\tmp1_118582843377.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/19/2008 11:30:35 AM | Attr =	]
tmp1_213282764134.bk -> %SystemRoot%\System32\tmp1_213282764134.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/23/2008 12:30:20 AM | Attr =	]
tmp1_272009483530.bk -> %SystemRoot%\System32\tmp1_272009483530.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/22/2008 11:31:21 AM | Attr =	]
tmp1_330530446507.bk -> %SystemRoot%\System32\tmp1_330530446507.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/16/2008 12:01:11 AM | Attr =	]
tmp1_361194440459.bk -> %SystemRoot%\System32\tmp1_361194440459.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/13/2008 11:31:25 AM | Attr =	]
tmp1_481423334583.bk -> %SystemRoot%\System32\tmp1_481423334583.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/18/2008 3:05:27 PM | Attr =	]
tmp1_62450209969.bk -> %SystemRoot%\System32\tmp1_62450209969.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/12/2008 12:01:14 AM | Attr =	]
tmp1_670364885609.bk -> %SystemRoot%\System32\tmp1_670364885609.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/21/2008 11:02:02 PM | Attr =	]
tmp1_713432442087.bk -> %SystemRoot%\System32\tmp1_713432442087.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/11/2008 11:31:06 AM | Attr =	]
tmp1_725186344791.bk -> %SystemRoot%\System32\tmp1_725186344791.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/14/2008 12:01:33 AM | Attr =	]
tmp1_785024177472.bk -> %SystemRoot%\System32\tmp1_785024177472.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/20/2008 12:01:42 AM | Attr =	]
tmp1_792289399886.bk -> %SystemRoot%\System32\tmp1_792289399886.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/20/2008 11:00:24 PM | Attr =	]
tmp1_857681662165.bk -> %SystemRoot%\System32\tmp1_857681662165.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/10/2008 12:01:09 AM | Attr =	]
tmp1_866012462236.bk -> %SystemRoot%\System32\tmp1_866012462236.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/16/2008 11:00:48 PM | Attr =	]
tmp1_876510679043.bk -> %SystemRoot%\System32\tmp1_876510679043.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/15/2008 12:00:45 AM | Attr =	]
tmp3_18828556572.bk -> %SystemRoot%\System32\tmp3_18828556572.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/18/2008 3:05:39 PM | Attr =	]
tmp3_204487679273.bk -> %SystemRoot%\System32\tmp3_204487679273.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/14/2008 12:02:05 AM | Attr =	]
tmp3_222718290186.bk -> %SystemRoot%\System32\tmp3_222718290186.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/15/2008 12:00:56 AM | Attr =	]
tmp3_318559499456.bk -> %SystemRoot%\System32\tmp3_318559499456.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/11/2008 11:31:17 AM | Attr =	]
tmp3_333882461753.bk -> %SystemRoot%\System32\tmp3_333882461753.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/22/2008 11:31:32 AM | Attr =	]
tmp3_36262278466.bk -> %SystemRoot%\System32\tmp3_36262278466.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/21/2008 11:02:16 PM | Attr =	]
tmp3_39773742021.bk -> %SystemRoot%\System32\tmp3_39773742021.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/20/2008 12:01:54 AM | Attr =	]
tmp3_477519449075.bk -> %SystemRoot%\System32\tmp3_477519449075.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/16/2008 11:01:08 PM | Attr =	]
tmp3_535858745038.bk -> %SystemRoot%\System32\tmp3_535858745038.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/19/2008 11:30:47 AM | Attr =	]
tmp3_577380222146.bk -> %SystemRoot%\System32\tmp3_577380222146.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/23/2008 12:30:31 AM | Attr =	]
tmp3_771611252181.bk -> %SystemRoot%\System32\tmp3_771611252181.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/16/2008 12:01:23 AM | Attr =	]
tmp3_785943482113.bk -> %SystemRoot%\System32\tmp3_785943482113.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/20/2008 11:00:36 PM | Attr =	]
tmp3_882168398427.bk -> %SystemRoot%\System32\tmp3_882168398427.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/13/2008 11:31:37 AM | Attr =	]
tmp4_107310556087.bk -> %SystemRoot%\System32\tmp4_107310556087.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/20/2008 12:01:59 AM | Attr =	]
tmp4_12823829212.bk -> %SystemRoot%\System32\tmp4_12823829212.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/10/2008 12:01:50 AM | Attr =	]
tmp4_159120247512.bk -> %SystemRoot%\System32\tmp4_159120247512.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/20/2008 11:00:45 PM | Attr =	]
tmp4_271984381901.bk -> %SystemRoot%\System32\tmp4_271984381901.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/15/2008 12:01:05 AM | Attr =	]
tmp4_38532617104.bk -> %SystemRoot%\System32\tmp4_38532617104.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/16/2008 12:01:29 AM | Attr =	]
tmp4_425684290922.bk -> %SystemRoot%\System32\tmp4_425684290922.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/19/2008 11:30:53 AM | Attr =	]
tmp4_430000855188.bk -> %SystemRoot%\System32\tmp4_430000855188.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/22/2008 11:31:38 AM | Attr =	]
tmp4_480526624583.bk -> %SystemRoot%\System32\tmp4_480526624583.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/14/2008 12:02:11 AM | Attr =	]
tmp4_520828648012.bk -> %SystemRoot%\System32\tmp4_520828648012.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/16/2008 11:01:14 PM | Attr =	]
tmp4_56035045604.bk -> %SystemRoot%\System32\tmp4_56035045604.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/13/2008 11:31:43 AM | Attr =	]
tmp4_61185615699.bk -> %SystemRoot%\System32\tmp4_61185615699.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/23/2008 12:30:38 AM | Attr =	]
tmp4_682523756994.bk -> %SystemRoot%\System32\tmp4_682523756994.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/21/2008 11:02:22 PM | Attr =	]
tmp4_840551795275.bk -> %SystemRoot%\System32\tmp4_840551795275.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/18/2008 3:05:45 PM | Attr =	]
tmp4_879633831579.bk -> %SystemRoot%\System32\tmp4_879633831579.bk ->  [Ver =  | Size = 68 bytes | Created Date = 3/11/2008 11:31:23 AM | Attr =	]
xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll ->  [Ver = 30635 | Size = 41296 bytes | Created Date = 3/13/2008 4:06:28 PM | Attr =	]
avisplitter.INI -> %SystemRoot%\avisplitter.INI ->  [Ver =  | Size = 38 bytes | Created Date = 3/27/2008 4:38:47 AM | Attr =	]
cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 25 bytes | Created Date = 4/4/2008 3:36:35 AM | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 4/8/2008 2:55:36 AM | Attr =	]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
pondfishing.ini -> %SystemRoot%\pondfishing.ini ->  [Ver =  | Size = 119 bytes | Created Date = 4/4/2008 9:04:07 PM | Attr =	]
pondfishing.tf -> %SystemRoot%\pondfishing.tf ->  [Ver =  | Size = 882 bytes | Created Date = 4/4/2008 11:27:07 PM | Attr =	]
popcinfo.dat -> %SystemRoot%\popcinfo.dat ->  [Ver =  | Size = 16 bytes | Created Date = 3/23/2008 10:52:52 PM | Attr =	]
riverfishing.ini -> %SystemRoot%\riverfishing.ini ->  [Ver =  | Size = 134 bytes | Created Date = 4/4/2008 9:04:07 PM | Attr =	]
