Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uncdms.dll And Connection Problem!


  • This topic is locked This topic is locked
19 replies to this topic

#1 ayoboo

ayoboo

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 PM

Posted 14 June 2008 - 09:25 PM

Few months ago i had another topic and my virus was fix but after installing so many anti virus, and firewalls program as recommended it sort of got confusing because of so many pop that kept asking for my permission whether or not I would allow this and so fort. So I think I did something wrong and my internet connection went crazy on me. It would connect but I wouldn't be able to browse. I had to keep repairing it in order to use it! Most of the time a blue screen screen would appear and tell me that my laptop has enter a problem and has to restart OR worst it would just freezes on me!! I'm using a laptop btw way w/ wireless connection. So I decided to do a PC recovery for my HP laptop and I just wanted to make sure if anything is still wrong, which I believe there still is!

It now ask me to install uncdms.dll because windowsSearch cannot be located every time I start up my laptop! HELP!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:38 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Vongo\Tray.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 5347 bytes

Edited by ayoboo, 14 June 2008 - 09:27 PM.


BC AdBot (Login to Remove)

 


m

#2 ayoboo

ayoboo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 PM

Posted 21 June 2008 - 08:52 AM

anyone please! it's been more than 5 days :thumbsup:

#3 ayoboo

ayoboo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 PM

Posted 26 June 2008 - 08:00 AM

? ><

#4 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:09:40 AM

Posted 07 July 2008 - 02:12 AM

Hello ayoboo

I apologize for the delay in response as we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#5 ayoboo

ayoboo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 PM

Posted 11 July 2008 - 09:27 PM

Hey thanks! I've formated my computer just yesterday again because my laptop couldn't connect to my wireless laptop and now it works. but I think I still have some problems! here are the logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:47 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Documents and Settings\helen\Desktop\dss.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\helen\Desktop\helen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6307 bytes

Deckard's System Scanner v20071014.68
Run by helen on 2008-07-11 15:53:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-07-11 22:53:31 UTC - RP7 - Deckard's System Scanner Restore Point
6: 2008-07-11 02:45:28 UTC - RP6 - Removed Vongo
5: 2008-07-11 02:43:49 UTC - RP5 - Removed Quicken 2006
4: 2008-07-10 05:36:08 UTC - RP4 - Installed HP Pavilion Webcam Demo
3: 2008-07-10 05:35:41 UTC - RP3 - Installed HP Pavilion Webcam Tray Icon


-- First Restore Point --
1: 2008-07-10 05:23:10 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as helen.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:47 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Documents and Settings\helen\Desktop\dss.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\helen\Desktop\helen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6307 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20050901.036\symidsco.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 18:03:24 0 d-------- C:\WINDOWS\LastGood
2008-07-11 18:02:44 0 d-------- C:\Documents and Settings\helen\Application Data\Macromedia
2008-07-11 18:02:21 0 d-------- C:\Documents and Settings\helen\Application Data\U3
2008-07-11 15:40:30 0 d-------- C:\Documents and Settings\helen\Application Data\Adobe
2008-07-11 15:39:05 0 d-------- C:\Documents and Settings\helen\Application Data\acccore
2008-07-10 19:30:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-07-10 19:30:21 0 d-------- C:\Documents and Settings\helen\Application Data\GTek
2008-07-10 18:32:03 0 d-------- C:\Documents and Settings\helen\Application Data\Mozilla
2008-07-09 22:26:49 0 d---s---- C:\Documents and Settings\helen\Temporary Internet Files
2008-07-09 22:26:49 0 d---s---- C:\Documents and Settings\helen\History
2008-07-09 22:24:24 0 dr------- C:\Documents and Settings\helen\Favorites
2008-07-09 22:24:24 0 d-------- C:\Documents and Settings\helen\Desktop
2008-07-09 22:24:24 0 d---s---- C:\Documents and Settings\helen\Cookies
2008-07-09 22:24:24 0 dr-h----- C:\Documents and Settings\helen\Application Data
2008-07-09 22:24:24 0 d-------- C:\Documents and Settings\helen\Application Data\Intuit
2008-07-09 22:24:24 0 d-------- C:\Documents and Settings\helen\Application Data\Identities
2008-07-09 22:24:23 0 d--h----- C:\Documents and Settings\helen\Templates
2008-07-09 22:24:23 0 dr------- C:\Documents and Settings\helen\Start Menu
2008-07-09 22:24:23 0 dr-h----- C:\Documents and Settings\helen\SendTo
2008-07-09 22:24:23 0 dr-h----- C:\Documents and Settings\helen\Recent
2008-07-09 22:24:23 0 d--h----- C:\Documents and Settings\helen\PrintHood
2008-07-09 22:24:23 1048576 --ah----- C:\Documents and Settings\helen\NTUSER.DAT
2008-07-09 22:24:23 0 d--h----- C:\Documents and Settings\helen\NetHood
2008-07-09 22:24:23 0 dr------- C:\Documents and Settings\helen\My Documents
2008-07-09 22:24:23 0 d--h----- C:\Documents and Settings\helen\Local Settings
2008-06-29 18:27:05 0 d-------- C:\Documents and Settings\HelenY\Application Data\CyberLink
2008-06-29 18:27:02 0 d-------- C:\Documents and Settings\HelenY\Application Data\HP
2008-06-29 16:38:48 0 d-------- C:\Documents and Settings\HelenY\Application Data\GRETECH
2008-06-28 06:33:23 0 d-------- C:\Documents and Settings\HelenY\Application Data\Sony Ericsson
2008-06-27 17:32:54 0 d-------- C:\Documents and Settings\HelenY\Application Data\Sun
2008-06-27 15:52:50 0 d-------- C:\Documents and Settings\HelenY\Application Data\Teleca
2008-06-27 15:21:06 0 d-------- C:\Documents and Settings\HelenY\Application Data\Leadertech
2008-06-19 16:57:50 0 d-------- C:\Documents and Settings\HelenY\Contacts
2008-06-16 20:33:37 0 d-------- C:\Documents and Settings\HelenY\Application Data\AdobeUM
2008-06-14 21:01:51 0 dr------- C:\Documents and Settings\HelenY\Favorites
2008-06-14 21:01:51 0 d-------- C:\Documents and Settings\HelenY\Desktop
2008-06-14 21:01:51 0 d--hs---- C:\Documents and Settings\HelenY\Cookies
2008-06-14 21:01:51 0 dr-h----- C:\Documents and Settings\HelenY\Application Data
2008-06-14 21:01:51 0 d---s---- C:\Documents and Settings\HelenY\Application Data\Microsoft
2008-06-14 21:01:51 0 d-------- C:\Documents and Settings\HelenY\Application Data\Intuit
2008-06-14 21:01:51 0 d-------- C:\Documents and Settings\HelenY\Application Data\Identities
2008-06-14 21:01:50 0 d--h----- C:\Documents and Settings\HelenY\Templates
2008-06-14 21:01:50 0 dr------- C:\Documents and Settings\HelenY\Start Menu
2008-06-14 21:01:50 0 dr-h----- C:\Documents and Settings\HelenY\SendTo
2008-06-14 21:01:50 0 dr-h----- C:\Documents and Settings\HelenY\Recent
2008-06-14 21:01:50 0 d--h----- C:\Documents and Settings\HelenY\PrintHood
2008-06-14 21:01:50 2359296 --ah----- C:\Documents and Settings\HelenY\NTUSER.DAT
2008-06-14 21:01:50 0 d--h----- C:\Documents and Settings\HelenY\NetHood
2008-06-14 21:01:50 0 dr------- C:\Documents and Settings\HelenY\My Documents
2008-06-14 21:01:50 0 d--h----- C:\Documents and Settings\HelenY\Local Settings
2008-06-14 18:57:04 0 d-------- C:\Program Files\Trend Micro
2008-06-14 18:52:53 0 d-------- C:\Documents and Settings\HelenY\Application Data\U3
2008-06-14 18:32:28 0 d-------- C:\Documents and Settings\HelenY\Application Data\Adobe
2008-06-14 18:19:06 0 d-------- C:\Documents and Settings\HelenY\Application Data\Macromedia
2008-06-14 18:18:03 0 d-------- C:\Documents and Settings\HelenY\Application Data\Mozilla
2008-06-14 18:17:27 0 d-------- C:\Documents and Settings\HelenY\Application Data\acccore


