Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Amvo.exe, Bloodhound.packed.jmp


  • This topic is locked This topic is locked
19 replies to this topic

#1 Wassim

Wassim

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:06:55 PM

Posted 14 May 2008 - 09:29 AM

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:14 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.110.150.252:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DockMsgFrom] C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {304171C0-65EA-4B51-B5D9-93A311E26EB1} (MxPEG_ActiveX Control) - http://192.168.1.154/cgi-bin/MxPEG_ActiveX.cab?dummy=4238381
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198160761687
O17 - HKLM\System\CCS\Services\Tcpip\..\{80E853D8-7728-465F-9727-33C71C05B547}: NameServer = 192.110.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{996C52D5-FF3C-43FD-A69C-0698414E79A5}: NameServer = 192.110.150.252
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: OracleorahomeTNSListenerLISTENER1 - Unknown owner - E:\oracle\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceMCDATA - Unknown owner - e:\oracle\bin\ORACLE.EXE (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 9487 bytes
"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

BC AdBot (Login to Remove)

 


#2 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:11:55 AM

Posted 14 May 2008 - 10:19 AM

Hey Wassim,
Is your Symantec up to date?
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Amva

Please note any other programs that you dont recognize in that list in your next response



Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\amvo.exe

After that, Reboot.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

I am unfamiliar with these lines:
O16 - DPF: {304171C0-65EA-4B51-B5D9-93A311E26EB1} (MxPEG_ActiveX Control) - http://192.168.1.154/cgi-bin/MxPEG_ActiveX.cab?dummy=4238381
O17 - HKLM\System\CCS\Services\Tcpip\..\{80E853D8-7728-465F-9727-33C71C05B547}: NameServer = 192.110.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{996C52D5-FF3C-43FD-A69C-0698414E79A5}: NameServer = 192.110.150.252
Please let me know if this is associated with your work there..

Once done we will update a few things like your Java.

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#3 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:06:55 PM

Posted 14 May 2008 - 10:54 AM

O16 - DPF: {304171C0-65EA-4B51-B5D9-93A311E26EB1} (MxPEG_ActiveX Control) - http://192.168.1.154/cgi-bin/MxPEG_ActiveX.cab?dummy=4238381


This is the IP address of the Security IP camera and MxPEG is it's associated software.

O17 - HKLM\System\CCS\Services\Tcpip\..\{80E853D8-7728-465F-9727-33C71C05B547}: NameServer = 192.110.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{996C52D5-FF3C-43FD-A69C-0698414E79A5}: NameServer = 192.110.150.252


The IP address 192.110.150.252 is the internal IP of the ISA server we have.

Can't do anything other than that because i'm not at work right now, i'll do what you said early in the morning tomorow and will update you, Meanwhile i'll download the programs needed so i don't waste time downloading them tommorow.

Hope it works because it's my boss's PC :thumbsup:

N.B: yes my Symantec is up to date, always is.

Edited by Wassim, 14 May 2008 - 10:57 AM.

"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#4 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:06:55 PM

Posted 15 May 2008 - 09:18 AM

Hey harrythook,

I ran Flash_disinfector and let it finish its job.
After that i ran HiJackthis again to delete the amvo.exe entry but i it was't present.
In the Add/Remove Program list there was nothing uncomon or related to Amva.
I looked manually for amvo.exe in system32 but it wasn't there.

Malware Bytes Log:
----------------------


Malwarebytes' Anti-Malware 1.12
Database version: 752

Scan type: Quick Scan
Objects scanned: 39308
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Quarantined and deleted successfully.


I Ran ATF Cleaner.