scunin.dat -> %SystemRoot%\scunin.dat ->  [Ver =  | Size = 32738 bytes | Created Date = 4/4/2008 8:00:26 PM | Attr =	]
ScUnin.exe -> %SystemRoot%\ScUnin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 | Size = 94208 bytes | Created Date = 4/4/2008 8:00:24 PM | Attr =	]
ScUnin.pif -> %SystemRoot%\ScUnin.pif ->  [Ver =  | Size = 967 bytes | Created Date = 4/4/2008 8:00:25 PM | Attr =	]
surffishing.ini -> %SystemRoot%\surffishing.ini ->  [Ver =  | Size = 135 bytes | Created Date = 4/4/2008 9:04:07 PM | Attr =	]
surffishing.tf -> %SystemRoot%\surffishing.tf ->  [Ver =  | Size = 1372 bytes | Created Date = 4/4/2008 11:30:21 PM | Attr =	]
Wavemix.ini -> %SystemRoot%\Wavemix.ini ->  [Ver =  | Size = 2552 bytes | Created Date = 4/4/2008 9:04:07 PM | Attr = RH ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Created Date = 3/22/2008 3:25:09 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Created Date = 3/22/2008 3:25:00 AM | Attr =	]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer ->  [Folder | Created Date = 3/22/2008 3:25:57 AM | Attr =	]
nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles ->  [Folder | Created Date = 3/20/2008 2:36:08 AM | Attr =	]
GetRightToGo -> %AppData%\GetRightToGo ->  [Folder | Created Date = 3/30/2008 12:24:53 AM | Attr =	]
Help -> %AppData%\Help ->  [Folder | Created Date = 4/4/2008 11:32:01 PM | Attr =	]
Real -> %AppData%\Real ->  [Folder | Created Date = 4/4/2008 3:33:18 AM | Attr =	]
Seekmo -> %AppData%\Seekmo ->  [Folder | Created Date = 3/20/2008 2:37:26 AM | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Created Date = 3/22/2008 3:25:08 AM | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Created Date = 3/22/2008 3:24:50 AM | Attr =	]
Help -> %UserProfile%\Local Settings\Application Data\Help ->  [Folder | Created Date = 4/4/2008 11:32:01 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3179092 bytes | Created Date = 4/8/2008 2:47:11 AM | Attr =  H ]
0216081143.jpg -> %UserProfile%\My Documents\0216081143.jpg ->  [Ver =  | Size = 73965 bytes | Created Date = 3/10/2008 11:28:18 PM | Attr =	]
0308081221.jpg -> %UserProfile%\My Documents\0308081221.jpg ->  [Ver =  | Size = 82818 bytes | Created Date = 3/10/2008 11:28:18 PM | Attr =	]
0316082041_1.jpg -> %UserProfile%\My Documents\0316082041_1.jpg ->  [Ver =  | Size = 59589 bytes | Created Date = 3/25/2008 12:00:22 AM | Attr =	]
0324082201_1.jpg -> %UserProfile%\My Documents\0324082201_1.jpg ->  [Ver =  | Size = 64213 bytes | Created Date = 3/25/2008 12:00:22 AM | Attr =	]
0324082204.jpg -> %UserProfile%\My Documents\0324082204.jpg ->  [Ver =  | Size = 100789 bytes | Created Date = 3/25/2008 12:00:22 AM | Attr =	]
0324082204a.jpg -> %UserProfile%\My Documents\0324082204a.jpg ->  [Ver =  | Size = 96335 bytes | Created Date = 3/25/2008 12:00:22 AM | Attr =	]
0324082204b.jpg -> %UserProfile%\My Documents\0324082204b.jpg ->  [Ver =  | Size = 96017 bytes | Created Date = 3/25/2008 12:00:22 AM | Attr =	]
0330081139.jpg -> %UserProfile%\My Documents\0330081139.jpg ->  [Ver =  | Size = 90080 bytes | Created Date = 4/3/2008 12:17:37 AM | Attr =	]
0330081139a.jpg -> %UserProfile%\My Documents\0330081139a.jpg ->  [Ver =  | Size = 92224 bytes | Created Date = 4/3/2008 12:17:37 AM | Attr =	]
0330081623.jpg -> %UserProfile%\My Documents\0330081623.jpg ->  [Ver =  | Size = 72657 bytes | Created Date = 4/3/2008 12:17:37 AM | Attr =	]
AdobeStockPhotos -> %UserProfile%\My Documents\AdobeStockPhotos ->  [Folder | Created Date = 3/23/2008 2:23:43 PM | Attr =	]
assignment10.1.docx -> %UserProfile%\My Documents\assignment10.1.docx ->  [Ver =  | Size = 10649 bytes | Created Date = 4/2/2008 1:07:21 AM | Attr =	]
assignment10.2.docx -> %UserProfile%\My Documents\assignment10.2.docx ->  [Ver =  | Size = 11830 bytes | Created Date = 4/2/2008 12:59:39 AM | Attr =	]
baby ellie.jpg -> %UserProfile%\My Documents\baby ellie.jpg ->  [Ver =  | Size = 252014 bytes | Created Date = 3/25/2008 12:09:54 AM | Attr =	]
bellydance1.mov -> %UserProfile%\My Documents\bellydance1.mov ->  [Ver =  | Size = 475 bytes | Created Date = 4/4/2008 3:08:28 AM | Attr =	]
bitpim -> %UserProfile%\My Documents\bitpim ->  [Folder | Created Date = 4/2/2008 11:36:45 PM | Attr =	]
bwbabyme.psd -> %UserProfile%\My Documents\bwbabyme.psd ->  [Ver =  | Size = 1356620 bytes | Created Date = 3/25/2008 12:09:00 AM | Attr =	]
Conversation.docx -> %UserProfile%\My Documents\Conversation.docx ->  [Ver =  | Size = 13474 bytes | Created Date = 3/31/2008 9:45:13 AM | Attr =	]
crossword puzzle.docx -> %UserProfile%\My Documents\crossword puzzle.docx ->  [Ver =  | Size = 10854 bytes | Created Date = 3/12/2008 1:01:53 PM | Attr =	]
Database1.accdb -> %UserProfile%\My Documents\Database1.accdb ->  [Ver =  | Size = 413696 bytes | Created Date = 3/19/2008 12:06:33 AM | Attr =	]
Debug Logs -> %UserProfile%\My Documents\Debug Logs ->  [Folder | Created Date = 3/21/2008 12:06:51 PM | Attr =	]
dildo1.mpg -> %UserProfile%\My Documents\dildo1.mpg ->  [Ver =  | Size = 801446 bytes | Created Date = 3/26/2008 4:16:03 AM | Attr =	]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Created Date = 3/30/2008 12:25:02 AM | Attr =	]
Ellie birthday greeting.docx -> %UserProfile%\My Documents\Ellie birthday greeting.docx ->  [Ver =  | Size = 10437 bytes | Created Date = 3/30/2008 10:41:17 PM | Attr =	]
ellientshiabnag.jpg -> %UserProfile%\My Documents\ellientshiabnag.jpg ->  [Ver =  | Size = 38512 bytes | Created Date = 4/7/2008 7:25:26 PM | Attr =	]
invite.jpg -> %UserProfile%\My Documents\invite.jpg ->  [Ver =  | Size = 6994 bytes | Created Date = 3/30/2008 10:46:50 PM | Attr =	]
Leapa Chang.docx -> %UserProfile%\My Documents\Leapa Chang.docx ->  [Ver =  | Size = 11193 bytes | Created Date = 3/19/2008 12:15:04 AM | Attr =	]
mamiiellie.jpg -> %UserProfile%\My Documents\mamiiellie.jpg ->  [Ver =  | Size = 204084 bytes | Created Date = 3/25/2008 12:22:26 AM | Attr =	]
mark.jpg -> %UserProfile%\My Documents\mark.jpg ->  [Ver =  | Size = 48886 bytes | Created Date = 3/28/2008 4:16:28 AM | Attr =	]
michellenme.jpg -> %UserProfile%\My Documents\michellenme.jpg ->  [Ver =  | Size = 52695 bytes | Created Date = 4/7/2008 7:24:14 PM | Attr =	]
Money keeping.xlsx -> %UserProfile%\My Documents\Money keeping.xlsx ->  [Ver =  | Size = 9642 bytes | Created Date = 3/22/2008 4:47:04 AM | Attr =	]
myef9.jpg -> %UserProfile%\My Documents\myef9.jpg ->  [Ver =  | Size = 119692 bytes | Created Date = 3/26/2008 3:30:41 AM | Attr =	]
OTScanIt -> %UserProfile%\My Documents\OTScanIt ->  [Folder | Created Date = 4/8/2008 12:23:28 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\My Documents\OTScanIt.exe ->  [Ver =  | Size = 540250 bytes | Created Date = 4/8/2008 2:46:04 AM | Attr =	]
princess-invitation-a5-1.jpg -> %UserProfile%\My Documents\princess-invitation-a5-1.jpg ->  [Ver =  | Size = 4410 bytes | Created Date = 3/30/2008 10:47:58 PM | Attr =	]
radiology form for ccsf.docx -> %UserProfile%\My Documents\radiology form for ccsf.docx ->  [Ver =  | Size = 87062 bytes | Created Date = 3/16/2008 11:18:18 PM | Attr =	]
SDFix.exe -> %UserProfile%\My Documents\SDFix.exe ->  [Ver =  | Size = 1415295 bytes | Created Date = 4/8/2008 2:45:20 AM | Attr =	]
Seven Kingdoms Conquest -> %UserProfile%\My Documents\Seven Kingdoms Conquest ->  [Folder | Created Date = 3/21/2008 12:06:49 PM | Attr =	]