-- Find3M Report ---------------------------------------------------------------

2008-07-10 19:47:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-10 19:47:13 0 d-------- C:\Program Files\Symantec
2008-07-10 19:43:57 0 d-------- C:\Program Files\Quicken
2008-07-10 19:43:54 0 d-------- C:\Program Files\Common Files
2008-07-09 22:36:09 0 d-------- C:\Program Files\HP Pavilion Webcam Demo
2008-07-09 22:16:25 0 d-------- C:\Program Files\HPQ
2008-07-09 21:35:35 0 d-------- C:\Program Files\Windows NT
2008-07-09 21:30:40 0 d-------- C:\Program Files\Quickensetup
2008-07-09 21:30:09 0 d-------- C:\Program Files\Online Services
2008-07-09 21:28:11 0 d-------- C:\Program Files\music_now
2008-07-09 21:28:11 0 d-------- C:\Program Files\MSN Encarta Plus
2008-07-09 21:28:08 0 d-------- C:\Program Files\Movie Maker
2008-07-09 21:28:07 0 d-------- C:\Program Files\Microsoft Works
2008-07-09 21:27:24 0 d-------- C:\Program Files\Microsoft Office Trial Wizard
2008-07-09 21:26:59 0 d-------- C:\Program Files\Microsoft Money 2006
2008-07-09 21:26:41 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-09 21:26:41 0 d-------- C:\Program Files\Messenger
2008-07-09 21:26:14 0 d-------- C:\Program Files\HP Rhapsody
2008-07-09 21:24:56 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-09 21:24:29 0 d-------- C:\Program Files\Google
2008-07-09 21:24:28 0 d-------- C:\Program Files\CONEXANT
2008-07-09 21:24:00 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-07-09 21:24:00 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-07-09 21:23:17 0 d-------- C:\Program Files\Common Files\LightScribe
2008-07-05 07:23:25 0 d-------- C:\Program Files\Yahoo!
2008-06-27 15:37:47 0 d-------- C:\Program Files\Canon
2008-06-14 18:32:21 1927 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 10:03 PM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [02/14/2006 07:49 PM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [03/23/2006 08:45 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/23/2006 05:17 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/23/2006 05:13 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/23/2006 05:17 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/03/2006 10:46 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [04/11/2006 09:54 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/16/2006 02:42 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [01/26/2006 04:18 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 10:23 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 09:15 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [12/14/2006 1:04:01 PM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [9/24/2005 10:39:30 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 12:40:46 PM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b2d6222-4fae-11dd-b2d8-0016d3041248}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-11 15:57:12 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2050 @ 1.60GHz
CPU 1: Genuine Intel® CPU T2050 @ 1.60GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1014.04 MiB / 697.95 MiB
Pagefile Memory (total/avail): 2440.33 MiB / 2223.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.62 MiB

C: is Fixed (NTFS) - 101.55 GiB total, 83.75 GiB free.
D: is Fixed (FAT32) - 9.21 GiB total, 1.23 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9120821AS - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 101.55 GiB - C:
\PARTITION1 - Unknown - 9.22 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\helen\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HELEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\helen
LOGONSERVER=\\HELEN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\helen\LOCALS~1\Temp
TMP=C:\DOCUME~1\helen\LOCALS~1\Temp
USERDOMAIN=HELEN
USERNAME=helen
USERPROFILE=C:\Documents and Settings\helen
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

helen (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\Setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iwis30B2a.inf
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_wis30B2m\HXFSETUP.EXE -U -Iwis30B2m.INF
HijackThis 2.0.2 --> "C:\Documents and Settings\helen\Desktop\HijackThis.exe" /uninstall
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Pavilion Webcam Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC397D90-720E-426D-B381-0A10C6FD5A49}\setup.exe" -l0x9 -removeonly
HP Pavilion Webcam Tray Icon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C23BEBC-0429-4254-A83F-15C591AB768A}\Setup.exe" -l0x9
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.00 D1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0027 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 E1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Mah Jong Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Oasis from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
SmartAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly -S
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tradewinds from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly


-- Application Event Log -------------------------------------------------------

Event Record #/Type109 / Warning
Event Submitted/Written: 07/10/2008 07:47:27 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{30465B6C-B53F-49A1-9EBA-A3F187AD502E}', feature 'SoleFeature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type108 / Warning
Event Submitted/Written: 07/10/2008 07:47:27 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{30465B6C-B53F-49A1-9EBA-A3F187AD502E}', feature 'SoleFeature', component '{B7195B4D-220F-4055-B216-675DFB956538}' failed. The resource 'C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll' does not exist.

Event Record #/Type16 / Warning
Event Submitted/Written: 07/09/2008 10:27:05 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{DB7E00C9-6DEF-489A-8112-D8F81614F45A}', feature 'VongoClient' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type14 / Error
Event Submitted/Written: 07/09/2008 10:26:10 PM
Event ID/Source: 4106 / MSDTC
Event Description:
Could not install the MS DTC service.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1385 / Warning
Event Submitted/Written: 07/11/2008 06:36:13 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.100 for the Network Card
with network address 001302434838 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Event Record #/Type1382 / Error
Event Submitted/Written: 07/11/2008 06:16:02 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type1381 / Error
Event Submitted/Written: 07/11/2008 06:16:02 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type1380 / Warning
Event Submitted/Written: 07/11/2008 06:16:02 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001302434838. The IP address being used is 169.254.154.202.

Event Record #/Type1378 / Error
Event Submitted/Written: 07/11/2008 06:14:24 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2008-07-11 15:57:12 ------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 11, 2008 23:55:08
Records in database: 943464
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 86492
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:50:44


File name / Threat name / Threats count
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bj 1
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe Infected: not-a-virus:AdWare.Win32.Agent.aeh 1
C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm Infected: Exploit.PHP.Userpic.a 1

The selected area was scanned.

#6 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:09:40 AM

Posted 16 July 2008 - 06:29 PM

Hello ayoboo,

I am sorry for the delay in reply, I've been having some internet problems.

Please rescan with DSS again so i can work with a fresh log :thumbsup:

Thanks,
Anna
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#7 ayoboo

ayoboo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 PM

Posted 16 July 2008 - 10:06 PM

This time when I ran DSS, it only gave me a main.txt

Deckard's System Scanner v20071014.68
Run by helen on 2008-07-16 23:01:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as helen.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-16 23:04:46
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HPQ\Shared\HpqToaster.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\helen\Desktop\dss.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


--
End of file - 6136 bytes

-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-16 20:59:15 0 d-------- C:\WINDOWS\LastGood
2008-07-14 20:08:17 0 d-------- C:\Documents and Settings\helen\Application Data\Sony
2008-07-14 20:08:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-14 19:47:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-14 19:45:33 0 d-------- C:\Documents and Settings\helen\Application Data\Audacity
2008-07-14 19:44:55 0 d-------- C:\Program Files\Avanquest update
2008-07-14 19:44:55 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-07-14 19:43:38 0 d-------- C:\Documents and Settings\helen\Application Data\InstallShield
2008-07-13 13:28:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-13 09:09:04 0 d-------- C:\Program Files\MetaStream
2008-07-13 08:21:53 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-12 19:34:00 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-07-12 11:17:06 0 d-------- C:\Documents and Settings\helen\Application Data\Leadertech
2008-07-11 18:02:44 0 d-------- C:\Documents and Settings\helen\Application Data\Macromedia
2008-07-11 18:02:21 0 d-------- C:\Documents and Settings\helen\Application Data\U3
2008-07-11 16:05:17 0 d-------- C:\Program Files\Sun
2008-07-11 16:01:53 0 d-------- C:\Documents and Settings\helen\Application Data\Sun
2008-07-11 15:40:30 0 d-------- C:\Documents and Settings\helen\Application Data\Adobe
2008-07-11 15:39:05 0 d-------- C:\Documents and Settings\helen\Application Data\acccore
2008-07-10 19:30:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-07-10 19:30:21 0 d-------- C:\Documents and Settings\helen\Application Data\GTek
2008-07-10 18:32:03 0 d-------- C:\Documents and Settings\helen\Application Data\Mozilla
2008-07-09 22:26:49 0 d---s---- C:\Documents and Settings\helen\Temporary Internet Files
2008-07-09 22:26:49 0 d---s---- C:\Documents and Settings\helen\History
2008-07-09 22:24:24 0 dr------- C:\Documents and Settings\helen\Favorites
2008-07-09 22:24:24 0 d-------- C:\Documents and Settings\helen\Desktop
2008-07-09 22:24:24 0 d---s---- C:\Documents and Settings\helen\Cookies
2008-07-09 22:24:24 0 dr-h----- C:\Documents and Settings\helen\Application Data
2008-07-09 22:24:24 0 d-------- C:\Documents and Settings\helen\Application Data\Intuit
2008-07-09 22:24:24 0 d-------- C:\Documents and Settings\helen\Application Data\Identities
2008-07-09 22:24:23 0 d--h----- C:\Documents and Settings\helen\Templates
2008-07-09 22:24:23 0 dr------- C:\Documents and Settings\helen\Start Menu
2008-07-09 22:24:23 0 dr-h----- C:\Documents and Settings\helen\SendTo
2008-07-09 22:24:23 0 dr-h----- C:\Documents and Settings\helen\Recent
2008-07-09 22:24:23 0 d--h----- C:\Documents and Settings\helen\PrintHood
2008-07-09 22:24:23 1572864 --ah----- C:\Documents and Settings\helen\NTUSER.DAT
2008-07-09 22:24:23 0 d--h----- C:\Documents and Settings\helen\NetHood
2008-07-09 22:24:23 0 dr------- C:\Documents and Settings\helen\My Documents
2008-07-09 22:24:23 0 d--h----- C:\Documents and Settings\helen\Local Settings
2008-06-29 18:27:05 0 d-------- C:\Documents and Settings\HelenY\Application Data\CyberLink
2008-06-29 18:27:02 0 d-------- C:\Documents and Settings\HelenY\Application Data\HP
2008-06-29 16:38:48 0 d-------- C:\Documents and Settings\HelenY\Application Data\GRETECH
2008-06-28 06:33:23 0 d-------- C:\Documents and Settings\HelenY\Application Data\Sony Ericsson
2008-06-27 17:32:54 0 d-------- C:\Documents and Settings\HelenY\Application Data\Sun
2008-06-27 15:52:50 0 d-------- C:\Documents and Settings\HelenY\Application Data\Teleca
2008-06-27 15:21:06 0 d-------- C:\Documents and Settings\HelenY\Application Data\Leadertech
2008-06-19 16:57:50 0 d-------- C:\Documents and Settings\HelenY\Contacts
2008-06-16 20:33:37 0 d-------- C:\Documents and Settings\HelenY\Application Data\AdobeUM