OTScanIt Log:
----------------


OTScanIt logfile created on: 5/15/2008 5:04:39 PM
OTScanIt by OldTimer - Version 1.0.14.0	 Folder = C:\Documents and Settings\IT Dept\Desktop\New Folder\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
501.92 Mb Total Physical Memory | 130.62 Mb Available Physical Memory | 26.02% Memory free
1.20 Gb Paging File | 0.88 Gb Available in Paging File | 73.64% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 18.86 Gb Free Space | 64.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 58.58 Gb Total Space | 43.39 Gb Free Space | 74.08% Space Free | Partition Type: NTFS
Drive F: | 982.05 Mb Total Space | 978.98 Mb Free Space | 99.69% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIMMY
Current User Name: IT Dept
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 10:29:00 PM | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 10:31:32 PM | Attr =	]
cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/18/2005 3:38:38 AM | Attr =	]
defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 7/30/2002 10:36:00 PM | Attr =	]
dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 11:33:00 AM | Attr =	]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 10:28:14 PM | Attr =	]
swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 7/13/2005 4:14:42 AM | Attr =	]
tappsrv.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 13M | Size = 35328 bytes | Modified Date = 12/20/2005 10:22:14 PM | Attr =	]
thpsrv.exe -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 176128 bytes | Modified Date = 12/20/2005 11:46:20 PM | Attr =	]
tmesrv31.exe -> %ProgramFiles%\TOSHIBA\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 49, 0 | Size = 126976 bytes | Modified Date = 1/19/2005 1:18:40 AM | Attr =	]
igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4436 | Size = 98304 bytes | Modified Date = 11/28/2005 8:55:14 AM | Attr =	]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4436 | Size = 77824 bytes | Modified Date = 11/28/2005 8:52:00 AM | Attr =	]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4436 | Size = 118784 bytes | Modified Date = 11/28/2005 8:55:58 AM | Attr =	]
tpsmain.exe -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 282624 bytes | Modified Date = 6/1/2005 8:00:12 AM | Attr =	]
thpsrv.exe -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 176128 bytes | Modified Date = 12/20/2005 11:46:20 PM | Attr =	]
psqltray.exe -> %ProgramFiles%\Protector Suite QL\psqltray.exe -> UPEK Inc. [Ver = 5.4.0.2688 | Size = 46592 bytes | Modified Date = 12/22/2005 8:33:02 AM | Attr =	]
thotkey.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe -> TOSHIBA [Ver = 1.00.0018 | Size = 352256 bytes | Modified Date = 1/6/2006 1:02:24 AM | Attr =	]
tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 45056 bytes | Modified Date = 6/1/2005 7:59:58 AM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 12/17/2005 3:32:58 AM | Attr =	]
ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.75 | Size = 184320 bytes | Modified Date = 8/18/2004 2:37:44 PM | Attr =	]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:07 | Size = 88203 bytes | Modified Date = 10/15/2005 5:29:08 PM | Attr =	]
toshiba.exe -> %ProgramFiles%\Synaptics\SynTP\Toshiba.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 151552 bytes | Modified Date = 12/17/2005 3:21:00 AM | Attr =	]
ndstray.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 1, 1 | Size = 978944 bytes | Modified Date = 11/3/2005 3:41:04 AM | Attr =	]
tfncky.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.14.00 | Size = 114688 bytes | Modified Date = 10/26/2004 2:23:10 AM | Attr =	]
smoothview.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 122880 bytes | Modified Date = 4/27/2005 3:13:20 AM | Attr =	]
dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.09a | Size = 122940 bytes | Modified Date = 10/6/2005 4:20:00 PM | Attr =	]
tmerzctl.exe -> %ProgramFiles%\TOSHIBA\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 21 | Size = 81920 bytes | Modified Date = 3/18/2005 8:08:10 AM | Attr =	]
tmeejme.exe -> %ProgramFiles%\TOSHIBA\TME3\TMEEJME.exe -> TOSHIBA [Ver = 1, 0, 0, 23 | Size = 81920 bytes | Modified Date = 12/25/2004 7:15:26 AM | Attr =	]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.3.2 | Size = 15691264 bytes | Modified Date = 12/10/2005 2:49:42 AM | Attr =	]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 0, 42 | Size = 667718 bytes | Modified Date = 12/5/2005 11:37:40 PM | Attr =	]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10, 1, 0, 17 | Size = 602182 bytes | Modified Date = 11/28/2005 10:41:50 PM | Attr =	]
vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 7/30/2002 10:35:04 PM | Attr =	]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 6/21/2007 9:13:22 PM | Attr =	]
directcd.exe -> %ProgramFiles%\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.2.34 | Size = 684032 bytes | Modified Date = 1/10/2008 6:11:44 PM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/12/2005 12:12:54 AM | Attr =	]
hptlbxfx.exe -> %ProgramFiles%\HP\ToolBoxFX\bin\HPTLBXFX.exe -> HP [Ver = 2.2.170.0 | Size = 49152 bytes | Modified Date = 6/15/2006 8:43:20 AM | Attr =	]
hppusg.exe -> %ProgramFiles%\HP\HP UT\bin\hppusg.exe ->   [Ver = 1.0.2351.18703 | Size = 36864 bytes | Modified Date = 6/9/2006 11:23:28 AM | Attr =	]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10, 1, 0, 79 | Size = 397381 bytes | Modified Date = 11/28/2005 10:37:52 PM | Attr =	]
ivpsvmgr.exe -> %SystemDrive%\TOSHIBA\IVP\ISM\Ivpsvmgr.exe -> TOSHIBA Corporation [Ver = 3.5.3.1 | Size = 475136 bytes | Modified Date = 10/20/2003 8:37:58 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\New Folder\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 5/9/2008 9:51:12 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/18/2005 3:38:38 AM | Attr =	]
(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 7/30/2002 10:36:00 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 11:33:00 AM | Attr =	]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 10:29:00 PM | Attr =	]
(Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 7/30/2002 10:40:44 PM | Attr =	]
(OracleorahomeTNSListenerLISTENER1) OracleorahomeTNSListenerLISTENER1 [Win32_Own | On_Demand | Stopped] ->  -> File not found
(OracleServiceMCDATA) OracleServiceMCDATA [Win32_Own | Auto | Stopped] -> e:\oracle\bin\ORACLE.EXE -> File not found
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 10:28:14 PM | Attr =	]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 10:31:32 PM | Attr =	]
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 7/13/2005 4:14:42 AM | Attr =	]
(TAPPSRV) TOSHIBA Application Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 13M | Size = 35328 bytes | Modified Date = 12/20/2005 10:22:14 PM | Attr =	]
(Thpsrv) TOSHIBA HDD Protection [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 176128 bytes | Modified Date = 12/20/2005 11:46:20 PM | Attr =	]
(Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 49, 0 | Size = 126976 bytes | Modified Date = 1/19/2005 1:18:40 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.9.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.9.0 | Size = 21275 bytes | Modified Date = 2/10/2007 11:58:35 PM | Attr =	]
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.62 2.1.62 11/14/2005 16:00:19 | Size = 1122656 bytes | Modified Date = 11/15/2005 8:00:22 PM | Attr =	]
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 6/21/2007 9:13:29 PM | Attr =	]
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdr4_xp.sys -> Roxio [Ver = 5.3.2.34 | Size = 61424 bytes | Modified Date = 1/10/2008 6:11:44 PM | Attr =	]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> Roxio [Ver = 5.3.2.34 | Size = 23420 bytes | Modified Date = 1/10/2008 6:11:44 PM | Attr =	]
(cdudf_XP) cdudf_XP [File_System | System | Running] -> %SystemRoot%\system32\drivers\cdudf_xp.sys -> Roxio [Ver = 5.3.2.34 built by: WinDDK | Size = 240640 bytes | Modified Date = 1/10/2008 6:11:44 PM | Attr =	]
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 25628 bytes | Modified Date = 10/6/2005 4:20:00 PM | Attr =	]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 8/25/2005 11:16:52 PM | Attr =	]
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 2496 bytes | Modified Date = 10/6/2005 4:20:00 PM | Attr =	]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 86524 bytes | Modified Date = 10/6/2005 4:20:00 PM | Attr =	]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 14684 bytes | Modified Date = 10/6/2005 4:20:00 PM | Attr =	]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 6364 bytes | Modified Date = 10/6/2005 4:20:00 PM | Attr =	]
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 8/25/2005 11:16:16 PM | Attr =	]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 94332 bytes | Modified Date = 10/6/2005 4:20:00 PM | Attr =	]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 87036 bytes | Modified Date = 10/6/2005 4:20:00 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 2:30:00 PM | Attr =	]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 4:20:00 PM | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Dvd_2k.sys -> Roxio [Ver = 5.3.2.34 | Size = 25674 bytes | Modified Date = 1/10/2008 6:11:44 PM | Attr =	]
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0101 built by: WinDDK | Size = 163328 bytes | Modified Date = 10/10/2005 10:31:42 AM | Attr =	]
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1e5132.sys -> Intel Corporation [Ver = 9.2.24.0 built by: WinDDK | Size = 179200 bytes | Modified Date = 9/14/2005 1:24:08 PM | Attr =	]
(FdRedir) FdRedir [File_System | Auto | Running] -> %CommonProgramFiles%\Protector Suite QL\Drivers\FdRedir.sys -> UPEK Inc. [Ver = 5.4.0.2688 | Size = 13568 bytes | Modified Date = 12/22/2005 8:55:50 AM | Attr =	]
(FileDisk2) FileDisk Protector Kernel Driver [Kernel | Auto | Running] -> %CommonProgramFiles%\Protector Suite QL\Drivers\filedisk.sys -> UPEK Inc. [Ver = 5.4.0.2688 | Size = 33024 bytes | Modified Date = 12/22/2005 8:55:34 AM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/8/2005 4:07:18 AM | Attr =	]
(HPFXBULK) HPFXBULK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hpfxbulk.sys -> Hewlett Packard [Ver = 1, 0, 0, 10 | Size = 9344 bytes | Modified Date = 6/12/2006 1:36:30 PM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4436 | Size = 1353820 bytes | Modified Date = 11/28/2005 9:20:20 AM | Attr =	]
(IFXTPM) IFXTPM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ifxtpm.sys -> Infineon Technologies AG [Ver = 1.80.0001.00 built by: WinDDK | Size = 35968 bytes | Modified Date = 6/10/2005 8:26:00 AM | Attr =	]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5200 built by: WinDDK | Size = 4123136 bytes | Modified Date = 12/10/2005 3:48:40 AM | Attr =	]
(meiudf) meiudf [File_System | System | Running] -> %SystemRoot%\system32\drivers\meiudf.sys -> Matsubleepa Electric Industrial Co.,Ltd. [Ver = 4.0.7.0 | Size = 102384 bytes | Modified Date = 6/2/2005 2:33:00 PM | Attr =	]
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Mmc_2k.sys -> Roxio [Ver = 5.3.2.34 | Size = 30406 bytes | Modified Date = 1/10/2008 6:11:44 PM | Attr =	]
(NAVAP) NAVAP [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -> Symantec Corporation [Ver = 9.0.0.14 | Size = 218112 bytes | Modified Date = 6/20/2002 7:57:12 AM | Attr =	]
(NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -> Symantec Corporation [Ver = 9.0.0.14 | Size = 29184 bytes | Modified Date = 6/20/2002 7:57:14 AM | Attr =	]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080424.002\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 82256 bytes | Modified Date = 4/24/2008 2:00:00 AM | Attr =	]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080424.002\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 895408 bytes | Modified Date = 4/24/2008 2:00:00 AM | Attr =	]
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Netdevio.sys -> TOSHIBA Corporation. [Ver = Version 5.00.01.00 built by: WinDDK | Size = 12032 bytes | Modified Date = 1/30/2003 1:35:00 AM | Attr =	]
(PQNTDrv) PQNTDrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\PQNTDRV.sys -> PowerQuest Corporation [Ver = 8.00.000 | Size = 4228 bytes | Modified Date = 5/6/2004 8:48:40 AM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
(pwd_2K) pwd_2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pwd_2K.sys -> Roxio [Ver = 5.3.2.34 | Size = 134426 bytes | Modified Date = 1/10/2008 6:11:44 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 4/25/2005 12:03:00 PM | Attr =	]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 10, 1, 0, 2 | Size = 13568 bytes | Modified Date = 11/28/2005 11:09:26 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 1:25:53 PM | Attr =	]
(SMCIRDA) SMSC IrCC Miniport Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smcirda.sys -> SMSC [Ver = 5.1.3600.7 | Size = 46592 bytes | Modified Date = 12/10/2004 1:54:12 AM | Attr =	]
(smihlp) SMI helper driver [Kernel | Auto | Running] -> %ProgramFiles%\Protector Suite QL\smihlp.sys -> UPEK Inc. [Ver = 5.4.0.2688 | Size = 3456 bytes | Modified Date = 12/22/2005 8:25:32 AM | Attr =	]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 11:56:16 PM | Attr =	]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.0.0.13 | Size = 73224 bytes | Modified Date = 2/21/2007 3:23:48 AM | Attr =	]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 191936 bytes | Modified Date = 12/17/2005 3:15:06 AM | Attr =	]
(tbiosdrv) Toshiba Logical Tbios Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tbiosdrv.sys ->  [Ver =  | Size = 9472 bytes | Modified Date = 8/25/2005 2:20:28 AM | Attr =	]
(TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tcusb.sys -> UPEK Inc. [Ver = 1.8.1.55 | Size = 28800 bytes | Modified Date = 12/22/2005 8:37:32 AM | Attr =	]
(Thpdrv) TOSHIBA HDD Protection Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\thpdrv.sys -> TOSHIBA Corporation [Ver = 1.1.7.0 | Size = 16384 bytes | Modified Date = 12/28/2004 10:31:50 AM | Attr =	]