short cut.jpg -> %UserProfile%\My Documents\short cut.jpg ->  [Ver =  | Size = 55254 bytes | Created Date = 4/3/2008 11:40:48 PM | Attr =	]
sittingellie.jpg -> %UserProfile%\My Documents\sittingellie.jpg ->  [Ver =  | Size = 205355 bytes | Created Date = 3/25/2008 12:10:48 AM | Attr =	]
tila.jpg -> %UserProfile%\My Documents\tila.jpg ->  [Ver =  | Size = 48360 bytes | Created Date = 4/1/2008 10:39:00 PM | Attr =	]
Updater -> %UserProfile%\My Documents\Updater ->  [Folder | Created Date = 3/23/2008 10:11:52 PM | Attr =	]
vicktoriaellieme.jpg -> %UserProfile%\My Documents\vicktoriaellieme.jpg ->  [Ver =  | Size = 31126 bytes | Created Date = 4/7/2008 7:23:31 PM | Attr =	]
Nitto 1320 Legends.lnk -> %AllUsersProfile%\Desktop\Nitto 1320 Legends.lnk ->  [Ver =  | Size = 792 bytes | Created Date = 4/5/2008 12:59:47 PM | Attr =	]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Created Date = 3/22/2008 3:27:03 AM | Attr =	]
Seven Kingdoms Conquest.lnk -> %AllUsersProfile%\Desktop\Seven Kingdoms Conquest.lnk ->  [Ver =  | Size = 1895 bytes | Created Date = 3/21/2008 11:58:57 AM | Attr =	]
Soulstorm.lnk -> %AllUsersProfile%\Desktop\Soulstorm.lnk ->  [Ver =  | Size = 860 bytes | Created Date = 3/20/2008 9:48:31 AM | Attr =	]
03-21-08_1220.jpg -> %UserProfile%\Desktop\03-21-08_1220.jpg ->  [Ver =  | Size = 50748 bytes | Created Date = 3/21/2008 12:22:16 PM | Attr =	]
03-21-08_1221.jpg -> %UserProfile%\Desktop\03-21-08_1221.jpg ->  [Ver =  | Size = 22377 bytes | Created Date = 3/21/2008 12:22:16 PM | Attr =	]
1320v152S.exe -> %UserProfile%\Desktop\1320v152S.exe -> Macromedia, Inc. [Ver = 10.1r11 | Size = 8947290 bytes | Created Date = 4/5/2008 1:00:54 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 4/8/2008 2:46:01 AM | Attr =	]
bitpim-1.0.5-setup.exe -> %UserProfile%\Desktop\bitpim-1.0.5-setup.exe -> Joe Pham <djpham@bitpim.org>								 [Ver =					  | Size = 11679762 bytes | Created Date = 4/2/2008 11:35:29 PM | Attr =	]
body -> %UserProfile%\Desktop\body ->  [Folder | Created Date = 4/4/2008 1:35:16 AM | Attr =	]
dBpowerAMP Music Converter.lnk -> %UserProfile%\Desktop\dBpowerAMP Music Converter.lnk ->  [Ver =  | Size = 771 bytes | Created Date = 3/31/2008 9:51:17 AM | Attr =	]
dMC Audio CD Input.lnk -> %UserProfile%\Desktop\dMC Audio CD Input.lnk ->  [Ver =  | Size = 729 bytes | Created Date = 3/31/2008 9:51:17 AM | Attr =	]
dMC-r10.exe -> %UserProfile%\Desktop\dMC-r10.exe ->  [Ver =  | Size = 1519800 bytes | Created Date = 3/31/2008 9:46:45 AM | Attr =	]
gwe.exe -> %UserProfile%\Desktop\gwe.exe -> Quixotic Yawl Studio [Ver = 2.3.2.0629 | Size = 218624 bytes | Created Date = 3/11/2008 10:34:26 AM | Attr =	]
hackedversion.swf -> %UserProfile%\Desktop\hackedversion.swf ->  [Ver =  | Size = 5222499 bytes | Created Date = 4/5/2008 1:00:57 PM | Attr =	]
leapa pic -> %UserProfile%\Desktop\leapa pic ->  [Folder | Created Date = 4/7/2008 11:50:33 AM | Attr =	]
LGUSBModemDriver_SON_ML_Ver_4.6.exe -> %UserProfile%\Desktop\LGUSBModemDriver_SON_ML_Ver_4.6.exe -> InstallShield Software Corporation [Ver = 10.0.159 | Size = 3373038 bytes | Created Date = 4/2/2008 11:44:35 PM | Attr =	]
LODPatch_110.exe -> %UserProfile%\Desktop\LODPatch_110.exe -> Blizzard Entertainment [Ver = 2, 70, 0, 0 | Size = 5122687 bytes | Created Date = 3/22/2008 11:23:53 PM | Attr =	]
LOWE's.doc -> %UserProfile%\Desktop\LOWE's.doc ->  [Ver =  | Size = 40960 bytes | Created Date = 3/20/2008 11:33:28 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\LOWE's.doc:Zone.Identifier
MoneyMaker.exe -> %UserProfile%\Desktop\MoneyMaker.exe ->  [Ver = 0.7.1.16 | Size = 695808 bytes | Created Date = 3/30/2008 12:36:41 AM | Attr =	]
Nitto1320LegendsBeta.exe -> %UserProfile%\Desktop\Nitto1320LegendsBeta.exe -> Cie Studios												  [Ver =					  | Size = 43044536 bytes | Created Date = 4/5/2008 12:57:55 PM | Attr =	]
NittoRevolutionized.exe -> %UserProfile%\Desktop\NittoRevolutionized.exe ->  [Ver =  | Size = 406016 bytes | Created Date = 4/5/2008 1:00:57 PM | Attr =	]
nittostarter2.exe -> %UserProfile%\Desktop\nittostarter2.exe ->  [Ver =  | Size = 406016 bytes | Created Date = 4/6/2008 1:26:22 AM | Attr =	]
originalcrc.CEM -> %UserProfile%\Desktop\originalcrc.CEM ->  [Ver =  | Size = 4160 bytes | Created Date = 4/5/2008 1:00:57 PM | Attr =	]
RealPlayer11GOLD.exe -> %UserProfile%\Desktop\RealPlayer11GOLD.exe -> RealNetworks, Inc. [Ver = 1.0.6.80 | Size = 353840 bytes | Created Date = 4/4/2008 3:27:40 AM | Attr =	]
Revolutionized1point1 -> %UserProfile%\Desktop\Revolutionized1point1 ->  [Folder | Created Date = 4/6/2008 2:43:28 AM | Attr =	]
SCKeyChanger.exe -> %UserProfile%\Desktop\SCKeyChanger.exe -> Blizzard Entertainment [Ver = 1.0 | Size = 471895 bytes | Created Date = 4/4/2008 8:05:29 PM | Attr =	]
Setup.exe -> %UserProfile%\Desktop\Setup.exe -> Zango, Inc. [Ver = 52, 0, 2, 0 | Size = 303368 bytes | Created Date = 3/19/2008 11:09:12 PM | Attr =	]
Seven Kingdoms Conquest Promo Trainer.exe -> %UserProfile%\Desktop\Seven Kingdoms Conquest Promo Trainer.exe ->  [Ver =  | Size = 1216512 bytes | Created Date = 3/21/2008 12:05:08 PM | Attr =	]
Shortcut (2) to Diablo II.lnk -> %UserProfile%\Desktop\Shortcut (2) to Diablo II.lnk ->  [Ver =  | Size = 610 bytes | Created Date = 3/22/2008 11:31:46 PM | Attr =	]
Shortcut to StreetLegal_Redline.lnk -> %UserProfile%\Desktop\Shortcut to StreetLegal_Redline.lnk ->  [Ver =  | Size = 863 bytes | Created Date = 3/31/2008 12:42:08 AM | Attr =	]
Shortcut to winamp.lnk -> %UserProfile%\Desktop\Shortcut to winamp.lnk ->  [Ver =  | Size = 598 bytes | Created Date = 3/28/2008 4:04:28 AM | Attr =	]
STAR-KEY.EXE -> %UserProfile%\Desktop\STAR-KEY.EXE ->  [Ver =  | Size = 31232 bytes | Created Date = 4/4/2008 8:59:44 PM | Attr =	]
StreetLegal_Redline_230LE_patch.exe -> %UserProfile%\Desktop\StreetLegal_Redline_230LE_patch.exe -> Invictus-Games Ltd. [Ver = 1.0.0.0 | Size = 102993462 bytes | Created Date = 3/30/2008 9:11:20 PM | Attr =	]
The.Settlers.Rise.Of.An.Empire.The.Eastern.Realm.[English][PCDVD][WwW.GamesTorrents.CoM].t3973.torrent -> %UserProfile%\Desktop\The.Settlers.Rise.Of.An.Empire.The.Eastern.Realm.[English][PCDVD][WwW.GamesTorrents.CoM].t3973.torrent ->  [Ver =  | Size = 23307 bytes | Created Date = 4/4/2008 11:41:16 PM | Attr =	]
VehicleType.class -> %UserProfile%\Desktop\VehicleType.class ->  [Ver =  | Size = 10558 bytes | Created Date = 4/4/2008 3:48:08 AM | Attr =	]
wheels -> %UserProfile%\Desktop\wheels ->  [Folder | Created Date = 4/4/2008 1:35:33 AM | Attr =	]
[isoHunt] Starcraft   BroodWar   Update Patch 1.151   CD Key.torrent -> %UserProfile%\Desktop\[isoHunt] Starcraft   BroodWar   Update Patch 1.151   CD Key.torrent ->  [Ver =  | Size = 14091 bytes | Created Date = 4/4/2008 3:50:52 PM | Attr =	]
[isoHunt] The.Settlers.VI.Rise.Of.An.Empire-CLONECD.torrent -> %UserProfile%\Desktop\[isoHunt] The.Settlers.VI.Rise.Of.An.Empire-CLONECD.torrent ->  [Ver =  | Size = 69060 bytes | Created Date = 4/7/2008 9:44:20 AM | Attr =	]
Invictus -> %CommonProgramFiles%\Invictus ->  [Folder | Created Date = 3/30/2008 10:18:02 PM | Attr =	]
Real -> %CommonProgramFiles%\Real ->  [Folder | Created Date = 4/4/2008 3:33:23 AM | Attr =	]