-- Find3M Report ---------------------------------------------------------------

2008-07-14 19:49:01 0 d-------- C:\Program Files\Sony Ericsson
2008-07-14 19:47:49 0 d-------- C:\Program Files\QuickTime
2008-07-14 19:47:15 0 d-------- C:\Program Files\Apple Software Update
2008-07-14 19:44:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 16:19:34 0 d-------- C:\Program Files\Java
2008-07-11 16:02:09 0 d-------- C:\Program Files\Google
2008-07-10 19:47:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-10 19:47:13 0 d-------- C:\Program Files\Symantec
2008-07-10 19:43:57 0 d-------- C:\Program Files\Quicken
2008-07-10 19:43:54 0 d-------- C:\Program Files\Common Files
2008-07-09 22:36:09 0 d-------- C:\Program Files\HP Pavilion Webcam Demo
2008-07-09 22:16:25 0 d-------- C:\Program Files\HPQ
2008-07-09 21:35:35 0 d-------- C:\Program Files\Windows NT
2008-07-09 21:30:40 0 d-------- C:\Program Files\Quickensetup
2008-07-09 21:30:09 0 d-------- C:\Program Files\Online Services
2008-07-09 21:28:11 0 d-------- C:\Program Files\music_now
2008-07-09 21:28:11 0 d-------- C:\Program Files\MSN Encarta Plus
2008-07-09 21:28:08 0 d-------- C:\Program Files\Movie Maker
2008-07-09 21:28:07 0 d-------- C:\Program Files\Microsoft Works
2008-07-09 21:27:24 0 d-------- C:\Program Files\Microsoft Office Trial Wizard
2008-07-09 21:26:59 0 d-------- C:\Program Files\Microsoft Money 2006
2008-07-09 21:26:41 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-09 21:26:41 0 d-------- C:\Program Files\Messenger
2008-07-09 21:26:14 0 d-------- C:\Program Files\HP Rhapsody
2008-07-09 21:24:56 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-09 21:24:28 0 d-------- C:\Program Files\CONEXANT
2008-07-09 21:24:00 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-07-09 21:24:00 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-07-09 21:23:17 0 d-------- C:\Program Files\Common Files\LightScribe
2008-07-05 07:23:25 0 d-------- C:\Program Files\Yahoo!
2008-06-27 15:37:47 0 d-------- C:\Program Files\Canon
2008-06-14 18:57:04 0 d-------- C:\Program Files\Trend Micro
2008-06-14 18:32:21 1927 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [02/14/2006 07:49 PM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [03/23/2006 08:45 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/23/2006 05:17 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/23/2006 05:13 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/23/2006 05:17 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/03/2006 10:46 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [04/11/2006 09:54 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/16/2006 02:42 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [01/26/2006 04:18 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 10:23 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 08:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [11/20/2007 03:02 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [12/14/2006 1:04:01 PM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [9/24/2005 10:39:30 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 12:40:46 PM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b2d6222-4fae-11dd-b2d8-0016d3041248}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-16 23:04:59 ------------

#8 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:05:40 PM

Posted 18 July 2008 - 12:41 PM

Hey ayoboo,
Sorry for the delays here, sometimes the wires get crossed :thumbsup:
My name is Harry, and I have been watching this thread as part of our training program here at BC. I would like to jump in for a bit and see if we can get you straightened out.

Please re-state your problem, along with any information you have that has not been posted yet.
You stated that the machine was re-formatted, I need to know how you did this and if you migrated any of your old information back to the machine?

Once again, sorry for the delays.

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#9 ayoboo

ayoboo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 PM

Posted 18 July 2008 - 08:10 PM

Hi Harry!

My initial problem is stated in the first post. Recently I bought a new router (linksys) because my belkim router fried I suppose. I got it working for the first week or so and then it completely wouldn't let me connect. So I decided to formant my computer again by clicking on Pc Recovery which is install in my pavillion laptop but reformating didn't help. But it is fix now. How, I'm still not quite sure because all i did was update my wireless drivers and fool around on the routers IP address again. My problem is that I feel my laptop is still not clean and every time I turn on my laptop it would ask me to install uncdms.dll because windowsSearch cannot be located. I heard this is some kind of virus?Hm I'm not sure if any old information was migrated but I believe some programs were left untouch or still appears on my laptop but cannot be used. However, I just delete them.

#10 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:05:40 PM

Posted 18 July 2008 - 10:06 PM

Ok ayoboo,
Lets take a look at things a bit differently. This scan will show me whats going on in there, it creates a large log and may take some time to review.

Please download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      File - Purity Scan
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Allow the program to complete its run, this may take a couple of minutes
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
This report will be quite large, you may have to split it into multiple posts in order for the whole log to be posted.