(Thpevm) TOSHIBA HDD Protection - Shock Sensor Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Thpevm.sys -> TOSHIBA Corporation [Ver = 1.1.0.1 | Size = 6144 bytes | Modified Date = 11/13/2004 11:24:52 PM | Attr = R  ]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.4 | Size = 162560 bytes | Modified Date = 11/30/2005 9:12:00 PM | Attr =	]
(TMEI3E) TMEI3E [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TMEI3E.sys -> Toshiba Corporation [Ver = 1, 0, 0, 5 | Size = 5888 bytes | Modified Date = 6/16/2004 10:08:48 PM | Attr =	]
(tosrfec) Bluetooth ACPI from TOSHIBA [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tosrfec.sys -> TOSHIBA Corporation [Ver = 1.02.00 | Size = 9344 bytes | Modified Date = 9/10/2005 1:47:10 AM | Attr =	]
(TVALD) Toshiba Mobile PC Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NBSMI.sys -> Toshiba Corporation [Ver = 1.0.0.11M built by: WinDDK | Size = 6144 bytes | Modified Date = 10/21/2005 1:03:42 AM | Attr =	]
(TVALG) Toshiba Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\TVALG.SYS -> TOSHIBA Corporation [Ver = 2, 0, 0, 10 | Size = 5888 bytes | Modified Date = 12/27/2005 12:49:00 AM | Attr =	]
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %SystemRoot%\system32\drivers\udfreadr_xp.sys -> Roxio [Ver = 5.3.2.34 built by: WinDDK | Size = 206464 bytes | Modified Date = 1/10/2008 6:11:44 PM | Attr =	]
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w39n51.sys -> Intel® Corporation [Ver = 10010-13 Driver | Size = 1428096 bytes | Modified Date = 12/4/2005 8:55:30 PM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 11:13:04 PM | Attr = R  ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
AdaptecDirectCD -> %ProgramFiles%\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe [C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe] -> Roxio [Ver = 5.3.2.34 | Size = 684032 bytes | Modified Date = 1/10/2008 6:11:44 PM | Attr =	]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:07 | Size = 88203 bytes | Modified Date = 10/15/2005 5:29:08 PM | Attr =	]
Alcmtr -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/4/2005 5:43:28 AM | Attr =	]
CFSServ.exe ->  [CFSServ.exe -NoClient] -> File not found
dla -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\system32\dla\DLACTRLW.exe] -> Sonic Solutions [Ver = 5.20.09a | Size = 122940 bytes | Modified Date = 10/6/2005 4:20:00 PM | Attr =	]
DockMsgFrom -> %ProgramFiles%\Toshiba\Toshiba Applet\DockMsgFrom.exe [C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe] -> File not found
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/12/2005 12:12:54 AM | Attr =	]
HPUsageTracking -> %ProgramFiles%\HP\HP UT\bin\hppusg.exe ["C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"] ->   [Ver = 1.0.2351.18703 | Size = 36864 bytes | Modified Date = 6/9/2006 11:23:28 AM | Attr =	]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4436 | Size = 77824 bytes | Modified Date = 11/28/2005 8:52:00 AM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4436 | Size = 118784 bytes | Modified Date = 11/28/2005 8:55:58 AM | Attr =	]
igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4436 | Size = 98304 bytes | Modified Date = 11/28/2005 8:55:14 AM | Attr =	]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> Intel Corporation [Ver = 10, 1, 0, 17 | Size = 602182 bytes | Modified Date = 11/28/2005 10:41:50 PM | Attr =	]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> Intel Corporation [Ver = 10, 1, 0, 42 | Size = 667718 bytes | Modified Date = 12/5/2005 11:37:40 PM | Attr =	]
LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe [C:\Program Files\ltmoh\Ltmoh.exe] -> Agere Systems [Ver = 1.75 | Size = 184320 bytes | Modified Date = 8/18/2004 2:37:44 PM | Attr =	]
NDSTray.exe ->  [NDSTray.exe] -> File not found
PadTouch -> %ProgramFiles%\TOSHIBA\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> File not found
Pinger -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/18/2005 4:37:26 AM | Attr =	]
PSQLLauncher -> %ProgramFiles%\Protector Suite QL\launcher.exe ["C:\Program Files\Protector Suite QL\launcher.exe" /startup] -> UPEK Inc. [Ver = 5.4.0.2688 | Size = 30208 bytes | Modified Date = 12/22/2005 8:29:04 AM | Attr =	]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 6/21/2007 9:13:22 PM | Attr =	]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.0.3.2 | Size = 15691264 bytes | Modified Date = 12/10/2005 2:49:42 AM | Attr =	]
SmoothView -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 122880 bytes | Modified Date = 4/27/2005 3:13:20 AM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 12/17/2005 3:32:58 AM | Attr =	]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 82009 bytes | Modified Date = 12/17/2005 3:34:16 AM | Attr =	]
TFncKy ->  [TFncKy.exe] -> File not found
THotkey -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe [C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe] -> TOSHIBA [Ver = 1.00.0018 | Size = 352256 bytes | Modified Date = 1/6/2006 1:02:24 AM | Attr =	]
ThpSrv -> %SystemRoot%\system32\ThpSrv.exe [thpsrv /logon] -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 176128 bytes | Modified Date = 12/20/2005 11:46:20 PM | Attr =	]
TMERzCtl.EXE -> %ProgramFiles%\TOSHIBA\TME3\TMERzCtl.exe [C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service] -> TOSHIBA [Ver = 1, 0, 2, 21 | Size = 81920 bytes | Modified Date = 3/18/2005 8:08:10 AM | Attr =	]
TMESRV.EXE -> %ProgramFiles%\TOSHIBA\TME3\TMESRV31.exe [C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon] -> TOSHIBA [Ver = 3, 1, 49, 0 | Size = 126976 bytes | Modified Date = 1/19/2005 1:18:40 AM | Attr =	]
ToolBoxFX -> %ProgramFiles%\HP\ToolBoxFX\bin\HPTLBXFX.exe ["C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on] -> HP [Ver = 2.2.170.0 | Size = 49152 bytes | Modified Date = 6/15/2006 8:43:20 AM | Attr =	]
TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 282624 bytes | Modified Date = 6/1/2005 8:00:12 AM | Attr =	]
vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 7/30/2002 10:35:04 PM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
MsnMsgr -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe ["C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 8/24/2000 3:16:34 PM | Attr =	]
< IT Dept Startup Folder > -> C:\Documents and Settings\IT Dept\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4436 | Size = 135168 bytes | Modified Date = 11/28/2005 8:51:04 AM | Attr =	]
NavLogon -> %SystemRoot%\system32\NavLogon.dll ->  [Ver =  | Size = 45056 bytes | Modified Date = 7/30/2002 10:33:00 PM | Attr =	]
psfus -> %SystemRoot%\system32\psqlpwd.dll -> UPEK Inc. [Ver = 5.4.0.2688 | Size = 40448 bytes | Modified Date = 12/22/2005 8:42:30 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATbleepA_DVD-RAM_UJ-841S________________1.60____\5&226f6cf2&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 12/6/2005 5:19:48 AM | Attr =	]