xing shared -> %CommonProgramFiles%\xing shared ->  [Folder | Created Date = 4/4/2008 3:34:51 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 4/3/2008 9:48:05 AM | Attr =	]
Converted Music -> %SystemDrive%\Converted Music ->  [Folder | Modified Date = 4/3/2008 1:02:04 AM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 4/8/2008 2:53:09 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 4/5/2008 12:59:17 PM | Attr = R  ]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 4/8/2008 2:55:13 AM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 4/8/2008 2:55:36 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 4/8/2008 2:59:42 AM | Attr =	]
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 4/8/2008 2:59:42 AM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 3/20/2008 1:21:48 AM | Attr =	]
1.tsk -> %SystemRoot%\System32\1.tsk ->  [Ver =  | Size = 148 bytes | Modified Date = 4/3/2008 12:55:23 AM | Attr =	]
adcklog.dat -> %SystemRoot%\System32\adcklog.dat ->  [Ver =  | Size = 175 bytes | Modified Date = 4/8/2008 12:20:46 PM | Attr =	]
andt.sys -> %SystemRoot%\System32\andt.sys ->  [Ver = 2.0.1.110 | Size = 276480 bytes | Modified Date = 3/13/2008 11:32:54 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 4/6/2008 11:12:04 PM | Attr =	]
6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 20567 bytes | Modified Date = 4/8/2008 3:05:57 AM | Attr =	]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 3/31/2008 12:33:13 AM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 3/20/2008 9:48:31 AM | Attr =	]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 4/2/2008 11:46:42 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 59440 bytes | Modified Date = 4/2/2008 11:47:41 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 395200 bytes | Modified Date = 4/2/2008 11:47:41 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 462344 bytes | Modified Date = 4/2/2008 11:47:41 PM | Attr =	]
pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 4/4/2008 3:33:39 AM | Attr =	]
pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 4/4/2008 3:33:47 AM | Attr =	]
pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 4/4/2008 3:33:47 AM | Attr =	]
rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.50 | Size = 185944 bytes | Modified Date = 4/4/2008 3:34:29 AM | Attr =	]
SIntf16.dll -> %SystemRoot%\System32\SIntf16.dll ->  [Ver =  | Size = 12067 bytes | Modified Date = 3/22/2008 11:28:50 PM | Attr =	]
SIntf32.dll -> %SystemRoot%\System32\SIntf32.dll ->  [Ver =  | Size = 17212 bytes | Modified Date = 3/22/2008 11:28:50 PM | Attr =	]
SIntfNT.dll -> %SystemRoot%\System32\SIntfNT.dll ->  [Ver =  | Size = 21840 bytes | Modified Date = 3/22/2008 11:28:50 PM | Attr =	]
SpoonUninstall-dBpowerAMP Music Converter.bmp -> %SystemRoot%\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp ->  [Ver =  | Size = 27958 bytes | Modified Date = 3/31/2008 9:50:54 AM | Attr =	]
SpoonUninstall-dBpowerAMP Music Converter.dat -> %SystemRoot%\System32\SpoonUninstall-dBpowerAMP Music Converter.dat ->  [Ver =  | Size = 17871 bytes | Modified Date = 3/31/2008 9:51:09 AM | Attr =	]
SpoonUninstall.exe -> %SystemRoot%\System32\SpoonUninstall.exe ->  [Ver =  | Size = 167936 bytes | Modified Date = 3/31/2008 9:51:09 AM | Attr =	]
tmp0_1292245850.bk -> %SystemRoot%\System32\tmp0_1292245850.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/11/2008 11:31:01 AM | Attr =	]
tmp0_27415878742.bk -> %SystemRoot%\System32\tmp0_27415878742.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/13/2008 11:31:20 AM | Attr =	]
tmp0_27556831859.bk -> %SystemRoot%\System32\tmp0_27556831859.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/15/2008 12:00:40 AM | Attr =	]
tmp0_299757204970.bk -> %SystemRoot%\System32\tmp0_299757204970.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/12/2008 12:01:09 AM | Attr =	]
tmp0_354310871909.bk -> %SystemRoot%\System32\tmp0_354310871909.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/10/2008 12:01:04 AM | Attr =	]
tmp0_360951881534.bk -> %SystemRoot%\System32\tmp0_360951881534.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/21/2008 11:01:56 PM | Attr =	]
tmp0_372828758216.bk -> %SystemRoot%\System32\tmp0_372828758216.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/16/2008 12:01:06 AM | Attr =	]
tmp0_496120695991.bk -> %SystemRoot%\System32\tmp0_496120695991.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/14/2008 12:01:28 AM | Attr =	]
tmp0_519380354273.bk -> %SystemRoot%\System32\tmp0_519380354273.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/22/2008 11:31:16 AM | Attr =	]
tmp0_63831533109.bk -> %SystemRoot%\System32\tmp0_63831533109.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/16/2008 11:00:43 PM | Attr =	]
tmp0_662262862581.bk -> %SystemRoot%\System32\tmp0_662262862581.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/20/2008 11:00:19 PM | Attr =	]
tmp0_735307306668.bk -> %SystemRoot%\System32\tmp0_735307306668.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/19/2008 11:30:30 AM | Attr =	]
tmp0_761831133871.bk -> %SystemRoot%\System32\tmp0_761831133871.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/23/2008 12:30:15 AM | Attr =	]
tmp0_871056417268.bk -> %SystemRoot%\System32\tmp0_871056417268.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/18/2008 3:05:22 PM | Attr =	]
tmp0_97981481624.bk -> %SystemRoot%\System32\tmp0_97981481624.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/20/2008 12:01:37 AM | Attr =	]
tmp1_118582843377.bk -> %SystemRoot%\System32\tmp1_118582843377.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/19/2008 11:30:35 AM | Attr =	]
tmp1_213282764134.bk -> %SystemRoot%\System32\tmp1_213282764134.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/23/2008 12:30:20 AM | Attr =	]
tmp1_272009483530.bk -> %SystemRoot%\System32\tmp1_272009483530.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/22/2008 11:31:21 AM | Attr =	]
tmp1_330530446507.bk -> %SystemRoot%\System32\tmp1_330530446507.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/16/2008 12:01:11 AM | Attr =	]
tmp1_361194440459.bk -> %SystemRoot%\System32\tmp1_361194440459.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/13/2008 11:31:25 AM | Attr =	]
tmp1_481423334583.bk -> %SystemRoot%\System32\tmp1_481423334583.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/18/2008 3:05:27 PM | Attr =	]
tmp1_62450209969.bk -> %SystemRoot%\System32\tmp1_62450209969.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/12/2008 12:01:14 AM | Attr =	]
tmp1_670364885609.bk -> %SystemRoot%\System32\tmp1_670364885609.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/21/2008 11:02:02 PM | Attr =	]
tmp1_713432442087.bk -> %SystemRoot%\System32\tmp1_713432442087.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/11/2008 11:31:06 AM | Attr =	]
tmp1_725186344791.bk -> %SystemRoot%\System32\tmp1_725186344791.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/14/2008 12:01:33 AM | Attr =	]
tmp1_785024177472.bk -> %SystemRoot%\System32\tmp1_785024177472.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/20/2008 12:01:42 AM | Attr =	]
tmp1_792289399886.bk -> %SystemRoot%\System32\tmp1_792289399886.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/20/2008 11:00:24 PM | Attr =	]