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#11 ayoboo

ayoboo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 PM

Posted 19 July 2008 - 10:12 AM

that was a quick check! It didn't even take a minute. here is the log

OTScanIt logfile created on: 7/19/2008 11:10:30 AM
OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Documents and Settings\helen\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.04 Mb Total Physical Memory | 609.34 Mb Available Physical Memory | 60.09% Memory free
2.38 Gb Paging File | 2.08 Gb Available in Paging File | 87.30% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.55 Gb Total Space | 81.74 Gb Free Space | 80.49% Space Free | Partition Type: NTFS
Drive D: | 9.21 Gb Total Space | 1.23 Gb Free Space | 13.34% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HELEN
Current User Name: helen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.74.1 | Size = 73728 bytes | Modified Date = 2/17/2006 3:26:32 PM | Attr =	]
hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 6 | Size = 98304 bytes | Modified Date = 1/10/2006 12:23:56 PM | Attr =	]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 5, 1 | Size = 454656 bytes | Modified Date = 2/14/2006 7:49:22 PM | Attr =	]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/23/2006 5:13:40 AM | Attr =	]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/23/2006 5:17:50 AM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.16.4 03Mar06 | Size = 761948 bytes | Modified Date = 3/3/2006 10:46:48 PM | Attr =	]
qpservice.exe -> %ProgramFiles%\Hp\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 4/11/2006 9:54:16 PM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr =	]
qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ->  Hewlett-Packard Development Company, L.P. [Ver = 6, 0, 4, 1 | Size = 131072 bytes | Modified Date = 2/16/2006 2:42:08 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]
sepcsuite.exe -> %ProgramFiles%\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe -> Sony Ericsson Mobile Communications AB [Ver = 3.10 | Size = 356352 bytes | Modified Date = 11/20/2007 3:02:18 PM | Attr =	]
tsnp2std.exe -> %ProgramFiles%\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe ->  [Ver = 1, 1, 2, 4 | Size = 98304 bytes | Modified Date = 3/30/2006 2:51:04 PM | Attr =	]
hpqimzone.exe -> %ProgramFiles%\Hp\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Development Company, L.P. [Ver = 060.000.155.000 | Size = 475136 bytes | Modified Date = 9/24/2005 9:42:32 AM | Attr =	]
hpqtoa~1.exe -> %ProgramFiles%\HPQ\Shared\HpqToaster.exe ->  [Ver = 1, 0, 0, 7 | Size = 491606 bytes | Modified Date = 12/23/2005 9:44:26 PM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.16: 2008070205 | Size = 7667312 bytes | Modified Date = 7/16/2008 8:59:01 PM | Attr =	]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 9:15:06 AM | Attr =	]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 10:16:08 AM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 7/11/2008 4:02:06 PM | Attr =	]
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 6 | Size = 98304 bytes | Modified Date = 1/10/2006 12:23:56 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.74.1 | Size = 73728 bytes | Modified Date = 2/17/2006 3:26:32 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 10:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 8:07:44 AM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 10:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 10:51:58 PM | Attr =	]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 10:51:54 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 10:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.19.0 built by: WinDDK | Size = 157696 bytes | Modified Date = 11/3/2005 1:31:38 AM | Attr =	]
(eabfiltr) eabfiltr [Kernel | System | Running] -> %SystemRoot%\system32\drivers\eabfiltr.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.02 | Size = 7808 bytes | Modified Date = 9/19/2005 1:23:52 PM | Attr =	]
(eabusb) eabusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EabUsb.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.02 | Size = 5760 bytes | Modified Date = 9/19/2005 1:24:20 PM | Attr =	]
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\CPQBttn.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.02 | Size = 9344 bytes | Modified Date = 9/19/2005 1:24:10 PM | Attr =	]
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\CHDAud.sys -> Conexant Systems Inc. [Ver = 3.18.0.0 built by: WinDDK | Size = 566272 bytes | Modified Date = 3/23/2006 8:45:42 AM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr =	]
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.33.00 built by: WinDDK | Size = 201600 bytes | Modified Date = 8/22/2005 8:06:16 AM | Attr =	]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.33.00 built by: WinDDK | Size = 1035008 bytes | Modified Date = 8/22/2005 8:07:00 AM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4543 | Size = 1166972 bytes | Modified Date = 3/23/2006 5:47:06 AM | Attr =	]
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> Intel Corporation [Ver = 5.5.0.1035 | Size = 874240 bytes | Modified Date = 10/13/2005 2:07:12 AM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.011 | Size = 12672 bytes | Modified Date = 2/15/2006 3:57:46 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 10:52:12 PM | Attr =	]
(NETw3x32) Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NETw3x32.sys -> Intel® Corporation [Ver = 10, 5, 1, 75 | Size = 1711488 bytes | Modified Date = 12/11/2006 11:05:26 AM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/7/2007 4:51:00 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 10:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 10:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 10:52:18 PM | Attr =	]
(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> REDC [Ver = 1.0.0.9 | Size = 28928 bytes | Modified Date = 11/16/2005 8:28:32 PM | Attr =	]
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> REDC [Ver = 1.00.02.05 | Size = 51840 bytes | Modified Date = 12/22/2005 5:02:22 PM | Attr =	]
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rixdptsk.sys -> REDC [Ver = 1.00.02.08 | Size = 308992 bytes | Modified Date = 11/1/2005 6:08:00 PM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 11:31:34 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 8:07:44 AM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 11:07:44 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 11:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 11:07:36 PM | Attr =	]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 11:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 11:07:42 PM | Attr =	]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.16.4 03Mar06 | Size = 192736 bytes | Modified Date = 3/3/2006 10:31:48 PM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 10:52:22 PM | Attr =	]
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w39n51.sys -> Intel® Corporation [Ver = 10010-15 Driver | Size = 1428480 bytes | Modified Date = 3/14/2006 11:02:54 AM | Attr =	]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.33.00 built by: WinDDK | Size = 718464 bytes | Modified Date = 8/22/2005 8:06:10 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe [C:\Program Files\HPQ\Default Settings\cpqset.exe] ->  [Ver =  | Size = 40960 bytes | Modified Date = 1/26/2006 4:18:36 PM | Attr =	]
High Definition Audio Property Page Shortcut -> %SystemRoot%\system32\CHDAudPropShortcut.exe [CHDAudPropShortcut.exe] -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5010 built by: WinDDK | Size = 61952 bytes | Modified Date = 3/23/2006 8:45:54 AM | Attr =	]
HP Software Update -> %ProgramFiles%\Hp\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr =	]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 5, 1 | Size = 454656 bytes | Modified Date = 2/14/2006 7:49:22 PM | Attr =	]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/23/2006 5:13:40 AM | Attr =	]
igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/23/2006 5:17:50 AM | Attr =	]
igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 3/23/2006 5:17:04 AM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr =	]
QlbCtrl -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] ->  Hewlett-Packard Development Company, L.P. [Ver = 6, 0, 4, 1 | Size = 131072 bytes | Modified Date = 2/16/2006 2:42:08 PM | Attr =	]
QPService -> %ProgramFiles%\Hp\QuickPlay\QPService.exe ["C:\Program Files\HP\QuickPlay\QPService.exe"] -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 4/11/2006 9:54:16 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 10/19/2007 8:16:26 PM | Attr =	]
RecGuard -> %SystemRoot%\SMINST\Recguard.exe [C:\Windows\SMINST\RecGuard.exe] ->  [Ver = 6, 0, 66, 5 | Size = 1187840 bytes | Modified Date = 10/11/2005 10:23:50 AM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.16.4 03Mar06 | Size = 761948 bytes | Modified Date = 3/3/2006 10:46:48 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Aim6 ->  [] -> File not found
Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe ["C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon] -> Sony Ericsson Mobile Communications AB [Ver = 3.10 | Size = 356352 bytes | Modified Date = 11/20/2007 3:02:18 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk -> %ProgramFiles%\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe ->  [Ver = 1, 1, 2, 4 | Size = 98304 bytes | Modified Date = 3/30/2006 2:51:04 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk -> %ProgramFiles%\Hp\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 060.000.155.000 | Size = 73728 bytes | Modified Date = 9/24/2005 10:39:30 AM | Attr =	]
< helen Startup Folder > -> C:\Documents and Settings\helen\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4543 | Size = 139264 bytes | Modified Date = 3/23/2006 5:12:42 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRAM_GMA-4082N_______________HQ04____\304b363149353233343020302020202020202020 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] ->  [Ver =  | Size = 0 bytes | Modified Date = 7/27/2001 10:07:38 PM | Attr =  HS]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q306&bd=pavilion&pf=laptop -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 2:17:44 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{26FA668C-74E1-4D36-85D9-3FC5D3E29B1E} ->	() -> 
{714F1FDB-B2F6-45D0-AAE0-D06C66D0C138} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{8233A422-1EE5-4C44-8007-DA5E7C91B53C} ->	(1394 Net Adapter) -> 
{F3A9CADD-F7B1-47B3-8F42-F124CE3E4821} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 294400 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 956 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> ED 44 79 29 CE BD 70 64 63 F1 B0 D2 8B 7E FE 46 30 62 66 34 30 31 36 34 00 00 00 00 B8 2D 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 97 96 35 66 82 9E F4 D4 31 09 F8 0B  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 16 63 51 B2 7F D2 44 D3 0A  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> D0 68 AB 72 E0 19  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 16 AB B8 F9 EC E8 53 64 C2 CA E1 F2 1D 7B BB 51  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 70 98 85 FF 85 8D C6 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 88 48 01 66 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 88 48 01 66 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 88 48 01 66 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 264 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> %ProgramFiles%\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe -> %ProgramFiles%\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe [C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0] -> Sony Creative Software Inc. [Ver = 1.0.0.330 | Size = 1275136 bytes | Modified Date = 7/27/2007 12:59:42 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 7/18/2008 10:24:57 PM | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 7/11/2008 3:53:14 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063374848 bytes | Created Date = 7/9/2008 10:12:01 PM | Attr =  HS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 7/4/2008 11:28:09 AM | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 7/4/2008 11:28:09 AM | Attr =  H ]