autorun.inf [;aJa0DKoFA2r9paCkKda7kiwd3o239AqKDlklk2w362LKws3f | [AutoRun] |;6AiDirj13Lls2fKl4dsliDawqs72Jj0dfC | open=18qur.exe |;a9DsjrlLX39a031soDD3rrwiAaS5r50K4LLaq4sqcdKlAJedfwol0wlai5dJlLkAs23l0wL | shell\open\Command=18qur.exe |;0aZwlks4dL1oKs3iJOs54q24iijrksAHAa2kdSl7DXwLe28JC3o9aDDfa2Aoqkr0DiA974doiap1lL3feki23swALi2iwAKawkKjr7wK6ow0amLj80s | shell\open\Default=1 |;ke74SZLdawjDds1jLlfl74AaLDaww4asaDK0As | shell\explore\Command=18qur.exe |;Jods52Lkjc2dLssSq2alJ93jAkJaDoeak4J57AKO547sa0d2o4iAwkDd1oaf3Zqrrk283kLKai1qkK47qIj42sf1kwKw33a0l74d04XsalirKDa8okq3lf | ] -> %SystemDrive%\autorun.inf [ NTFS ] ->  [Ver =  | Size = 554 bytes | Modified Date = 5/15/2008 4:47:44 PM | Attr = RHS]
autorun.inf [;aJa0DKoFA2r9paCkKda7kiwd3o239AqKDlklk2w362LKws3f | [AutoRun] |;6AiDirj13Lls2fKl4dsliDawqs72Jj0dfC | open=18qur.exe |;a9DsjrlLX39a031soDD3rrwiAaS5r50K4LLaq4sqcdKlAJedfwol0wlai5dJlLkAs23l0wL | shell\open\Command=18qur.exe |;0aZwlks4dL1oKs3iJOs54q24iijrksAHAa2kdSl7DXwLe28JC3o9aDDfa2Aoqkr0DiA974doiap1lL3feki23swALi2iwAKawkKjr7wK6ow0amLj80s | shell\open\Default=1 |;ke74SZLdawjDds1jLlfl74AaLDaww4asaDK0As | shell\explore\Command=18qur.exe |;Jods52Lkjc2dLssSq2alJ93jAkJaDoeak4J57AKO547sa0d2o4iAwkDd1oaf3Zqrrk283kLKai1qkK47qIj42sf1kwKw33a0l74d04XsalirKDa8okq3lf | ] -> E:\autorun.inf [ NTFS ] ->  [Ver =  | Size = 554 bytes | Modified Date = 5/15/2008 4:47:44 PM | Attr = RHS]
autorun.inf [;aJa0DKoFA2r9paCkKda7kiwd3o239AqKDlklk2w362LKws3f | [AutoRun] |;6AiDirj13Lls2fKl4dsliDawqs72Jj0dfC | open=18qur.exe |;a9DsjrlLX39a031soDD3rrwiAaS5r50K4LLaq4sqcdKlAJedfwol0wlai5dJlLkAs23l0wL | shell\open\Command=18qur.exe |;0aZwlks4dL1oKs3iJOs54q24iijrksAHAa2kdSl7DXwLe28JC3o9aDDfa2Aoqkr0DiA974doiap1lL3feki23swALi2iwAKawkKjr7wK6ow0amLj80s | shell\open\Default=1 |;ke74SZLdawjDds1jLlfl74AaLDaww4asaDK0As | shell\explore\Command=18qur.exe |;Jods52Lkjc2dLssSq2alJ93jAkJaDoeak4J57AKO547sa0d2o4iAwkDd1oaf3Zqrrk283kLKai1qkK47qIj42sf1kwKw33a0l74d04XsalirKDa8okq3lf | ] -> F:\autorun.inf [ FAT32 ] ->  [Ver =  | Size = 554 bytes | Modified Date = 5/15/2008 4:47:46 PM | Attr = RHS]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.toshibadirect.com/dpdstart -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.toshiba.com/search -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> 
HKEY_CURRENT_USER\: ProxyEnable -> 1 -> 
HKEY_CURRENT_USER\: ProxyOverride -> <local> -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 12:56:50 PM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.09a | Size = 110652 bytes | Modified Date = 10/6/2005 4:20:00 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 6/3/2005 3:09:54 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 6/3/2005 3:09:54 PM | Attr =	]
CmdMapping\\{4B30061A-5B39-11D3-80F8-0090276F843F} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4344121D-104D-4790-B105-B1A14D883C32} ->	(1394 Net Adapter) -> 
{80E853D8-7728-465F-9727-33C71C05B547} -> 192.110.150.252   (Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{996C52D5-FF3C-43FD-A69C-0698414E79A5} -> 192.110.150.252   (Intel(R) PRO/1000 PL Network Connection) -> 
{D3D94B86-E507-4C68-B670-266DA6016B5C} ->	(1394 Net Adapter) -> 
{DD003BA8-F5FB-4393-9E90-2266A6FDB293} ->	(1394 Net Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{304171C0-65EA-4B51-B5D9-93A311E26EB1}[HKEY_LOCAL_MACHINE] -> http://192.168.1.154/cgi-bin/MxPEG_ActiveX.cab?dummy=4238381[MxPEG_ActiveX Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198160761687[WUWebControl Class] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\/ImageUploader4.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\/ImageUploader4.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MxPEG_ActiveX.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MxPEG_ActiveX.ocx\\.Owner -> {304171C0-65EA-4B51-B5D9-93A311E26EB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MxPEG_ActiveX.ocx\\{304171C0-65EA-4B51-B5D9-93A311E26EB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 8:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 5:21:15 PM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1340 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
psqlpwd -> %SystemRoot%\system32\psqlpwd.dll -> UPEK Inc. [Ver = 5.4.0.2688 | Size = 40448 bytes | Modified Date = 12/22/2005 8:42:30 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> CC DC 11 06 88 BD A4 71 22 D3 EC 17 D7 D0 04 85 63 30 37 35 61 30 62 65 00 00 00 00 99 F9 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 7B 58 09 5A 04 21 75 16 76 4E 4C C0  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 27 5A 9C 97 8F A4 7A EF 6D  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 08 B4 4B A7 DF 4F  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 83 DF CF A2 FE 8A 8C 93 80 BB 52 A7 32 FB D6 E1  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 38 6A FA 08 AC FA C5 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8307 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\TOSHIBA\ivp\NetInt\Netint.exe -> C:\TOSHIBA\IVP\NetInt\netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine] -> TOSHIBA Corporation [Ver = 3.6.0.0 | Size = 462848 bytes | Modified Date = 11/4/2004 2:06:34 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\TOSHIBA\Ivp\ISM\pinger.exe -> C:\TOSHIBA\IVP\ISM\pinger.exe [C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/18/2005 4:37:26 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> America Online, Inc. [Ver = 9.02.000 | Size = 12888 bytes | Modified Date = 10/15/2004 1:33:08 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1133907811\EE\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1133907811\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1133907811\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> C:\Program Files\Common Files\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 7:24:37 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 10/28/2006 2:16:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/28/2006 2:37:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/28/2006 2:03:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\fxsclnt.exe -> C:\WINDOWS\system32\fxsclnt.exe [C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft  Fax Console] -> Microsoft Corporation [Ver = 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\\\192.110.150.3\lj_p2015 (f)\setup\hpznet01.exe -> \\192.110.150.3\lj_p2015 (f)\setup\hpznet01.exe:*:Enabled:hpznet01.exe -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\\\192.110.150.3\lj_p2015 (f)\setup\hppapd.exe -> \\192.110.150.3\lj_p2015 (f)\setup\hppapd.exe:*:Enabled:hppapd.exe -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\\\192.110.150.3\lj_p2015 (f)\setup\hpntwkexe.exe -> \\192.110.150.3\lj_p2015 (f)\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp.050725-1531) | Size = 398336 bytes | Modified Date = 7/26/2005 7:20:40 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp.050725-1531) | Size = 398336 bytes | Modified Date = 7/26/2005 7:20:40 AM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 1 -> 