tmp1_857681662165.bk -> %SystemRoot%\System32\tmp1_857681662165.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/10/2008 12:01:09 AM | Attr =	]
tmp1_866012462236.bk -> %SystemRoot%\System32\tmp1_866012462236.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/16/2008 11:00:48 PM | Attr =	]
tmp1_876510679043.bk -> %SystemRoot%\System32\tmp1_876510679043.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/15/2008 12:00:45 AM | Attr =	]
tmp3_18828556572.bk -> %SystemRoot%\System32\tmp3_18828556572.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/18/2008 3:05:39 PM | Attr =	]
tmp3_204487679273.bk -> %SystemRoot%\System32\tmp3_204487679273.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/14/2008 12:02:05 AM | Attr =	]
tmp3_222718290186.bk -> %SystemRoot%\System32\tmp3_222718290186.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/15/2008 12:00:56 AM | Attr =	]
tmp3_318559499456.bk -> %SystemRoot%\System32\tmp3_318559499456.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/11/2008 11:31:17 AM | Attr =	]
tmp3_333882461753.bk -> %SystemRoot%\System32\tmp3_333882461753.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/22/2008 11:31:32 AM | Attr =	]
tmp3_36262278466.bk -> %SystemRoot%\System32\tmp3_36262278466.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/21/2008 11:02:16 PM | Attr =	]
tmp3_39773742021.bk -> %SystemRoot%\System32\tmp3_39773742021.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/20/2008 12:01:54 AM | Attr =	]
tmp3_477519449075.bk -> %SystemRoot%\System32\tmp3_477519449075.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/16/2008 11:01:08 PM | Attr =	]
tmp3_535858745038.bk -> %SystemRoot%\System32\tmp3_535858745038.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/19/2008 11:30:47 AM | Attr =	]
tmp3_577380222146.bk -> %SystemRoot%\System32\tmp3_577380222146.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/23/2008 12:30:31 AM | Attr =	]
tmp3_771611252181.bk -> %SystemRoot%\System32\tmp3_771611252181.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/16/2008 12:01:23 AM | Attr =	]
tmp3_785943482113.bk -> %SystemRoot%\System32\tmp3_785943482113.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/20/2008 11:00:36 PM | Attr =	]
tmp3_882168398427.bk -> %SystemRoot%\System32\tmp3_882168398427.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/13/2008 11:31:37 AM | Attr =	]
tmp4_107310556087.bk -> %SystemRoot%\System32\tmp4_107310556087.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/20/2008 12:01:59 AM | Attr =	]
tmp4_12823829212.bk -> %SystemRoot%\System32\tmp4_12823829212.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/10/2008 12:01:50 AM | Attr =	]
tmp4_159120247512.bk -> %SystemRoot%\System32\tmp4_159120247512.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/20/2008 11:00:45 PM | Attr =	]
tmp4_271984381901.bk -> %SystemRoot%\System32\tmp4_271984381901.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/15/2008 12:01:05 AM | Attr =	]
tmp4_38532617104.bk -> %SystemRoot%\System32\tmp4_38532617104.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/16/2008 12:01:29 AM | Attr =	]
tmp4_425684290922.bk -> %SystemRoot%\System32\tmp4_425684290922.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/19/2008 11:30:53 AM | Attr =	]
tmp4_430000855188.bk -> %SystemRoot%\System32\tmp4_430000855188.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/22/2008 11:31:38 AM | Attr =	]
tmp4_480526624583.bk -> %SystemRoot%\System32\tmp4_480526624583.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/14/2008 12:02:11 AM | Attr =	]
tmp4_520828648012.bk -> %SystemRoot%\System32\tmp4_520828648012.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/16/2008 11:01:14 PM | Attr =	]
tmp4_56035045604.bk -> %SystemRoot%\System32\tmp4_56035045604.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/13/2008 11:31:43 AM | Attr =	]
tmp4_61185615699.bk -> %SystemRoot%\System32\tmp4_61185615699.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/23/2008 12:30:38 AM | Attr =	]
tmp4_682523756994.bk -> %SystemRoot%\System32\tmp4_682523756994.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/21/2008 11:02:22 PM | Attr =	]
tmp4_840551795275.bk -> %SystemRoot%\System32\tmp4_840551795275.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/18/2008 3:05:45 PM | Attr =	]
tmp4_879633831579.bk -> %SystemRoot%\System32\tmp4_879633831579.bk ->  [Ver =  | Size = 68 bytes | Modified Date = 3/11/2008 11:31:23 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 4/8/2008 3:06:32 AM | Attr =	]
xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll ->  [Ver = 30635 | Size = 41296 bytes | Modified Date = 3/13/2008 4:06:28 PM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 3/20/2008 9:47:52 AM | Attr = R S]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
avisplitter.INI -> %SystemRoot%\avisplitter.INI ->  [Ver =  | Size = 38 bytes | Modified Date = 3/27/2008 4:38:47 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 4/8/2008 3:05:10 AM | Attr =   S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 25 bytes | Modified Date = 4/4/2008 3:36:35 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/19/2008 1:48:22 AM | Attr =   S]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 4/8/2008 2:55:50 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 4/2/2008 11:46:36 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 4/3/2008 9:48:17 AM | Attr =  HS]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 4/4/2008 2:06:01 PM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1588 bytes | Modified Date = 3/26/2008 11:38:42 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 4/8/2008 12:20:48 PM | Attr =	]
pondfishing.ini -> %SystemRoot%\pondfishing.ini ->  [Ver =  | Size = 119 bytes | Modified Date = 4/4/2008 11:35:00 PM | Attr =	]
pondfishing.tf -> %SystemRoot%\pondfishing.tf ->  [Ver =  | Size = 882 bytes | Modified Date = 4/4/2008 11:27:58 PM | Attr =	]
popcinfo.dat -> %SystemRoot%\popcinfo.dat ->  [Ver =  | Size = 16 bytes | Modified Date = 3/23/2008 10:52:52 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 4/8/2008 12:24:21 PM | Attr =	]
scunin.dat -> %SystemRoot%\scunin.dat ->  [Ver =  | Size = 32738 bytes | Modified Date = 4/4/2008 8:02:00 PM | Attr =	]
ScUnin.exe -> %SystemRoot%\ScUnin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 | Size = 94208 bytes | Modified Date = 4/4/2008 8:01:59 PM | Attr =	]
ScUnin.pif -> %SystemRoot%\ScUnin.pif ->  [Ver =  | Size = 967 bytes | Modified Date = 4/4/2008 8:01:59 PM | Attr =	]
surffishing.ini -> %SystemRoot%\surffishing.ini ->  [Ver =  | Size = 135 bytes | Modified Date = 4/4/2008 11:30:19 PM | Attr =	]
surffishing.tf -> %SystemRoot%\surffishing.tf ->  [Ver =  | Size = 1372 bytes | Modified Date = 4/4/2008 11:34:49 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 4/8/2008 3:07:18 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 4/8/2008 12:20:44 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 3/22/2008 3:25:09 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 4/8/2008 12:22:54 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 1433 bytes | Modified Date = 3/20/2008 12:46:07 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 4/4/2008 10:34:03 PM | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 340 bytes | Modified Date = 3/15/2008 2:05:40 AM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 332 bytes | Modified Date = 4/1/2008 1:00:39 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 4/8/2008 3:05:12 AM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 4/8/2008 3:06:20 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 4/8/2008 3:06:20 AM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 1/25/2008 1:19:56 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Modified Date = 3/22/2008 3:25:00 AM | Attr =	]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer ->  [Folder | Modified Date = 3/22/2008 3:25:57 AM | Attr =	]
Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help ->  [Folder | Modified Date = 3/22/2008 4:14:27 AM | Attr =	]
nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles ->  [Folder | Modified Date = 3/20/2008 2:36:08 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 3/20/2008 2:32:55 AM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 3/23/2008 2:23:44 PM | Attr =	]
Azureus -> %AppData%\Azureus ->  [Folder | Modified Date = 4/8/2008 2:47:31 AM | Attr =	]
GetRightToGo -> %AppData%\GetRightToGo ->  [Folder | Modified Date = 3/30/2008 12:25:45 AM | Attr =	]
Help -> %AppData%\Help ->  [Folder | Modified Date = 4/4/2008 11:32:01 PM | Attr =	]
LimeWire -> %AppData%\LimeWire ->  [Folder | Modified Date = 4/4/2008 8:26:38 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 3/22/2008 4:14:28 AM | Attr =   S]
MTC-savedfolder.dat -> %AppData%\MTC-savedfolder.dat ->  [Ver =  | Size = 130 bytes | Modified Date = 3/11/2008 11:54:11 PM | Attr =	]
Real -> %AppData%\Real ->  [Folder | Modified Date = 4/4/2008 3:41:13 AM | Attr =	]
Seekmo -> %AppData%\Seekmo ->  [Folder | Modified Date = 3/20/2008 2:37:26 AM | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Modified Date = 3/22/2008 3:25:08 AM | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Modified Date = 3/22/2008 3:24:51 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 130048 bytes | Modified Date = 4/5/2008 12:06:01 PM | Attr =	]
Help -> %UserProfile%\Local Settings\Application Data\Help ->  [Folder | Modified Date = 4/4/2008 11:32:01 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3179092 bytes | Modified Date = 4/8/2008 2:47:12 AM | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 3/11/2008 12:05:12 AM | Attr =	]
0216081143.jpg -> %UserProfile%\My Documents\0216081143.jpg ->  [Ver =  | Size = 73965 bytes | Modified Date = 3/11/2008 6:09:04 AM | Attr =	]
0308081221.jpg -> %UserProfile%\My Documents\0308081221.jpg ->  [Ver =  | Size = 82818 bytes | Modified Date = 3/11/2008 6:09:12 AM | Attr =	]
0316082041_1.jpg -> %UserProfile%\My Documents\0316082041_1.jpg ->  [Ver =  | Size = 59589 bytes | Modified Date = 3/25/2008 6:53:34 AM | Attr =	]
0324082201_1.jpg -> %UserProfile%\My Documents\0324082201_1.jpg ->  [Ver =  | Size = 64213 bytes | Modified Date = 3/25/2008 6:52:48 AM | Attr =	]
0324082204.jpg -> %UserProfile%\My Documents\0324082204.jpg ->  [Ver =  | Size = 100789 bytes | Modified Date = 3/25/2008 6:52:12 AM | Attr =	]
0324082204a.jpg -> %UserProfile%\My Documents\0324082204a.jpg ->  [Ver =  | Size = 96335 bytes | Modified Date = 3/25/2008 6:52:00 AM | Attr =	]
0324082204b.jpg -> %UserProfile%\My Documents\0324082204b.jpg ->  [Ver =  | Size = 96017 bytes | Modified Date = 3/25/2008 6:51:50 AM | Attr =	]
0330081139.jpg -> %UserProfile%\My Documents\0330081139.jpg ->  [Ver =  | Size = 90080 bytes | Modified Date = 3/30/2008 11:39:44 AM | Attr =	]
0330081139a.jpg -> %UserProfile%\My Documents\0330081139a.jpg ->  [Ver =  | Size = 92224 bytes | Modified Date = 3/30/2008 11:39:51 AM | Attr =	]
0330081623.jpg -> %UserProfile%\My Documents\0330081623.jpg ->  [Ver =  | Size = 72657 bytes | Modified Date = 3/30/2008 4:23:33 PM | Attr =	]
AdobeStockPhotos -> %UserProfile%\My Documents\AdobeStockPhotos ->  [Folder | Modified Date = 3/23/2008 2:23:43 PM | Attr =	]
assignment10.1.docx -> %UserProfile%\My Documents\assignment10.1.docx ->  [Ver =  | Size = 10649 bytes | Modified Date = 4/2/2008 1:07:28 AM | Attr =	]
assignment10.2.docx -> %UserProfile%\My Documents\assignment10.2.docx ->  [Ver =  | Size = 11830 bytes | Modified Date = 4/2/2008 12:59:39 AM | Attr =	]
baby ellie.jpg -> %UserProfile%\My Documents\baby ellie.jpg ->  [Ver =  | Size = 252014 bytes | Modified Date = 3/25/2008 12:09:57 AM | Attr =	]
bellydance1.mov -> %UserProfile%\My Documents\bellydance1.mov ->  [Ver =  | Size = 475 bytes | Modified Date = 4/4/2008 3:08:28 AM | Attr =	]
bitpim -> %UserProfile%\My Documents\bitpim ->  [Folder | Modified Date = 4/4/2008 9:41:07 AM | Attr =	]
bwbabyme.psd -> %UserProfile%\My Documents\bwbabyme.psd ->  [Ver =  | Size = 1356620 bytes | Modified Date = 3/25/2008 12:09:00 AM | Attr =	]
Conversation.docx -> %UserProfile%\My Documents\Conversation.docx ->  [Ver =  | Size = 13474 bytes | Modified Date = 3/31/2008 9:45:14 AM | Attr =	]
crossword puzzle.docx -> %UserProfile%\My Documents\crossword puzzle.docx ->  [Ver =  | Size = 10854 bytes | Modified Date = 3/12/2008 9:28:35 PM | Attr =	]
Database1.accdb -> %UserProfile%\My Documents\Database1.accdb ->  [Ver =  | Size = 413696 bytes | Modified Date = 3/19/2008 9:58:27 PM | Attr =	]
Debug Logs -> %UserProfile%\My Documents\Debug Logs ->  [Folder | Modified Date = 3/21/2008 12:11:25 PM | Attr =	]
dildo1.mpg -> %UserProfile%\My Documents\dildo1.mpg ->  [Ver =  | Size = 801446 bytes | Modified Date = 3/26/2008 4:16:06 AM | Attr =	]
Downloads -> %UserProfile%\My Documents\Downloads ->  [Folder | Modified Date = 3/30/2008 12:25:02 AM | Attr =	]
Ellie birthday greeting.docx -> %UserProfile%\My Documents\Ellie birthday greeting.docx ->  [Ver =  | Size = 10437 bytes | Modified Date = 3/30/2008 10:41:18 PM | Attr =	]
ellientshiabnag.jpg -> %UserProfile%\My Documents\ellientshiabnag.jpg ->  [Ver =  | Size = 38512 bytes | Modified Date = 4/7/2008 7:25:26 PM | Attr =	]
hw.docx -> %UserProfile%\My Documents\hw.docx ->  [Ver =  | Size = 11438 bytes | Modified Date = 3/12/2008 12:06:37 AM | Attr =	]
invite.jpg -> %UserProfile%\My Documents\invite.jpg ->  [Ver =  | Size = 6994 bytes | Modified Date = 3/30/2008 10:46:50 PM | Attr =	]
Leapa Chang.docx -> %UserProfile%\My Documents\Leapa Chang.docx ->  [Ver =  | Size = 11193 bytes | Modified Date = 3/19/2008 12:28:55 AM | Attr =	]
mamiiellie.jpg -> %UserProfile%\My Documents\mamiiellie.jpg ->  [Ver =  | Size = 204084 bytes | Modified Date = 3/25/2008 12:22:28 AM | Attr =	]
mark.jpg -> %UserProfile%\My Documents\mark.jpg ->  [Ver =  | Size = 48886 bytes | Modified Date = 3/28/2008 4:16:28 AM | Attr =	]
michellenme.jpg -> %UserProfile%\My Documents\michellenme.jpg ->  [Ver =  | Size = 52695 bytes | Modified Date = 4/7/2008 7:24:14 PM | Attr =	]
Money keeping.xlsx -> %UserProfile%\My Documents\Money keeping.xlsx ->  [Ver =  | Size = 9642 bytes | Modified Date = 3/22/2008 9:29:57 PM | Attr =	]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 4/5/2008 1:29:33 PM | Attr = R  ]
myef9.jpg -> %UserProfile%\My Documents\myef9.jpg ->  [Ver =  | Size = 119692 bytes | Modified Date = 3/26/2008 3:30:41 AM | Attr =	]
NeroVision -> %UserProfile%\My Documents\NeroVision ->  [Folder | Modified Date = 3/24/2008 11:50:56 AM | Attr =	]