103C_HP_NTBK_Pavilion dv2000 (EZ717UA#ABA)_YN_0Pavi_Q2CE6230M2G_E412558001_46_I30B2_SHP_V61.37_BF.05_T060511_WXH2_L409_M1015_J120_7Intel_8T2050_91.6_#060611_N80861092_(EZ717UA#ABA)_XMOBILE_CN10_Z_2_G808627A2.MRK -> %SystemRoot%\System32\drivers\103C_HP_NTBK_Pavilion dv2000 (EZ717UA#ABA)_YN_0Pavi_Q2CE6230M2G_E412558001_46_I30B2_SHP_V61.37_BF.05_T060511_WXH2_L409_M1015_J120_7Intel_8T2050_91.6_#060611_N80861092_(EZ717UA#ABA)_XMOBILE_CN10_Z_2_G808627A2.MRK ->  [Ver =  | Size = 1784 bytes | Created Date = 7/9/2008 10:24:51 PM | Attr = RHS]
cdr4_xp.sys -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 9336 bytes | Created Date = 7/19/2008 10:57:28 AM | Attr =	]
cdralw2k.sys -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 9464 bytes | Created Date = 7/19/2008 10:57:28 AM | Attr =	]
NETw3x32.sys -> %SystemRoot%\System32\drivers\NETw3x32.sys -> Intel® Corporation [Ver = 10, 5, 1, 75 | Size = 1711488 bytes | Created Date = 7/11/2008 6:03:23 PM | Attr =	]
c_10004.nls -> %SystemRoot%\System32\c_10004.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 7/9/2008 10:17:06 PM | Attr =	]
c_10005.nls -> %SystemRoot%\System32\c_10005.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 7/9/2008 10:17:06 PM | Attr =	]
c_10021.nls -> %SystemRoot%\System32\c_10021.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 7/9/2008 10:17:05 PM | Attr =	]
C_28596.NLS -> %SystemRoot%\System32\C_28596.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 7/9/2008 10:17:06 PM | Attr =	]
c_708.nls -> %SystemRoot%\System32\c_708.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 7/9/2008 10:17:06 PM | Attr =	]
c_720.nls -> %SystemRoot%\System32\c_720.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 7/9/2008 10:17:06 PM | Attr =	]
c_862.nls -> %SystemRoot%\System32\c_862.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 7/9/2008 10:17:06 PM | Attr =	]
c_864.nls -> %SystemRoot%\System32\c_864.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 7/9/2008 10:17:06 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/11/2008 4:19:34 PM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Created Date = 7/11/2008 4:19:34 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/11/2008 4:19:34 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 7/11/2008 4:19:34 PM | Attr =	]
NETw3c32.dll -> %SystemRoot%\System32\NETw3c32.dll -> Intel Corporation [Ver = 10. 5. 1. 3 | Size = 561152 bytes | Created Date = 7/11/2008 6:03:23 PM | Attr =	]
NETw3r32.dll -> %SystemRoot%\System32\NETw3r32.dll -> Intel Corporation [Ver = 10. 5. 1. 3 | Size = 2732032 bytes | Created Date = 7/11/2008 6:03:23 PM | Attr =	]
OEMINFO.PNF -> %SystemRoot%\System32\OEMINFO.PNF ->  [Ver =  | Size = 43452 bytes | Created Date = 7/10/2008 7:30:24 PM | Attr =	]
PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Created Date = 7/13/2008 1:28:03 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
pxafs.dll -> %SystemRoot%\System32\pxafs.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 129784 bytes | Created Date = 7/19/2008 10:57:28 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution ->  [Folder | Created Date = 7/13/2008 8:21:53 AM | Attr =	]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Created Date = 7/11/2008 11:48:11 PM | Attr =  H ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 7/11/2008 3:53:31 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 7/14/2008 8:08:26 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 7/14/2008 8:08:26 PM | Attr =  H ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Created Date = 7/14/2008 7:47:17 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Created Date = 7/14/2008 7:47:14 PM | Attr =	]
BVRP Software -> %AllUsersProfile%\Application Data\BVRP Software ->  [Folder | Created Date = 7/14/2008 7:44:55 PM | Attr =	]
Gtek -> %AllUsersProfile%\Application Data\Gtek ->  [Folder | Created Date = 7/10/2008 7:30:24 PM | Attr =	]
Sony -> %AllUsersProfile%\Application Data\Sony ->  [Folder | Created Date = 7/14/2008 8:08:17 PM | Attr =	]
acccore -> %AppData%\acccore ->  [Folder | Created Date = 7/11/2008 3:39:05 PM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Created Date = 7/11/2008 3:40:30 PM | Attr =	]
AdobeUM -> %AppData%\AdobeUM ->  [Folder | Created Date = 7/19/2008 10:03:11 AM | Attr =	]
Audacity -> %AppData%\Audacity ->  [Folder | Created Date = 7/14/2008 7:45:33 PM | Attr =	]
desktop.ini -> %AppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 7/9/2008 10:24:29 PM | Attr =  HS]
GTek -> %AppData%\GTek ->  [Folder | Created Date = 7/10/2008 7:30:21 PM | Attr =	]
Identities -> %AppData%\Identities ->  [Folder | Created Date = 7/9/2008 10:24:24 PM | Attr =	]
InstallShield -> %AppData%\InstallShield ->  [Folder | Created Date = 7/14/2008 7:43:38 PM | Attr =	]
Intuit -> %AppData%\Intuit ->  [Folder | Created Date = 7/9/2008 10:24:24 PM | Attr =	]
Leadertech -> %AppData%\Leadertech ->  [Folder | Created Date = 7/12/2008 11:17:06 AM | Attr =	]
Macromedia -> %AppData%\Macromedia ->  [Folder | Created Date = 7/11/2008 6:02:44 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Created Date = 7/9/2008 10:24:24 PM | Attr =   S]
Mozilla -> %AppData%\Mozilla ->  [Folder | Created Date = 7/10/2008 6:32:03 PM | Attr =	]
Sony -> %AppData%\Sony ->  [Folder | Created Date = 7/14/2008 8:08:17 PM | Attr =	]
Sun -> %AppData%\Sun ->  [Folder | Created Date = 7/11/2008 4:01:53 PM | Attr =	]
U3 -> %AppData%\U3 ->  [Folder | Created Date = 7/11/2008 6:02:21 PM | Attr =	]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Created Date = 7/19/2008 10:03:11 AM | Attr =	]
AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP ->  [Folder | Created Date = 7/11/2008 3:38:51 PM | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Created Date = 7/14/2008 7:47:17 PM | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Created Date = 7/14/2008 7:46:51 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Created Date = 7/9/2008 10:24:24 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 5120 bytes | Created Date = 7/11/2008 11:39:50 PM | Attr =	]
fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat ->  [Ver =  | Size = 128 bytes | Created Date = 7/9/2008 10:24:26 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 64568 bytes | Created Date = 7/9/2008 10:24:26 PM | Attr =	]
Google -> %UserProfile%\Local Settings\Application Data\Google ->  [Folder | Created Date = 7/9/2008 10:24:24 PM | Attr =	]
HP -> %UserProfile%\Local Settings\Application Data\HP ->  [Folder | Created Date = 7/9/2008 10:24:24 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4842788 bytes | Created Date = 7/9/2008 10:24:25 PM | Attr =  H ]
IsolatedStorage -> %UserProfile%\Local Settings\Application Data\IsolatedStorage ->  [Folder | Created Date = 7/9/2008 10:24:24 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Created Date = 7/9/2008 10:24:23 PM | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Created Date = 7/10/2008 6:32:03 PM | Attr =	]
Sony -> %UserProfile%\Local Settings\Application Data\Sony ->  [Folder | Created Date = 7/14/2008 7:57:01 PM | Attr =	]
Sony Ericsson -> %UserProfile%\Local Settings\Application Data\Sony Ericsson ->  [Folder | Created Date = 7/14/2008 7:58:40 PM | Attr =	]
{3248F0A6-6813-11D6-A77B-00B0D0150060} -> %UserProfile%\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} ->  [Folder | Created Date = 7/9/2008 10:24:23 PM | Attr =	]
desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 76 bytes | Created Date = 7/9/2008 10:24:25 PM | Attr =  HS]
My DVDs -> %UserProfile%\My Documents\My DVDs ->  [Folder | Created Date = 7/12/2008 11:17:00 AM | Attr =   S]
My eBooks -> %UserProfile%\My Documents\My eBooks ->  [Folder | Created Date = 7/19/2008 10:02:06 AM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Created Date = 7/9/2008 10:24:23 PM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Created Date = 7/9/2008 10:24:23 PM | Attr = R  ]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Created Date = 7/9/2008 10:24:23 PM | Attr = R  ]
Other -> %UserProfile%\My Documents\Other ->  [Folder | Created Date = 7/11/2008 11:39:41 PM | Attr =	]
Personal -> %UserProfile%\My Documents\Personal ->  [Folder | Created Date = 7/11/2008 11:39:18 PM | Attr =	]
Phone Backup -> %UserProfile%\My Documents\Phone Backup ->  [Folder | Created Date = 7/14/2008 8:28:23 PM | Attr =	]
Recipes -> %UserProfile%\My Documents\Recipes ->  [Folder | Created Date = 7/11/2008 11:39:18 PM | Attr =	]
School Work -> %UserProfile%\My Documents\School Work ->  [Folder | Created Date = 7/11/2008 11:39:19 PM | Attr =	]
Tutorials -> %UserProfile%\My Documents\Tutorials ->  [Folder | Created Date = 7/11/2008 11:39:27 PM | Attr =	]
Vaughn -> %UserProfile%\My Documents\Vaughn ->  [Folder | Created Date = 7/11/2008 11:39:30 PM | Attr =	]
WRT54G2_V10_UG_NC.pdf -> %UserProfile%\My Documents\WRT54G2_V10_UG_NC.pdf ->  [Ver =  | Size = 15190627 bytes | Created Date = 7/11/2008 11:39:29 PM | Attr =	]
Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk ->  [Ver =  | Size = 851 bytes | Created Date = 7/11/2008 4:05:17 PM | Attr =	]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Created Date = 7/14/2008 7:47:49 PM | Attr =	]
Sony Ericsson Media Manager 1.0.lnk -> %AllUsersProfile%\Desktop\Sony Ericsson Media Manager 1.0.lnk ->  [Ver =  | Size = 1871 bytes | Created Date = 7/14/2008 7:49:13 PM | Attr =	]
Yahoo! Mail.lnk -> %AllUsersProfile%\Desktop\Yahoo! Mail.lnk ->  [Ver =  | Size = 1535 bytes | Created Date = 7/5/2008 7:23:35 AM | Attr =	]
Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk ->  [Ver =  | Size = 812 bytes | Created Date = 7/5/2008 7:23:07 AM | Attr =	]
ZoomBrowser EX.lnk -> %AllUsersProfile%\Desktop\ZoomBrowser EX.lnk ->  [Ver =  | Size = 2557 bytes | Created Date = 6/27/2008 3:33:11 PM | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 7/11/2008 3:48:36 PM | Attr =	]
helen.exe -> %UserProfile%\Desktop\helen.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 7/11/2008 3:56:42 PM | Attr =	]
Help and Support.lnk -> %UserProfile%\Desktop\Help and Support.lnk ->  [Ver =  | Size = 992 bytes | Created Date = 7/9/2008 10:24:27 PM | Attr =	]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 7/11/2008 3:52:27 PM | Attr =	]
jxpiinstall.exe -> %UserProfile%\Desktop\jxpiinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 382352 bytes | Created Date = 7/11/2008 4:17:37 PM | Attr =	]
lame_enc.dll -> %UserProfile%\Desktop\lame_enc.dll ->  [Ver =  | Size = 303104 bytes | Created Date = 7/14/2008 7:51:47 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 7/19/2008 11:07:07 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Created Date = 7/19/2008 11:06:53 AM | Attr =	]
sp34489.exe -> %UserProfile%\Desktop\sp34489.exe -> Hewlett-Packard Company									  [Ver =															  | Size = 6132456 bytes | Created Date = 7/11/2008 6:03:05 PM | Attr =	]
winamp554_full_emusic-7plus_en-us.exe -> %UserProfile%\Desktop\winamp554_full_emusic-7plus_en-us.exe -> Nullsoft, Inc. [Ver = 5.5.4.2147 | Size = 9032208 bytes | Created Date = 7/19/2008 10:56:14 AM | Attr =	]
Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk ->  [Ver =  | Size = 786 bytes | Created Date = 7/12/2008 7:04:44 PM | Attr =	]
HP Pavilion Webcam Tray Icon.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk ->  [Ver =  | Size = 818 bytes | Created Date = 7/9/2008 10:35:41 PM | Attr =	]
desktop.ini -> %UserProfile%\Start Menu\Programs\StartUp\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 7/9/2008 10:24:24 PM | Attr =  HS]
Audacity 1.3 Beta (Unicode) -> %ProgramFiles%\Audacity 1.3 Beta (Unicode) ->  [Folder | Created Date = 7/12/2008 7:34:00 PM | Attr =	]
Avanquest update -> %ProgramFiles%\Avanquest update ->  [Folder | Created Date = 7/14/2008 7:44:55 PM | Attr =	]
MetaStream -> %ProgramFiles%\MetaStream ->  [Folder | Created Date = 7/13/2008 9:09:04 AM | Attr =	]