[Files/Folders - Created Within 30 days]
18qur.exe -> %SystemDrive%\18qur.exe ->  [Ver =  | Size = 106851 bytes | Created Date = 5/14/2008 4:09:43 PM | Attr = RHS]
2.PRN -> %SystemDrive%\2.PRN ->  [Ver =  | Size = 95623 bytes | Created Date = 4/21/2008 2:26:23 PM | Attr =	]
3.PRN -> %SystemDrive%\3.PRN ->  [Ver =  | Size = 28141 bytes | Created Date = 4/21/2008 2:32:48 PM | Attr =	]
AudioConverter -> %SystemDrive%\AudioConverter ->  [Folder | Created Date = 4/16/2008 12:50:12 PM | Attr =	]
autorun.inf -> %SystemDrive%\autorun.inf ->  [Ver =  | Size = 554 bytes | Created Date = 5/13/2008 4:38:19 PM | Attr = RHS]
g83816.com -> %SystemDrive%\g83816.com ->  [Ver =  | Size = 103206 bytes | Created Date = 5/13/2008 4:40:26 PM | Attr = RHS]
r6r.exe -> %SystemDrive%\r6r.exe ->  [Ver =  | Size = 104638 bytes | Created Date = 5/13/2008 4:38:18 PM | Attr = RHS]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Created Date = 5/15/2008 4:53:25 PM | Attr =	]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 27048 bytes | Created Date = 5/15/2008 4:53:25 PM | Attr =	]
AddPort.ini -> %SystemRoot%\System32\AddPort.ini ->  [Ver =  | Size = 147 bytes | Created Date = 4/16/2008 4:18:59 PM | Attr =	]
hpbvnstp.his -> %SystemRoot%\hpbvnstp.his ->  [Ver =  | Size = 2073 bytes | Created Date = 4/16/2008 4:27:01 PM | Attr =	]
hpbvnstp.ini -> %SystemRoot%\hpbvnstp.ini ->  [Ver =  | Size = 694 bytes | Created Date = 4/16/2008 4:27:01 PM | Attr =	]
hpntwksetup.ini -> %SystemRoot%\hpntwksetup.ini ->  [Ver =  | Size = 986 bytes | Created Date = 4/16/2008 4:16:19 PM | Attr =	]
hppins05.dat -> %SystemRoot%\hppins05.dat ->  [Ver =  | Size = 92576 bytes | Created Date = 4/16/2008 4:10:46 PM | Attr =	]
hppmdl05.dat -> %SystemRoot%\hppmdl05.dat ->  [Ver =  | Size = 1016 bytes | Created Date = 4/16/2008 4:10:46 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Hewlett-Packard -> %AllUsersProfile%\Application Data\Hewlett-Packard ->  [Folder | Created Date = 4/16/2008 4:28:33 PM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 5/15/2008 4:53:25 PM | Attr =	]
AdobeUM -> %AppData%\AdobeUM ->  [Folder | Created Date = 4/16/2008 4:56:14 PM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 5/15/2008 4:53:30 PM | Attr =	]
fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat ->  [Ver =  | Size = 130 bytes | Created Date = 4/16/2008 4:33:13 PM | Attr =	]
My Safe -> %UserProfile%\My Documents\My Safe ->  [Folder | Created Date = 5/15/2008 9:57:38 AM | Attr = R S]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 704 bytes | Created Date = 5/15/2008 4:53:25 PM | Attr =	]
fb_data -> %UserProfile%\Desktop\fb_data ->  [Folder | Created Date = 4/18/2008 3:47:44 PM | Attr =	]
Full Tilt Poker.lnk -> %UserProfile%\Desktop\Full Tilt Poker.lnk ->  [Ver =  | Size = 317 bytes | Created Date = 5/5/2008 1:50:41 PM | Attr =	]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 5/14/2008 4:30:50 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HiJackThis.exe:Zone.Identifier
joyce -> %UserProfile%\Desktop\joyce ->  [Folder | Created Date = 4/21/2008 3:01:20 PM | Attr =	]
MxControlCenter.exe -> %UserProfile%\Desktop\MxControlCenter.exe -> MOBOTIX AG [Ver = 1, 3, 6, 0 | Size = 2695168 bytes | Created Date = 5/12/2008 10:12:53 AM | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Created Date = 5/15/2008 4:47:26 PM | Attr =	]
SWF Studio -> %CommonProgramFiles%\SWF Studio ->  [Folder | Created Date = 4/16/2008 4:09:36 PM | Attr =	]
Hewlett-Packard -> %ProgramFiles%\Hewlett-Packard ->  [Folder | Created Date = 4/16/2008 4:23:42 PM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 5/15/2008 4:53:24 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
18qur.exe -> %SystemDrive%\18qur.exe ->  [Ver =  | Size = 106851 bytes | Modified Date = 5/14/2008 4:09:16 PM | Attr = RHS]
2.PRN -> %SystemDrive%\2.PRN ->  [Ver =  | Size = 95623 bytes | Modified Date = 4/21/2008 2:30:42 PM | Attr =	]
3.PRN -> %SystemDrive%\3.PRN ->  [Ver =  | Size = 28141 bytes | Modified Date = 4/21/2008 2:33:34 PM | Attr =	]
AudioConverter -> %SystemDrive%\AudioConverter ->  [Folder | Modified Date = 4/16/2008 12:50:27 PM | Attr =	]
autorun.inf -> %SystemDrive%\autorun.inf ->  [Ver =  | Size = 554 bytes | Modified Date = 5/15/2008 4:47:44 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 4/19/2008 10:52:53 AM | Attr =  H ]
g83816.com -> %SystemDrive%\g83816.com ->  [Ver =  | Size = 103206 bytes | Modified Date = 5/14/2008 11:52:31 AM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 526372864 bytes | Modified Date = 5/15/2008 9:56:35 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 5/15/2008 4:53:24 PM | Attr =	]
r6r.exe -> %SystemDrive%\r6r.exe ->  [Ver =  | Size = 104638 bytes | Modified Date = 5/12/2008 7:05:56 PM | Attr = RHS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 5/15/2008 9:58:02 AM | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Modified Date = 5/5/2008 8:46:32 PM | Attr =	]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 27048 bytes | Modified Date = 5/5/2008 8:46:36 PM | Attr =	]
AddPort.ini -> %SystemRoot%\System32\AddPort.ini ->  [Ver =  | Size = 147 bytes | Modified Date = 4/16/2008 4:18:59 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 5/15/2008 9:57:33 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
DLA -> %SystemRoot%\System32\DLA ->  [Folder | Modified Date = 5/15/2008 9:56:43 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 5/15/2008 4:48:03 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 5/15/2008 4:53:25 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 329888 bytes | Modified Date = 4/16/2008 4:25:51 PM | Attr =	]
FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 5/14/2008 3:54:53 PM | Attr =	]
Lang -> %SystemRoot%\System32\Lang ->  [Folder | Modified Date = 5/15/2008 9:58:42 AM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 54682 bytes | Modified Date = 4/30/2008 10:25:39 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 385164 bytes | Modified Date = 4/30/2008 10:25:39 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 445630 bytes | Modified Date = 4/30/2008 10:25:39 AM | Attr =	]
SIntf16.dll -> %SystemRoot%\System32\SIntf16.dll ->  [Ver =  | Size = 12067 bytes | Modified Date = 5/5/2008 2:16:51 PM | Attr =	]
SIntf32.dll -> %SystemRoot%\System32\SIntf32.dll ->  [Ver =  | Size = 17212 bytes | Modified Date = 5/5/2008 2:16:51 PM | Attr =	]
SIntfNT.dll -> %SystemRoot%\System32\SIntfNT.dll ->  [Ver =  | Size = 21840 bytes | Modified Date = 5/5/2008 2:16:51 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 5/12/2008 9:25:53 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 5/15/2008 9:56:40 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 5/13/2008 3:18:14 PM | Attr =   S]
EaseAudioConverter.ini -> %SystemRoot%\EaseAudioConverter.ini ->  [Ver =  | Size = 2278 bytes | Modified Date = 4/16/2008 12:50:29 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 4/16/2008 4:20:47 PM | Attr = R S]
hpbvnstp.his -> %SystemRoot%\hpbvnstp.his ->  [Ver =  | Size = 2073 bytes | Modified Date = 4/16/2008 4:27:22 PM | Attr =	]
hpbvnstp.ini -> %SystemRoot%\hpbvnstp.ini ->  [Ver =  | Size = 694 bytes | Modified Date = 4/16/2008 4:27:22 PM | Attr =	]
hpntwksetup.ini -> %SystemRoot%\hpntwksetup.ini ->  [Ver =  | Size = 986 bytes | Modified Date = 4/16/2008 4:18:46 PM | Attr =	]
hppins05.dat -> %SystemRoot%\hppins05.dat ->  [Ver =  | Size = 92576 bytes | Modified Date = 4/16/2008 4:28:58 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 4/16/2008 4:26:33 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 4/18/2008 4:57:19 PM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 5/15/2008 5:02:12 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 5/15/2008 5:00:35 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 5/15/2008 5:01:58 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 5/15/2008 9:56:54 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 2/12/2007 10:22:07 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 4/9/2008 4:45:15 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 4/9/2008 4:45:15 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 2/13/2007 2:49:51 AM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 2/13/2007 2:49:51 AM | Attr =	]
C:\Documents and Settings\IT Dept\Local Settings\Temp\ -> C:\Documents and Settings\IT Dept\Local Settings\Temp ->  [Folder | Modified Date = 5/15/2008 5:02:15 PM | Attr =	]
unidrv.dll -> C:\Documents and Settings\IT Dept\Local Settings\Temp\unidrv.dll -> Microsoft Corporation [Ver = 5.2.3790.184 (srv03_qfe.040410-1236) | Size = 264704 bytes | Modified Date = 8/4/2004 12:26:48 PM | Attr =	]
unidrvui.dll -> C:\Documents and Settings\IT Dept\Local Settings\Temp\unidrvui.dll -> Microsoft Corporation [Ver = 5.2.3790.120 (srv03_qfe.031205-1652) | Size = 197120 bytes | Modified Date = 8/4/2004 12:26:48 PM | Attr =	]
unires.dll -> C:\Documents and Settings\IT Dept\Local Settings\Temp\unires.dll -> Microsoft Corporation [Ver = 5.2.3790.120 (srv03_qfe.031205-1652) | Size = 619520 bytes | Modified Date = 8/4/2004 12:26:36 PM | Attr =	]