OTScanIt -> %UserProfile%\My Documents\OTScanIt ->  [Folder | Modified Date = 4/8/2008 12:24:11 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\My Documents\OTScanIt.exe ->  [Ver =  | Size = 540250 bytes | Modified Date = 4/8/2008 2:46:07 AM | Attr =	]
princess-invitation-a5-1.jpg -> %UserProfile%\My Documents\princess-invitation-a5-1.jpg ->  [Ver =  | Size = 4410 bytes | Modified Date = 3/30/2008 10:47:58 PM | Attr =	]
radiology form for ccsf.docx -> %UserProfile%\My Documents\radiology form for ccsf.docx ->  [Ver =  | Size = 87062 bytes | Modified Date = 3/16/2008 11:18:19 PM | Attr =	]
RCT3 -> %UserProfile%\My Documents\RCT3 ->  [Folder | Modified Date = 4/3/2008 1:48:20 PM | Attr =	]
SDFix.exe -> %UserProfile%\My Documents\SDFix.exe ->  [Ver =  | Size = 1415295 bytes | Modified Date = 4/8/2008 2:45:26 AM | Attr =	]
Seven Kingdoms Conquest -> %UserProfile%\My Documents\Seven Kingdoms Conquest ->  [Folder | Modified Date = 4/4/2008 2:13:00 PM | Attr =	]
short cut.jpg -> %UserProfile%\My Documents\short cut.jpg ->  [Ver =  | Size = 55254 bytes | Modified Date = 4/3/2008 11:40:49 PM | Attr =	]
SimCity Societies -> %UserProfile%\My Documents\SimCity Societies ->  [Folder | Modified Date = 4/5/2008 12:04:36 PM | Attr =	]
sittingellie.jpg -> %UserProfile%\My Documents\sittingellie.jpg ->  [Ver =  | Size = 205355 bytes | Modified Date = 3/25/2008 12:10:50 AM | Attr =	]
Thumbs.db -> %UserProfile%\My Documents\Thumbs.db ->  [Ver =  | Size = 365056 bytes | Modified Date = 4/7/2008 10:41:34 PM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
tila.jpg -> %UserProfile%\My Documents\tila.jpg ->  [Ver =  | Size = 48360 bytes | Modified Date = 4/1/2008 10:39:00 PM | Attr =	]
Updater -> %UserProfile%\My Documents\Updater ->  [Folder | Modified Date = 3/23/2008 10:11:52 PM | Attr =	]
vicktoriaellieme.jpg -> %UserProfile%\My Documents\vicktoriaellieme.jpg ->  [Ver =  | Size = 31126 bytes | Modified Date = 4/7/2008 7:23:31 PM | Attr =	]
Nitto 1320 Legends.lnk -> %AllUsersProfile%\Desktop\Nitto 1320 Legends.lnk ->  [Ver =  | Size = 792 bytes | Modified Date = 4/5/2008 12:59:47 PM | Attr =	]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Modified Date = 3/22/2008 3:27:03 AM | Attr =	]
Seven Kingdoms Conquest.lnk -> %AllUsersProfile%\Desktop\Seven Kingdoms Conquest.lnk ->  [Ver =  | Size = 1895 bytes | Modified Date = 3/21/2008 11:58:57 AM | Attr =	]
Soulstorm.lnk -> %AllUsersProfile%\Desktop\Soulstorm.lnk ->  [Ver =  | Size = 860 bytes | Modified Date = 3/20/2008 9:48:31 AM | Attr =	]
,h -> %UserProfile%\Desktop\,h ->  [Folder | Modified Date = 3/20/2008 2:32:03 AM | Attr =	]
03-21-08_1220.jpg -> %UserProfile%\Desktop\03-21-08_1220.jpg ->  [Ver =  | Size = 50748 bytes | Modified Date = 3/21/2008 12:26:21 PM | Attr =	]
03-21-08_1221.jpg -> %UserProfile%\Desktop\03-21-08_1221.jpg ->  [Ver =  | Size = 22377 bytes | Modified Date = 3/21/2008 12:20:38 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 4/8/2008 2:45:29 AM | Attr =	]
bitpim-1.0.5-setup.exe -> %UserProfile%\Desktop\bitpim-1.0.5-setup.exe -> Joe Pham <djpham@bitpim.org>								 [Ver =					  | Size = 11679762 bytes | Modified Date = 4/2/2008 11:36:07 PM | Attr =	]
body -> %UserProfile%\Desktop\body ->  [Folder | Modified Date = 4/7/2008 11:50:27 AM | Attr =	]
dBpowerAMP Music Converter.lnk -> %UserProfile%\Desktop\dBpowerAMP Music Converter.lnk ->  [Ver =  | Size = 771 bytes | Modified Date = 3/31/2008 9:51:17 AM | Attr =	]
dMC Audio CD Input.lnk -> %UserProfile%\Desktop\dMC Audio CD Input.lnk ->  [Ver =  | Size = 729 bytes | Modified Date = 3/31/2008 9:51:17 AM | Attr =	]
dMC-r10.exe -> %UserProfile%\Desktop\dMC-r10.exe ->  [Ver =  | Size = 1519800 bytes | Modified Date = 3/31/2008 9:46:44 AM | Attr =	]
gwe.exe -> %UserProfile%\Desktop\gwe.exe -> Quixotic Yawl Studio [Ver = 2.3.2.0629 | Size = 218624 bytes | Modified Date = 3/11/2008 10:34:24 AM | Attr =	]
leapa pic -> %UserProfile%\Desktop\leapa pic ->  [Folder | Modified Date = 4/7/2008 11:50:34 AM | Attr =	]
LGUSBModemDriver_SON_ML_Ver_4.6.exe -> %UserProfile%\Desktop\LGUSBModemDriver_SON_ML_Ver_4.6.exe -> InstallShield Software Corporation [Ver = 10.0.159 | Size = 3373038 bytes | Modified Date = 4/2/2008 11:45:44 PM | Attr =	]
LODPatch_110.exe -> %UserProfile%\Desktop\LODPatch_110.exe -> Blizzard Entertainment [Ver = 2, 70, 0, 0 | Size = 5122687 bytes | Modified Date = 3/22/2008 11:25:43 PM | Attr =	]
LOWE's.doc -> %UserProfile%\Desktop\LOWE's.doc ->  [Ver =  | Size = 40960 bytes | Modified Date = 3/21/2008 2:44:02 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\LOWE's.doc:Zone.Identifier
Nitto1320LegendsBeta.exe -> %UserProfile%\Desktop\Nitto1320LegendsBeta.exe -> Cie Studios												  [Ver =					  | Size = 43044536 bytes | Modified Date = 4/5/2008 12:58:39 PM | Attr =	]
RealPlayer11GOLD.exe -> %UserProfile%\Desktop\RealPlayer11GOLD.exe -> RealNetworks, Inc. [Ver = 1.0.6.80 | Size = 353840 bytes | Modified Date = 4/4/2008 3:27:38 AM | Attr =	]
Revolutionized1point1 -> %UserProfile%\Desktop\Revolutionized1point1 ->  [Folder | Modified Date = 4/6/2008 2:43:49 AM | Attr =	]
Setup.exe -> %UserProfile%\Desktop\Setup.exe -> Zango, Inc. [Ver = 52, 0, 2, 0 | Size = 303368 bytes | Modified Date = 3/19/2008 11:09:08 PM | Attr =	]
Seven Kingdoms Conquest Promo Trainer.exe -> %UserProfile%\Desktop\Seven Kingdoms Conquest Promo Trainer.exe ->  [Ver =  | Size = 1216512 bytes | Modified Date = 3/15/2008 8:44:02 AM | Attr =	]
Shortcut (2) to Diablo II.lnk -> %UserProfile%\Desktop\Shortcut (2) to Diablo II.lnk ->  [Ver =  | Size = 610 bytes | Modified Date = 3/22/2008 11:32:03 PM | Attr =	]
Shortcut to StreetLegal_Redline.lnk -> %UserProfile%\Desktop\Shortcut to StreetLegal_Redline.lnk ->  [Ver =  | Size = 863 bytes | Modified Date = 3/31/2008 12:42:08 AM | Attr =	]
Shortcut to winamp.lnk -> %UserProfile%\Desktop\Shortcut to winamp.lnk ->  [Ver =  | Size = 598 bytes | Modified Date = 3/28/2008 4:04:28 AM | Attr =	]
The.Settlers.Rise.Of.An.Empire.The.Eastern.Realm.[English][PCDVD][WwW.GamesTorrents.CoM].t3973.torrent -> %UserProfile%\Desktop\The.Settlers.Rise.Of.An.Empire.The.Eastern.Realm.[English][PCDVD][WwW.GamesTorrents.CoM].t3973.torrent ->  [Ver =  | Size = 23307 bytes | Modified Date = 4/4/2008 11:41:14 PM | Attr =	]
VehicleType.class -> %UserProfile%\Desktop\VehicleType.class ->  [Ver =  | Size = 10558 bytes | Modified Date = 4/4/2008 3:48:06 AM | Attr =	]
wheels -> %UserProfile%\Desktop\wheels ->  [Folder | Modified Date = 4/4/2008 1:39:06 AM | Attr =	]
[isoHunt] Starcraft   BroodWar   Update Patch 1.151   CD Key.torrent -> %UserProfile%\Desktop\[isoHunt] Starcraft   BroodWar   Update Patch 1.151   CD Key.torrent ->  [Ver =  | Size = 14091 bytes | Modified Date = 4/4/2008 3:50:50 PM | Attr =	]
[isoHunt] The.Settlers.VI.Rise.Of.An.Empire-CLONECD.torrent -> %UserProfile%\Desktop\[isoHunt] The.Settlers.VI.Rise.Of.An.Empire-CLONECD.torrent ->  [Ver =  | Size = 69060 bytes | Modified Date = 4/7/2008 9:44:19 AM | Attr =	]
Invictus -> %CommonProgramFiles%\Invictus ->  [Folder | Modified Date = 3/30/2008 10:18:03 PM | Attr =	]
Real -> %CommonProgramFiles%\Real ->  [Folder | Modified Date = 4/4/2008 3:34:42 AM | Attr =	]
xing shared -> %CommonProgramFiles%\xing shared ->  [Folder | Modified Date = 4/4/2008 3:34:51 AM | Attr =	]