Sun -> %ProgramFiles%\Sun ->  [Folder | Created Date = 7/11/2008 4:05:17 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 7/9/2008 10:22:32 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 7/19/2008 9:21:13 AM | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 7/11/2008 3:53:14 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 7/9/2008 10:24:22 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063374848 bytes | Modified Date = 7/19/2008 9:21:14 AM | Attr =  HS]
hp -> %SystemDrive%\hp ->  [Folder | Modified Date = 7/9/2008 10:26:45 PM | Attr =	]
hpqp.ini -> %SystemDrive%\hpqp.ini ->  [Ver =  | Size = 1401 bytes | Modified Date = 7/19/2008 9:21:23 AM | Attr =	]
I386 -> %SystemDrive%\I386 ->  [Folder | Modified Date = 7/9/2008 9:21:46 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 7/14/2008 7:44:55 PM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 7/10/2008 7:49:28 PM | Attr =  HS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 7/4/2008 11:28:09 AM | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/4/2008 11:28:09 AM | Attr =  H ]
SwSetup -> %SystemDrive%\SwSetup ->  [Folder | Modified Date = 7/11/2008 6:03:21 PM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 7/9/2008 10:22:45 PM | Attr =  HS]
system.sav -> %SystemDrive%\system.sav ->  [Folder | Modified Date = 7/9/2008 10:36:57 PM | Attr =  H ]
vongo -> %SystemDrive%\vongo ->  [Folder | Modified Date = 7/9/2008 9:45:54 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 7/19/2008 9:21:25 AM | Attr =	]
XP_TV.ini -> %SystemDrive%\XP_TV.ini ->  [Ver =  | Size = 39 bytes | Modified Date = 7/19/2008 9:21:21 AM | Attr =	]
103C_HP_NTBK_Pavilion dv2000 (EZ717UA#ABA)_YN_0Pavi_Q2CE6230M2G_E412558001_46_I30B2_SHP_V61.37_BF.05_T060511_WXH2_L409_M1015_J120_7Intel_8T2050_91.6_#060611_N80861092_(EZ717UA#ABA)_XMOBILE_CN10_Z_2_G808627A2.MRK -> %SystemRoot%\System32\drivers\103C_HP_NTBK_Pavilion dv2000 (EZ717UA#ABA)_YN_0Pavi_Q2CE6230M2G_E412558001_46_I30B2_SHP_V61.37_BF.05_T060511_WXH2_L409_M1015_J120_7Intel_8T2050_91.6_#060611_N80861092_(EZ717UA#ABA)_XMOBILE_CN10_Z_2_G808627A2.MRK ->  [Ver =  | Size = 1784 bytes | Modified Date = 7/9/2008 10:26:13 PM | Attr = RHS]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 7/9/2008 9:52:45 PM | Attr =	]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 38337 bytes | Modified Date = 7/9/2008 10:22:40 PM | Attr =	]
1033 -> %SystemRoot%\System32\1033 ->  [Folder | Modified Date = 7/9/2008 9:52:04 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 7/9/2008 9:52:06 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 7/19/2008 9:21:26 AM | Attr =	]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 7/9/2008 9:52:17 PM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 7/9/2008 9:52:26 PM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 7/9/2008 9:52:34 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 7/18/2008 10:25:41 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 7/19/2008 10:57:28 AM | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 7/14/2008 7:44:45 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 253472 bytes | Modified Date = 7/9/2008 10:24:10 PM | Attr =	]
ias -> %SystemRoot%\System32\ias ->  [Folder | Modified Date = 7/9/2008 9:53:07 PM | Attr =	]
icsxml -> %SystemRoot%\System32\icsxml ->  [Folder | Modified Date = 7/9/2008 9:53:07 PM | Attr =	]
IME -> %SystemRoot%\System32\IME ->  [Folder | Modified Date = 7/9/2008 9:53:10 PM | Attr =	]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 7/9/2008 9:53:17 PM | Attr =	]
Microsoft -> %SystemRoot%\System32\Microsoft ->  [Folder | Modified Date = 7/9/2008 9:53:21 PM | Attr =   S]
MsDtc -> %SystemRoot%\System32\MsDtc ->  [Folder | Modified Date = 7/9/2008 9:53:27 PM | Attr =	]
mui -> %SystemRoot%\System32\mui ->  [Folder | Modified Date = 7/9/2008 9:53:36 PM | Attr =	]
npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 7/9/2008 9:53:37 PM | Attr =	]
OEMINFO.PNF -> %SystemRoot%\System32\OEMINFO.PNF ->  [Ver =  | Size = 43452 bytes | Modified Date = 7/10/2008 7:30:24 PM | Attr =	]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 7/9/2008 9:53:49 PM | Attr =	]
pcintro -> %SystemRoot%\System32\pcintro ->  [Folder | Modified Date = 7/9/2008 10:26:40 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 53166 bytes | Modified Date = 7/12/2008 8:16:55 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 380918 bytes | Modified Date = 7/12/2008 8:16:55 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 439376 bytes | Modified Date = 7/12/2008 8:16:55 AM | Attr =	]
PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Modified Date = 7/13/2008 1:28:03 PM | Attr =	]
ras -> %SystemRoot%\System32\ras ->  [Folder | Modified Date = 7/9/2008 9:54:04 PM | Attr =	]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 7/11/2008 6:03:26 PM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 7/9/2008 9:54:12 PM | Attr =	]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 7/9/2008 9:54:13 PM | Attr =	]
SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution ->  [Folder | Modified Date = 7/13/2008 8:21:53 AM | Attr =	]
spool -> %SystemRoot%\System32\spool ->  [Folder | Modified Date = 7/9/2008 9:54:21 PM | Attr =	]
URTTemp -> %SystemRoot%\System32\URTTemp ->  [Folder | Modified Date = 7/9/2008 9:54:24 PM | Attr =	]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 7/9/2008 9:54:25 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 7/9/2008 9:54:38 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 7/15/2008 10:22:14 PM | Attr =	]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 7/11/2008 11:48:13 PM | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 7/9/2008 9:46:50 PM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 7/9/2008 9:46:50 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 7/19/2008 9:21:17 AM | Attr =   S]
CREATOR -> %SystemRoot%\CREATOR ->  [Folder | Modified Date = 7/9/2008 9:47:12 PM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 7/9/2008 9:47:14 PM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 7/9/2008 9:47:14 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 7/11/2008 4:05:26 PM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 7/11/2008 3:53:31 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 7/9/2008 9:47:39 PM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 7/13/2008 8:21:59 AM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 7/9/2008 9:48:33 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 7/18/2008 10:25:37 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 7/18/2008 10:25:42 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 7/18/2008 10:25:18 PM | Attr =  HS]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 7/9/2008 9:49:47 PM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 7/9/2008 9:50:01 PM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 7/9/2008 9:50:08 PM | Attr = R  ]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 7/9/2008 9:51:37 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 7/19/2008 11:07:09 AM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 7/14/2008 8:08:26 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 7/17/2008 9:11:18 PM | Attr =  H ]
QUICKEN.INI -> %SystemRoot%\QUICKEN.INI ->  [Ver =  | Size = 31 bytes | Modified Date = 7/10/2008 7:43:53 PM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 7/9/2008 10:20:45 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Modified Date = 7/9/2008 9:51:56 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 7/14/2008 7:56:25 PM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 7/9/2008 9:52:00 PM | Attr =	]
SMINST -> %SystemRoot%\SMINST ->  [Folder | Modified Date = 7/9/2008 9:52:01 PM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 7/13/2008 8:22:00 AM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 7/9/2008 9:52:04 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 7/9/2008 9:52:04 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 231 bytes | Modified Date = 7/9/2008 10:17:06 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 7/19/2008 10:57:28 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 7/14/2008 7:47:17 PM | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 7/19/2008 9:21:26 AM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 7/9/2008 9:54:50 PM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 7/9/2008 9:54:53 PM | Attr = R  ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 7/18/2008 10:23:42 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 7/19/2008 10:41:01 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 7/19/2008 9:21:18 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 7/9/2008 9:19:27 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 8034 bytes | Modified Date = 7/19/2008 9:22:07 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 8034 bytes | Modified Date = 7/19/2008 9:22:07 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 7/9/2008 9:19:28 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11146 bytes | Modified Date = 3/31/2007 5:55:50 PM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 4/7/2007 3:06:57 PM | Attr =	]
C:\Documents and Settings\helen\Local Settings\Temp\ -> C:\Documents and Settings\helen\Local Settings\Temp ->  [Folder | Modified Date = 7/19/2008 11:07:23 AM | Attr =	]
_is216.exe -> C:\Documents and Settings\helen\Local Settings\Temp\_is216.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 453768 bytes | Modified Date = 12/17/2007 12:21:09 AM | Attr = R  ]
_is295.exe -> C:\Documents and Settings\helen\Local Settings\Temp\_is295.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 453768 bytes | Modified Date = 12/17/2007 12:21:09 AM | Attr = R  ]
_isFB.exe -> C:\Documents and Settings\helen\Local Settings\Temp\_isFB.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 453768 bytes | Modified Date = 12/17/2007 12:21:09 AM | Attr = R  ]
5 C:\Documents and Settings\helen\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\helen\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\ -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries ->  [Folder | Modified Date = 7/11/2008 4:20:06 PM | Attr =	]
ScanningProcess.exe -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\ScanningProcess.exe -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 7/11/2008 4:02:53 PM | Attr =	]
36 C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\*.tmp files -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\*.tmp -> 
C:\Documents and Settings\helen\Local Settings\Temp\{38BC929D-A340-49E5-AEAA-117FCE633BDE}\ -> C:\Documents and Settings\helen\Local Settings\Temp\{38BC929D-A340-49E5-AEAA-117FCE633BDE} ->  [Folder | Modified Date = 7/12/2008 12:04:26 AM | Attr =	]
ISSetup.dll -> C:\Documents and Settings\helen\Local Settings\Temp\{38BC929D-A340-49E5-AEAA-117FCE633BDE}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58851 | Size = 492032 bytes | Modified Date = 4/5/2007 5:36:12 AM | Attr = R  ]
_Setup.dll -> C:\Documents and Settings\helen\Local Settings\Temp\{38BC929D-A340-49E5-AEAA-117FCE633BDE}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 164784 bytes | Modified Date = 5/17/2006 2:21:04 AM | Attr = R  ]
C:\Documents and Settings\helen\Local Settings\Temp\{42CB21FF-DEFD-4109-924D-11878DA15FAB}\ -> C:\Documents and Settings\helen\Local Settings\Temp\{42CB21FF-DEFD-4109-924D-11878DA15FAB} ->  [Folder | Modified Date = 7/14/2008 7:46:15 PM | Attr =	]
ISSetup.dll -> C:\Documents and Settings\helen\Local Settings\Temp\{42CB21FF-DEFD-4109-924D-11878DA15FAB}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58851 | Size = 492032 bytes | Modified Date = 4/5/2007 5:36:12 AM | Attr = R  ]
_Setup.dll -> C:\Documents and Settings\helen\Local Settings\Temp\{42CB21FF-DEFD-4109-924D-11878DA15FAB}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 164784 bytes | Modified Date = 5/17/2006 2:21:04 AM | Attr = R  ]
C:\Documents and Settings\helen\Local Settings\Temp\{E419BCBB-22AE-446D-925A-E4C3FDEE9954}\ -> C:\Documents and Settings\helen\Local Settings\Temp\{E419BCBB-22AE-446D-925A-E4C3FDEE9954} ->  [Folder | Modified Date = 7/11/2008 11:47:38 PM | Attr =	]