13 C:\Documents and Settings\IT Dept\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\IT Dept\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\IT Dept\Local Settings\Temp\ -> C:\Documents and Settings\IT Dept\Local Settings\Temp ->  [Folder | Modified Date = 5/15/2008 5:02:15 PM | Attr =	]
VIRUPDAT.INI -> C:\Documents and Settings\IT Dept\Local Settings\Temp\VIRUPDAT.INI ->  [Ver =  | Size = 33708 bytes | Modified Date = 4/24/2008 1:00:00 AM | Attr =	]
13 C:\Documents and Settings\IT Dept\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\IT Dept\Local Settings\Temp\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 5/15/2008 5:01:58 PM | Attr =	]
unidrv.dll -> C:\WINDOWS\Temp\unidrv.dll -> Microsoft Corporation [Ver = 5.2.3790.184 (srv03_qfe.040410-1236) | Size = 264704 bytes | Modified Date = 8/4/2004 12:26:48 PM | Attr =	]
unidrvui.dll -> C:\WINDOWS\Temp\unidrvui.dll -> Microsoft Corporation [Ver = 5.2.3790.120 (srv03_qfe.031205-1652) | Size = 197120 bytes | Modified Date = 8/4/2004 12:26:48 PM | Attr =	]
unires.dll -> C:\WINDOWS\Temp\unires.dll -> Microsoft Corporation [Ver = 5.2.3790.120 (srv03_qfe.031205-1652) | Size = 619520 bytes | Modified Date = 8/4/2004 12:26:36 PM | Attr =	]
16 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\pdk-SYSTEM\ -> C:\WINDOWS\Temp\pdk-SYSTEM ->  [Folder | Modified Date = 11/10/2007 2:36:36 PM | Attr =	]
142f1f73ea8a4ef5d97a09bc7fa12082.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\142f1f73ea8a4ef5d97a09bc7fa12082.dll ->  [Ver =  | Size = 20571 bytes | Modified Date = 11/7/2007 10:37:45 PM | Attr = R  ]
1890442fca8f85e8dd017e73c1d1412e.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\1890442fca8f85e8dd017e73c1d1412e.dll ->  [Ver =  | Size = 24671 bytes | Modified Date = 11/7/2007 10:37:44 PM | Attr = R  ]
2702e0cfa88c857f61d1b1c62f021234.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\2702e0cfa88c857f61d1b1c62f021234.dll ->  [Ver =  | Size = 28785 bytes | Modified Date = 11/7/2007 10:37:45 PM | Attr = R  ]
3d96fc474ad08dd2a977ee4ae0a5bb1a.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\3d96fc474ad08dd2a977ee4ae0a5bb1a.dll ->  [Ver =  | Size = 36981 bytes | Modified Date = 11/7/2007 10:37:45 PM | Attr = R  ]
43b965ce4d04b0666c0805ec8d8aa9d7.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\43b965ce4d04b0666c0805ec8d8aa9d7.dll ->  [Ver =  | Size = 24675 bytes | Modified Date = 11/7/2007 10:37:46 PM | Attr = R  ]
44a84ae0057c065b284e031c2913b8e0.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\44a84ae0057c065b284e031c2913b8e0.dll ->  [Ver =  | Size = 24676 bytes | Modified Date = 11/7/2007 10:37:46 PM | Attr = R  ]
731376cca0c87f28ab9530bb7addec08.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\731376cca0c87f28ab9530bb7addec08.dll ->  [Ver =  | Size = 77941 bytes | Modified Date = 11/7/2007 10:37:45 PM | Attr = R  ]
7c907bb62acfd587b40f44491e31264a.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\7c907bb62acfd587b40f44491e31264a.dll ->  [Ver =  | Size = 28769 bytes | Modified Date = 11/7/2007 10:37:44 PM | Attr = R  ]
84b38bcf9223bae145f064c64aa65d89.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\84b38bcf9223bae145f064c64aa65d89.dll ->  [Ver =  | Size = 20585 bytes | Modified Date = 11/7/2007 10:37:44 PM | Attr = R  ]
8c64b0071dee7379e57128ebbf6d5ebc.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\8c64b0071dee7379e57128ebbf6d5ebc.dll ->  [Ver =  | Size = 28789 bytes | Modified Date = 11/10/2007 2:36:36 PM | Attr = R  ]
9e54fd72ddb76db13cf1136140fc4678.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\9e54fd72ddb76db13cf1136140fc4678.dll ->  [Ver =  | Size = 36979 bytes | Modified Date = 11/7/2007 10:37:46 PM | Attr = R  ]
b6543d2aee40262cf0606f443e84e226.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\b6543d2aee40262cf0606f443e84e226.dll ->  [Ver =  | Size = 32873 bytes | Modified Date = 11/7/2007 10:37:46 PM | Attr = R  ]
bff5e5685df2aaa429b36abf21d9c117.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\bff5e5685df2aaa429b36abf21d9c117.dll ->  [Ver =  | Size = 700527 bytes | Modified Date = 11/7/2007 10:37:46 PM | Attr = R  ]
d4b64fdb4781041ca9c2109429455e9b.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\d4b64fdb4781041ca9c2109429455e9b.dll ->  [Ver =  | Size = 24674 bytes | Modified Date = 11/10/2007 2:36:36 PM | Attr = R  ]
d5648369d813ae31727a6cdd8df26bdb.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\d5648369d813ae31727a6cdd8df26bdb.dll ->  [Ver =  | Size = 24663 bytes | Modified Date = 11/7/2007 10:37:45 PM | Attr = R  ]
e9131fd55372248df7d4bbb1833d68c8.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\e9131fd55372248df7d4bbb1833d68c8.dll ->  [Ver =  | Size = 77919 bytes | Modified Date = 11/7/2007 10:37:44 PM | Attr = R  ]
f42c3d9928c2fbb4b98bbdef642fadd4.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\f42c3d9928c2fbb4b98bbdef642fadd4.dll ->  [Ver =  | Size = 24665 bytes | Modified Date = 11/7/2007 10:37:44 PM | Attr = R  ]
fa740baab544400bfe23b1e9c183e1ae.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\fa740baab544400bfe23b1e9c183e1ae.dll ->  [Ver =  | Size = 24674 bytes | Modified Date = 11/7/2007 10:37:47 PM | Attr = R  ]
C:\WINDOWS\Temp\pdk-SYSTEM\d431143ce0d300df708c79269a7c067a\ -> C:\WINDOWS\Temp\pdk-SYSTEM\d431143ce0d300df708c79269a7c067a ->  [Folder | Modified Date = 11/7/2007 10:37:44 PM | Attr =	]
perl58.dll -> C:\WINDOWS\Temp\pdk-SYSTEM\d431143ce0d300df708c79269a7c067a\perl58.dll -> ActiveState, a division of Sophos [Ver = 5,8,7,815 | Size = 815185 bytes | Modified Date = 11/7/2007 10:37:44 PM | Attr =	]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 2/10/2007 11:56:32 PM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 2/21/2007 3:02:34 AM | Attr =	]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 2/10/2007 11:56:32 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2/10/2007 11:56:32 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0VS12T6J\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0VS12T6J ->  [Folder | Modified Date = 2/13/2007 1:40:13 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0VS12T6J\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2/10/2007 11:56:32 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2PWZ654F\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2PWZ654F ->  [Folder | Modified Date = 2/16/2007 9:18:35 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2PWZ654F\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2/10/2007 11:56:32 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4RO1I9MH\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4RO1I9MH ->  [Folder | Modified Date = 2/13/2007 1:40:10 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4RO1I9MH\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2/10/2007 11:56:32 PM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O5Q149M7\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O5Q149M7 ->  [Folder | Modified Date = 2/13/2007 2:56:03 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O5Q149M7\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 2/10/2007 11:56:32 PM | Attr =  HS]
mcltvers[1].ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O5Q149M7\mcltvers[1].ini ->  [Ver =  | Size = 2657 bytes | Modified Date = 2/13/2007 1:37:36 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Hewlett-Packard -> %AllUsersProfile%\Application Data\Hewlett-Packard ->  [Folder | Modified Date = 4/16/2008 4:28:33 PM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Modified Date = 5/15/2008 4:53:25 PM | Attr =	]
AdobeUM -> %AppData%\AdobeUM ->  [Folder | Modified Date = 4/16/2008 4:56:14 PM | Attr =	]
HP -> %AppData%\HP ->  [Folder | Modified Date = 4/16/2008 4:31:02 PM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 5/15/2008 4:53:30 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 4/16/2008 4:28:12 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 50688 bytes | Modified Date = 4/28/2008 12:16:03 PM | Attr =	]
fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat ->  [Ver =  | Size = 130 bytes | Modified Date = 4/16/2008 4:33:13 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 84112 bytes | Modified Date = 4/18/2008 11:38:18 AM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4844432 bytes | Modified Date = 5/14/2008 4:25:39 PM | Attr =  H ]
Default.rdp -> %UserProfile%\My Documents\Default.rdp ->  [Ver =  | Size = 1178 bytes | Modified Date = 4/16/2008 1:04:47 PM | Attr =  H ]
My Safe -> %UserProfile%\My Documents\My Safe ->  [Folder | Modified Date = 5/15/2008 9:57:38 AM | Attr = R S]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 704 bytes | Modified Date = 5/15/2008 4:53:25 PM | Attr =	]
fb_data -> %UserProfile%\Desktop\fb_data ->  [Folder | Modified Date = 4/21/2008 3:15:42 PM | Attr =	]
Full Tilt Poker.lnk -> %UserProfile%\Desktop\Full Tilt Poker.lnk ->  [Ver =  | Size = 317 bytes | Modified Date = 5/5/2008 1:50:41 PM | Attr =	]
Jimmy tidory.doc -> %UserProfile%\Desktop\Jimmy tidory.doc ->  [Ver =  | Size = 63488 bytes | Modified Date = 5/5/2008 2:15:43 PM | Attr =	]
joyce -> %UserProfile%\Desktop\joyce ->  [Folder | Modified Date = 4/21/2008 3:17:10 PM | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Modified Date = 5/15/2008 4:47:39 PM | Attr =	]
SWF Studio -> %CommonProgramFiles%\SWF Studio ->  [Folder | Modified Date = 4/16/2008 4:09:36 PM | Attr =	]