< End of report >


#6 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 PM

Posted 08 April 2008 - 06:58 PM

Start OtScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YY -> (perfmons) perfmons Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\perfs.exe
YY -> (Routing) Routing Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\routing.exe
[Registry - Non-Microsoft Only]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03]
[Files/Folders - Created Within 30 days]
NY -> SDFix -> %SystemDrive%\SDFix
NY -> 1.tsk -> %SystemRoot%\System32\1.tsk
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> Seekmo -> %AppData%\Seekmo
NY -> SDFix.exe -> %UserProfile%\My Documents\SDFix.exe
NY -> Setup.exe -> %UserProfile%\Desktop\Setup.exe
[Extra Files]
tmp*.bk
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

If it reboots this may not happen. If you need to manually find the file it is at Desktop\OTScanIt\MovedFiles\04082008_163441.log or what ever yours is named(Date/Time you ran the fix)

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on the Start Scanning button at bottom of page.
  • Accept the License Agreement and the ActiveX install.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting.
Please post
  • OTscan it "results" log (described above)
  • F-Secure log
  • Fresh OtScanIt log made after F-secure
in your next reply here

#7 soulo

soulo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 09 April 2008 - 03:02 AM

when i add what you told me to add on otscan it freezes my computer.

#8 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 PM

Posted 11 April 2008 - 06:07 AM

can you try and run the OTScanit fix in safe mode please.

#9 soulo

soulo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 12 April 2008 - 03:39 AM

it still freezes in safe mode.. well the OTScan is not responding..left it there for more than 10min

#10 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 PM

Posted 14 April 2008 - 01:40 AM

Can/Will you do the F-Secure scan and post that
Please also post the folowing
Click HERE to download getservice.zip and unzip it to your desktop.
Open the Getservice folder and click on the getservices.bat file.
A notepad will open up with a long list of Services. Please save that notepad file and attach it to your next reply to this thread. It may be easier to attach it rather than copy and paste because it can be quite long.

Post/Attach this log in your next reply together with the F-Secure results and a fresh OTscanit log made after F-Secure

#11 soulo

soulo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 15 April 2008 - 10:36 AM

Getservice report:


PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: aawservice
Ad-Aware service
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Ad-Aware 2007 Service
DEPENDENCIES : RpcSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 5000 seconds
: Restart DELAY: 10000 seconds
: None DELAY: 60000 seconds

SERVICE_NAME: Adobe LM Service
AdobeLM Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Adobe LM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds
: Restart DELAY: 0 seconds
: None DELAY: 0 seconds

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: clr_optimization_v2.0.50727_32
Microsoft .NET Framework NGEN
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : .NET Runtime Optimization Service v2.0.50727_X86
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 960000 seconds
: Restart DELAY: 15360000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Human Interface Device Access
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HTTP SSL
DEPENDENCIES : HTTP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: IDriverT
Provides support for the Running Object Table for InstallShield Drivers
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : InstallDriver Table Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: lxcy_device
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lxcycoms.exe -service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : lxcy_device
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mcmscsvc
McAfee Protection Manager
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : McAfee Services
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 60000 seconds

SERVICE_NAME: McNASvc
Allows McAfee applications to communicate securely on the local network.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : McAfee Network Agent
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: McODS
Scans specified locations on this computer for viruses and other threats. The service runs for scheduled scans and manual scans.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : McAfee Scanner
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: McProxy
McAfee Proxy Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : McAfee Proxy Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 60000 seconds

SERVICE_NAME: McShield
Scans files for viruses and other threats when they are accessed by this computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : McAfee Real-time Scanner
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 60000 seconds

SERVICE_NAME: McSysmon
Monitors potentially unauthorized changes to this computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : McAfee SystemGuards
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 60000 seconds

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Microsoft Office Groove Audit Service
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Microsoft Office Groove Audit Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MpfService
Helps protect your computer from intrusion and let's you manage your computer's trusted programs.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\McAfee\MPF\MPFSrv.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : McAfee Personal Firewall Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
COMMAND : les\McAfee\MPF\MPFSrv.exe" /servicecrash /fail=%1%
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Run command DELAY: 5000 seconds

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSSQL$SQLEXPRESS
Provides storage, processing and controlled access of data and rapid transaction processing.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SQL Server (SQLEXPRESS)
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSSQLServerADHelper
Enables integration with Active Directories.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SQL Server Active Directory Helper
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: Nero BackItUp Scheduler 3
Nero BackItUp Scheduler 3 is responsible to control all jobs created using Nero BackItUp 3. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Nero BackItUp Scheduler 3
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: Nero BackItUp Scheduler 3
: L Server Active Directory Helper
: EŽ
: 
: h
: 
: @W6
: x6
: ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
:
: u
: n
: a
: v
: a
: i
: l
: a
: b
: l
: e
: .
:
: I
: f
:
: t
: h
: i
: s
:
: s
: e
: r
: v
: i
: c
: e
:
: i
: s
:
: d
: i
: s
: a
: b
: l
: e
: d
: ,
:
: a
: n
: y
:
: s
: e
: r
: v
: i
: c
: e
: s
:
: t
: h
: a
: t
:
: e
: x
: p
: l
: i
: c
: i
: t
: l
: y
:
: d
: e
: p
: e
: n
: d
:
: o
: n
:
: i
: t
:
: w
: i
: l
: l
:
: f
: a
: i
: l
:
: t
: o
:
: s
: t
: a
: r
: t
: .
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NMIndexingService
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NMIndexingService
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NVSvc
Provides system and desktop level support to the NVIDIA display driver
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\nvsvc32.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NVIDIA Display Driver Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: odserv
Run portions of Microsoft Office Diagnostics.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Microsoft Office Diagnostics Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ose
Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Office Source Engine
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry
DEPENDENCIES : RPCSS
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP : SmartCardGroup
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: SQLBrowser
Provides SQL Server connection information to client computers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SQL Server Browser
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: SQLWriter
Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SQL Server VSS Writer
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{246C6035-5551-4161-A929-354FC07B7E58}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TlntSvr
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RPCSS
: TCPIP
: NTLMSSP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UleadBurningHelper
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Ulead Burning Helper
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
: HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Viewpoint Manager Service
Ensures Viewpoint 3D and Rich Media Technologies are up to date
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Viewpoint Manager Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 5 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WMPNetworkSvc
Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Windows Media Player\WMPNetwk.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Media Player Network Sharing Service
DEPENDENCIES : upnphost
: http
: HTTPFilter
SERVICE_START_NAME: NT AUTHORITY\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 30000 seconds
: Restart DELAY: 30000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WudfSvc
Manages user-mode driver host processes
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Windows Driver Foundation - User-mode Driver Framework
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 900 seconds
FAILURE_ACTIONS : Restart DELAY: 120000 seconds
: Restart DELAY: 300000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Provisioning Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem



f scan


report

Scanning Report
Tuesday, April 15, 2008 02:40:33 - 08:31:16

Computer name: SUAPIA-3P80GKFO
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\ F:\ I:\
Result: 10 malware found
AdWare.Win32.AlexaBar (spyware)

* System

Tracking Cookie (spyware)

* System

Trojan-Clicker.Win32.VB (virus)

* System

Trojan-Clicker.Win32.VB.aaa (virus)

* C:\WINDOWS\SYSTEM32\INDT2.SYS

Trojan-Downloader.Win32.Delf (virus)

* System

Trojan-Downloader.Win32.Delf.gev (virus)

* C:\WINDOWS\SYSTEM32\ANDT.SYS

Trojan.Win32.Agent.jie (virus)

* C:\DOCUMENTS AND SETTINGS\ELLIE\MY DOCUMENTS\OTSCANIT\MOVEDFILES\04092008_005606\WINDOWS\SYSTEM32\PERFS.EXE (Renamed & Submitted)

Trojan.Win32.DNSChanger (virus)

* System

Trojan.Win32.DNSChanger.boq (virus)

* C:\WINDOWS\SYSTEM32\KDPSU.EXE

W32/Suspicious_F.gen (virus)

* I:\PROGRAM FILES\DIABLO II\MAPHACK\MAKEKEYFILE.EXE

Statistics
Scanned:

* Files: 61478
* System: 4568
* Not scanned: 12

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 9
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\MCAFEE_FJL6QY5YFF4TZLI
* C:\WINDOWS\TEMP\MCMSC_5FYCZOY9JMNVK4R
* C:\WINDOWS\TEMP\MCMSC_BDOWVGVFTUV1B4D
* C:\WINDOWS\TEMP\MCMSC_M67VPY0NM1MYCPI
* C:\WINDOWS\TEMP\MCMSC_MLMIWWCWJ6PAKN1
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-04-15
* F-Secure AVP: 7.0.171, 2008-04-15
* F-Secure Pegasus: 1.20.0, 2008-02-28
* F-Secure Blacklight: 1.0.64

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

#12 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 PM

Posted 02 May 2008 - 11:00 PM

Guess I lost this thread too.

Really sorry. if you still need help can you post an updated log and tell me what issues you are (still) having.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users