ISSetup.dll -> C:\Documents and Settings\helen\Local Settings\Temp\{E419BCBB-22AE-446D-925A-E4C3FDEE9954}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58851 | Size = 492032 bytes | Modified Date = 4/5/2007 5:36:12 AM | Attr = R  ]
_Setup.dll -> C:\Documents and Settings\helen\Local Settings\Temp\{E419BCBB-22AE-446D-925A-E4C3FDEE9954}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 164784 bytes | Modified Date = 5/17/2006 2:21:04 AM | Attr = R  ]
C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\ -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries ->  [Folder | Modified Date = 7/11/2008 4:20:06 PM | Attr =	]
FSSync.dll -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 7/11/2008 4:02:52 PM | Attr =	]
ikave.dll -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\ikave.dll ->  [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 7/11/2008 4:20:01 PM | Attr =	]
kave.dll -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 7/11/2008 4:02:53 PM | Attr =	]
kosglue-7.0.25.0.dll -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 7/11/2008 4:02:52 PM | Attr =	]
msvcm80.dll -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 7/11/2008 4:20:01 PM | Attr =	]
msvcp80.dll -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 7/11/2008 4:02:53 PM | Attr =	]
msvcr80.dll -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 7/11/2008 4:02:53 PM | Attr =	]
prLoader.dll -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 7/11/2008 4:02:53 PM | Attr =	]
prremote.dll -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 7/11/2008 4:20:01 PM | Attr =	]
36 C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\*.tmp files -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\*.tmp -> 
C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\engine\bases\ -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\engine\bases ->  [Folder | Modified Date = 7/11/2008 4:11:07 PM | Attr =	]
sfdb.dat -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\engine\bases\sfdb.dat ->  [Ver =  | Size = 1512 bytes | Modified Date = 7/11/2008 4:20:16 PM | Attr =	]
C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\ -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries ->  [Folder | Modified Date = 7/11/2008 4:20:06 PM | Attr =	]
_kave.ini -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\_kave.ini ->  [Ver =  | Size = 102 bytes | Modified Date = 7/11/2008 4:20:01 PM | Attr =	]
36 C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\*.tmp files -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\binaries\*.tmp -> 
C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\engine\bases\ -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\engine\bases ->  [Folder | Modified Date = 7/11/2008 4:11:07 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\helen\Local Settings\Temp\jkos-helen\engine\bases\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 7/11/2008 4:11:03 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Modified Date = 7/14/2008 7:47:14 PM | Attr =	]
BVRP Software -> %AllUsersProfile%\Application Data\BVRP Software ->  [Folder | Modified Date = 7/14/2008 7:44:55 PM | Attr =	]
Gtek -> %AllUsersProfile%\Application Data\Gtek ->  [Folder | Modified Date = 7/10/2008 7:30:24 PM | Attr =	]
Sonic -> %AllUsersProfile%\Application Data\Sonic ->  [Folder | Modified Date = 7/9/2008 9:19:28 PM | Attr =	]
Sony -> %AllUsersProfile%\Application Data\Sony ->  [Folder | Modified Date = 7/14/2008 8:08:17 PM | Attr =	]
Sony Ericsson -> %AllUsersProfile%\Application Data\Sony Ericsson ->  [Folder | Modified Date = 7/14/2008 7:41:15 PM | Attr =	]
Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 7/10/2008 7:47:13 PM | Attr =	]
WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller ->  [Folder | Modified Date = 6/19/2008 4:49:01 PM | Attr =	]
yahoo! -> %AllUsersProfile%\Application Data\yahoo! ->  [Folder | Modified Date = 7/5/2008 7:23:34 AM | Attr =	]
acccore -> %AppData%\acccore ->  [Folder | Modified Date = 7/11/2008 3:39:05 PM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 7/19/2008 10:02:04 AM | Attr =	]
AdobeUM -> %AppData%\AdobeUM ->  [Folder | Modified Date = 7/19/2008 10:03:11 AM | Attr =	]
Audacity -> %AppData%\Audacity ->  [Folder | Modified Date = 7/14/2008 9:08:56 PM | Attr =	]
GTek -> %AppData%\GTek ->  [Folder | Modified Date = 7/10/2008 7:30:21 PM | Attr =	]
Identities -> %AppData%\Identities ->  [Folder | Modified Date = 7/9/2008 9:19:45 PM | Attr =	]
InstallShield -> %AppData%\InstallShield ->  [Folder | Modified Date = 7/14/2008 7:43:38 PM | Attr =	]
Intuit -> %AppData%\Intuit ->  [Folder | Modified Date = 7/9/2008 9:19:45 PM | Attr =	]
Leadertech -> %AppData%\Leadertech ->  [Folder | Modified Date = 7/12/2008 11:17:06 AM | Attr =	]
Macromedia -> %AppData%\Macromedia ->  [Folder | Modified Date = 7/11/2008 6:02:44 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 7/11/2008 3:56:53 PM | Attr =   S]
Mozilla -> %AppData%\Mozilla ->  [Folder | Modified Date = 7/10/2008 6:32:03 PM | Attr =	]
Sony -> %AppData%\Sony ->  [Folder | Modified Date = 7/14/2008 8:08:17 PM | Attr =	]
Sun -> %AppData%\Sun ->  [Folder | Modified Date = 7/11/2008 4:01:53 PM | Attr =	]
U3 -> %AppData%\U3 ->  [Folder | Modified Date = 7/11/2008 11:44:41 PM | Attr =	]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Modified Date = 7/19/2008 10:03:11 AM | Attr =	]
AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP ->  [Folder | Modified Date = 7/11/2008 3:38:51 PM | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Modified Date = 7/14/2008 7:47:17 PM | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Modified Date = 7/14/2008 7:46:51 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 7/19/2008 9:21:26 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 5120 bytes | Modified Date = 7/12/2008 11:22:52 AM | Attr =	]
fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 7/9/2008 10:27:33 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 64568 bytes | Modified Date = 7/9/2008 10:27:35 PM | Attr =	]
HP -> %UserProfile%\Local Settings\Application Data\HP ->  [Folder | Modified Date = 7/9/2008 9:19:45 PM | Attr =	]
IsolatedStorage -> %UserProfile%\Local Settings\Application Data\IsolatedStorage ->  [Folder | Modified Date = 7/9/2008 9:19:47 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 7/10/2008 7:00:49 PM | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Modified Date = 7/10/2008 6:32:03 PM | Attr =	]
Sony -> %UserProfile%\Local Settings\Application Data\Sony ->  [Folder | Modified Date = 7/14/2008 7:57:01 PM | Attr =	]
Sony Ericsson -> %UserProfile%\Local Settings\Application Data\Sony Ericsson ->  [Folder | Modified Date = 7/14/2008 7:58:40 PM | Attr =	]
{3248F0A6-6813-11D6-A77B-00B0D0150060} -> %UserProfile%\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} ->  [Folder | Modified Date = 7/9/2008 9:19:48 PM | Attr =	]
My Music -> %AllUsersProfile%\Documents\My Music ->  [Folder | Modified Date = 7/9/2008 9:19:38 PM | Attr = R  ]
My Pictures -> %AllUsersProfile%\Documents\My Pictures ->  [Folder | Modified Date = 7/9/2008 9:19:41 PM | Attr = R  ]
My Videos -> %AllUsersProfile%\Documents\My Videos ->  [Folder | Modified Date = 7/9/2008 9:19:41 PM | Attr = R  ]
desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 76 bytes | Modified Date = 7/9/2008 10:26:58 PM | Attr =  HS]
My DVDs -> %UserProfile%\My Documents\My DVDs ->  [Folder | Modified Date = 7/12/2008 11:17:00 AM | Attr =   S]
My eBooks -> %UserProfile%\My Documents\My eBooks ->  [Folder | Modified Date = 7/19/2008 10:02:06 AM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 7/19/2008 10:55:17 AM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 7/11/2008 11:39:53 PM | Attr = R  ]
My Videos -> %UserProfile%\My Documents\My Videos ->  [Folder | Modified Date = 7/9/2008 9:19:49 PM | Attr = R  ]
Other -> %UserProfile%\My Documents\Other ->  [Folder | Modified Date = 7/11/2008 11:39:41 PM | Attr =	]
Personal -> %UserProfile%\My Documents\Personal ->  [Folder | Modified Date = 7/11/2008 11:39:18 PM | Attr =	]
Phone Backup -> %UserProfile%\My Documents\Phone Backup ->  [Folder | Modified Date = 7/14/2008 8:30:15 PM | Attr =	]
Recipes -> %UserProfile%\My Documents\Recipes ->  [Folder | Modified Date = 7/11/2008 11:39:19 PM | Attr =	]
School Work -> %UserProfile%\My Documents\School Work ->  [Folder | Modified Date = 7/11/2008 11:39:25 PM | Attr =	]
Tutorials -> %UserProfile%\My Documents\Tutorials ->  [Folder | Modified Date = 7/11/2008 11:39:28 PM | Attr =	]
Vaughn -> %UserProfile%\My Documents\Vaughn ->  [Folder | Modified Date = 7/11/2008 11:39:30 PM | Attr =	]
WRT54G2_V10_UG_NC.pdf -> %UserProfile%\My Documents\WRT54G2_V10_UG_NC.pdf ->  [Ver =  | Size = 15190627 bytes | Modified Date = 7/7/2008 11:11:00 PM | Attr =	]
Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk ->  [Ver =  | Size = 851 bytes | Modified Date = 7/11/2008 4:05:17 PM | Attr =	]
QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Modified Date = 7/14/2008 7:47:49 PM | Attr =	]
Register your Notebook.URL -> %AllUsersProfile%\Desktop\Register your Notebook.URL ->  [Ver =  | Size = 369 bytes | Modified Date = 7/9/2008 10:22:01 PM | Attr =	]
Sony Ericsson Media Manager 1.0.lnk -> %AllUsersProfile%\Desktop\Sony Ericsson Media Manager 1.0.lnk ->  [Ver =  | Size = 1871 bytes | Modified Date = 7/14/2008 7:49:13 PM | Attr =	]
Sony Ericsson PC Suite.lnk -> %AllUsersProfile%\Desktop\Sony Ericsson PC Suite.lnk ->  [Ver =  | Size = 1958 bytes | Modified Date = 6/27/2008 3:52:46 PM | Attr =	]
Winamp.lnk -> %AllUsersProfile%\Desktop\Winamp.lnk ->  [Ver =  | Size = 664 bytes | Modified Date = 7/19/2008 10:57:46 AM | Attr =	]
Yahoo! Mail.lnk -> %AllUsersProfile%\Desktop\Yahoo! Mail.lnk ->  [Ver =  | Size = 1535 bytes | Modified Date = 7/5/2008 7:23:35 AM | Attr =	]
Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk ->  [Ver =  | Size = 812 bytes | Modified Date = 7/5/2008 7:23:07 AM | Attr =	]
ZoomBrowser EX.lnk -> %AllUsersProfile%\Desktop\ZoomBrowser EX.lnk ->  [Ver =  | Size = 2557 bytes | Modified Date = 6/27/2008 3:33:11 PM | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 7/11/2008 3:48:37 PM | Attr =	]
helen.exe -> %UserProfile%\Desktop\helen.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 7/11/2008 3:52:22 PM | Attr =	]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 7/11/2008 3:52:22 PM | Attr =	]
jxpiinstall.exe -> %UserProfile%\Desktop\jxpiinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 382352 bytes | Modified Date = 7/11/2008 4:17:36 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 7/19/2008 11:07:07 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Modified Date = 7/19/2008 11:06:50 AM | Attr =	]
sp34489.exe -> %UserProfile%\Desktop\sp34489.exe -> Hewlett-Packard Company									  [Ver =															  | Size = 6132456 bytes | Modified Date = 7/11/2008 5:49:52 PM | Attr =	]
winamp554_full_emusic-7plus_en-us.exe -> %UserProfile%\Desktop\winamp554_full_emusic-7plus_en-us.exe -> Nullsoft, Inc. [Ver = 5.5.4.2147 | Size = 9032208 bytes | Modified Date = 7/19/2008 10:56:26 AM | Attr =	]
Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk ->  [Ver =  | Size = 786 bytes | Modified Date = 7/12/2008 7:04:44 PM | Attr =	]
HP Pavilion Webcam Tray Icon.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk ->  [Ver =  | Size = 818 bytes | Modified Date = 7/9/2008 10:35:41 PM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Modified Date = 7/9/2008 9:22:56 PM | Attr =	]
LightScribe -> %CommonProgramFiles%\LightScribe ->  [Folder | Modified Date = 7/9/2008 9:23:17 PM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Modified Date = 7/9/2008 9:23:56 PM | Attr =	]
Sonic Shared -> %CommonProgramFiles%\Sonic Shared ->  [Folder | Modified Date = 7/9/2008 9:24:00 PM | Attr =	]
SureThing Shared -> %CommonProgramFiles%\SureThing Shared ->  [Folder | Modified Date = 7/9/2008 9:24:00 PM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 7/10/2008 7:47:14 PM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 7/9/2008 9:24:28 PM | Attr =	]