< End of report >

"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#5 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:06:55 PM

Posted 15 May 2008 - 09:26 AM

N.B: I am able to see the hidden folders again :thumbsup:
"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#6 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:11:55 AM

Posted 15 May 2008 - 11:27 AM

Theres a couple of things I want to look at in there, but how is the machine running? Problems gone?
Let me know,
Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#7 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:06:55 PM

Posted 15 May 2008 - 11:38 AM

It is running very well and the Symantec alerts stoped appearing when booting the PC.l
Thanks for your help :thumbsup:
"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#8 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:06:55 PM

Posted 16 May 2008 - 08:43 AM

Hey harrythook,
bad news, the amvo.exe came back.
i noticed that when i use flash_disinfector the amvo.exe entry disappears from the HJT log and i m not able to fix it's registry entry , maybe that's why it came back, i dunno.
what do you say?
"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#9 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:11:55 AM

Posted 18 May 2008 - 09:07 AM

Hey Wassim,
sorry for the delay, I have a lot of work that I am doing right now :thumbsup:

I would like you upload a couple of lifes for me:
Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: 18qur.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

    Repeat the process:
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: g83816.com
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
Let me know how you make out with that.

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#10 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:06:55 PM

Posted 18 May 2008 - 09:25 AM

Hey harrythook :thumbsup:

Well, what i did before you reply is scan with HJT, fix the amvo.exe entry without using Flash_disinefctor first , than with malware bytes i made a complete computer scan and it detected, along with amvo.exe and amvo0.dll, amvo1.dll wish was not detected nor removed the first time and maybe regenerated the amvo.exe.

It's been 48 hours since i did that and the problem disapeared till now.

i'll do what you said regarding UploadMalware.

I'll keep you posted.

Edited by Wassim, 18 May 2008 - 10:05 AM.

"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#11 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:11:55 AM

Posted 18 May 2008 - 01:48 PM

:thumbsup:

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#12 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:06:55 PM

Posted 18 May 2008 - 01:58 PM

Hey Harry ,

Since i cleaned the temp folder and other stuff and i can't browse to the files you mentioned.

I'll wait for another 48 hours if the infection does not show up again you can close this topic.

thanks for your guidance.

It helps me learn more.:thumbsup:
"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#13 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:11:55 AM

Posted 21 May 2008 - 07:48 PM

48 hours are up, any results/updates?

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#14 Wassim

Wassim
  • Topic Starter

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:06:55 PM

Posted 22 May 2008 - 03:23 AM

oh man , it's back again.

my boss inserted a Digital cam memory card and i don't know if that's the source of the new infection or it's the same old one reappearing.

Here's a new HJT Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:05 AM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\IT Dept\Desktop\Wass\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.110.150.252:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DockMsgFrom] C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {304171C0-65EA-4B51-B5D9-93A311E26EB1} (MxPEG_ActiveX Control) - http://192.168.1.154/cgi-bin/MxPEG_ActiveX.cab?dummy=4238381
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198160761687
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80E853D8-7728-465F-9727-33C71C05B547}: NameServer = 192.110.150.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{996C52D5-FF3C-43FD-A69C-0698414E79A5}: NameServer = 192.110.150.252
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: OracleorahomeTNSListenerLISTENER1 - Unknown owner - E:\oracle\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceMCDATA - Unknown owner - e:\oracle\bin\ORACLE.EXE (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 10091 bytes
"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

#15 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:11:55 AM

Posted 23 May 2008 - 06:54 AM

Hey Wassim,
This infection is referred to as the flash drive infection or R-jump because it is transferred via removable storage devices such as memory cards.

You have to perform the previous steps again on this machine, and use the flash drive disinfector tool last. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well. You will have to inform all users that the infection may be present in any memory device they have plugged into a machine there, and might have been transferred to other machines.

Looks like you have some work to do, let me know your progress and what help you need.

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users