[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

< End of report >


#12 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:05:40 PM

Posted 19 July 2008 - 01:46 PM

Hi ayoboo,
Seems like you had/have a lot of security programs running there.
The rule is one of each: antivirus, antispyware, and firewall.
If you need help with that let me know :thumbsup:

The uncdms.dll that your system is looking for is related to windows desktop search function, it may not have been loaded properly when you used the recovery function that is resident on that computer. You can open your add/remove programs function from your control panel, and see if windows desktop search is listed there, and remove it. If you have a valid windows CD for that machine, there are a couple of other things we can do.

There were a couple of hits on the Kaspersky scan you ran a while back, lets run that scan again and post the results.

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#13 ayoboo

ayoboo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 PM

Posted 19 July 2008 - 06:08 PM

Hi Harry,

I had many of those because I was told to dl them on my previous thread. I did as you told me but there was no windows desktop search. My laptop did not come with a windows CD. However in my programs, I have a System Recovery, where I can do a PC recovery so I'm not sure if that really formatted my laptop. It recovered to the first day I bought my laptop. I do however, have a windows CD that came with a desktop. Can I use that one?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 19, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, July 19, 2008 20:55:40
Records in database: 974257
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 92081
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:34:44


File name / Threat name / Threats count
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bj 1
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe Infected: not-a-virus:AdWare.Win32.Agent.aeh 1

The selected area was scanned.

#14 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:05:40 PM

Posted 19 July 2008 - 07:21 PM

I think we may have some leftovers here. And the recovery function is not a re-format :thumbsup:

Lets do this:
Click start, control panel, then add/remove programs.
See if AskPBar or MyWebSearch is in there.
If shown, remove those.

Next:
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\AskPBar
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re-boot, and see if you get the uncdms.dll error.

Harry

Edited by harrythook, 19 July 2008 - 07:22 PM.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#15 ayoboo

ayoboo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:40 PM

Posted 20 July 2008 - 09:16 AM

ok it still pops up! :thumbsup:

C:\Program Files\AskPBar\SrchAstt\1.bin moved successfully.
C:\Program Files\AskPBar\SrchAstt moved successfully.
C:\Program Files\AskPBar\bar\Settings moved successfully.
C:\Program Files\AskPBar\bar\History moved successfully.
C:\Program Files\AskPBar\bar\Cache moved successfully.
C:\Program Files\AskPBar\bar\1.bin moved successfully.
C:\Program Files\AskPBar\bar moved successfully.
C:\Program Files\AskPBar moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07202008_094957

However, I did notice Windows Desktop Search in C:\Program Files so I went ahead and move it

C:\Program Files\Windows Desktop Search\en-US moved successfully.
C:\Program Files\Windows Desktop Search moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07202008_102205

and that solve it. Let me know what you think. Is my laptop clean? Or would I have to actually reformat it with Windows.

Oh, BTW I also remove few more programs that I felt was useless! I love OTMoveIt :)

Edited by ayoboo, 20 July 2008 - 09:56 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users