Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Purityscan-q,rootkit-gen And Homles- Cant Get Rid!


  • Please log in to reply
22 replies to this topic

#1 darkscout

darkscout

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:FL
  • Local time:12:16 PM

Posted 14 June 2008 - 10:22 PM

I apoligise for not posting in the correct thread- and for my delayed repost-

My computer is acting worse then when I last posted...it actually gave me BSOD....
so, I'm trying this again... and forgive me if this still isn't right- I'm trying my best but I'm still a little confused...

I tried following the steps so I can list a proper HL, but I'm having problems. I SHOULD be
running a firewall- last time I checked I had it on, but when I go to check as of recently
it gives me it can't find the Internet Connection Shareing system....so I can't access it...
So I move on the the Kaporski...scanner thing...and it says I need a version of Java to run it,
so I downloaded it. I went back and it is STILL telling me to run it....


As of my previous post I scanned my computer with Spybot; Search and Destroy and
it found a few things. When I rebooted the computer it became even more slower then before
and about 7 or 8 CMD's pop up then disappear. My Documents folder also pops up...

When I perviously scanned with Avast! I saw three repeat offenders of interest:
Rootkit-gen(rtk), PurityScan-Q(trj) and Homles(trj). I think one or more of these is the cause
of my computer gowing haywire, and Avast! nor anything else has gotten rid of them.
For more about my computer symptoms please see my <a href=http://www.bleepingcomputer.com/forums/topic152258.html>first post.</a>

ANYWAY- I decided to scan with DSS anyway since I'm locked outta any other options. And I ONLY scanned in
Normal mode as advised- I for some reason cannot go into safe mode. (I haven't been able to since I rid my computer
of a pesky Vundo Trojan...)
SO heres the DSS. If theres anything I should do, please tell me how to and I'll get on it :thumbsup:



Deckard's System Scanner v20071014.68
Run by erin on 2008-06-14 23:15:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 0.82 GiB (less than 15%) free.


-- HijackThis (run as erin.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:55 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tlntsvr.exe
E:\Last.fm\LastFMHelper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\erin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\erin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (no name) - {01bf1e38-1554-4d34-8e3c-da079c40f32b} - (no file)
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\system32\byXOiFYS.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\VIRUS~10\SPYBO~19\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8528EA62-642A-4602-BA9C-93AE8C04CAA8} - (no file)
O2 - BHO: {71e58631-45cc-47f8-67e4-211f96c429d8} - {8d924c69-f112-4e76-8f74-cc5413685e17} - C:\WINDOWS\system32\prncqvke.dll
O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - (no file)
O2 - BHO: (no name) - {AB66C94E-20D9-7820-FF34-7EA2E19918E7} - C:\WINDOWS\system32\csiy.dll (file missing)
O2 - BHO: (no name) - {B72DF7D4-35D9-4509-B25A-28847C37E01A} - C:\WINDOWS\system32\rqRKAPFu.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BM29402039] Rundll32.exe "C:\WINDOWS\system32\lpiegquf.dll",s
O4 - HKLM\..\Run: [2a7313a5] rundll32.exe "C:\WINDOWS\system32\vmasxlti.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Awit] "C:\DOCUME~1\erin\APPLIC~1\WNSXS~1\spool32.exe" -vt yazb
O4 - HKUS\S-1-5-21-842925246-1677128483-1957994488-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-842925246-1677128483-1957994488-1005\..\Run: [Awit] "C:\DOCUME~1\erin\APPLIC~1\WNSXS~1\spool32.exe" -vt yazb (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-21-842925246-1677128483-1957994488-1005 Startup: Last.fm Helper.lnk = E:\Last.fm\LastFMHelper.exe (User '?')
O4 - Startup: Last.fm Helper.lnk = E:\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.neopets.com
O15 - Trusted Zone: http://*.youtube.com
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...256/mcfscan.cab
O20 - Winlogon Notify: byXOiFYS - C:\WINDOWS\SYSTEM32\byXOiFYS.dll
O20 - Winlogon Notify: gbawomde - gbawomde.dll (file missing)
O20 - Winlogon Notify: zcnrzvxm - zcnrzvxm.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\cerej.html

--
End of file - 9611 bytes

-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-14 22:52:38 81408 --a------ C:\WINDOWS\system32\vmasxlti.dll
2008-06-14 22:49:52 98816 --a------ C:\WINDOWS\system32\prncqvke.dll
2008-06-14 18:00:34 0 d-------- C:\Program Files\Trend Micro
2008-06-14 17:49:30 0 d-------- C:\Program Files\VS Revo Group
2008-06-14 16:34:35 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-13 22:40:26 98304 --a------ C:\WINDOWS\system32\dtehybso.dll
2008-06-13 22:39:01 81408 --a------ C:\WINDOWS\system32\kwlmkwrs.dll
2008-06-13 22:38:44 89088 --a------ C:\WINDOWS\system32\odsowism.dll
2008-06-12 11:45:30 0 d--hs---- C:\FOUND.000
2008-06-12 11:01:13 25344 --a------ C:\WINDOWS\svcinit.exe
2008-06-12 11:01:09 9728 --a------ C:\WINDOWS\svchost32.exe
2008-06-12 11:01:08 26368 --a------ C:\WINDOWS\sistem.exe
2008-06-12 11:01:03 18944 --a------ C:\WINDOWS\searchword.dll
2008-06-12 11:01:00 18176 --a------ C:\WINDOWS\rundll16.exe
2008-06-12 11:00:58 17664 --a------ C:\WINDOWS\quicken.exe
2008-06-12 11:00:56 10496 --a------ C:\WINDOWS\qttasks.exe
2008-06-12 11:00:44 12544 --a------ C:\WINDOWS\mswsc20.dll
2008-06-12 11:00:42 8448 --a------ C:\WINDOWS\mswsc10.dll
2008-06-12 11:00:32 30720 --a------ C:\WINDOWS\msspi.dll
2008-06-12 11:00:27 15360 --a------ C:\WINDOWS\msconfd.dll
2008-06-12 11:00:24 14080 --a------ C:\WINDOWS\internet.exe
2008-06-12 11:00:23 18176 --a------ C:\WINDOWS\inetinf.exe
2008-06-12 11:00:16 30976 --a------ C:\WINDOWS\helpcvs.exe
2008-06-12 11:00:11 24320 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-12 11:00:07 8960 --a------ C:\WINDOWS\funny.exe
2008-06-12 11:00:07 25600 --a------ C:\WINDOWS\funniest.exe
2008-06-12 11:00:03 9472 --a------ C:\WINDOWS\explorer32.exe
2008-06-12 11:00:02 18944 --a------ C:\WINDOWS\explore.exe
2008-06-12 11:00:00 30464 --a------ C:\WINDOWS\editpad.exe
2008-06-12 10:59:55 12800 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-12 10:59:54 22784 --a------ C:\WINDOWS\directx32.exe
2008-06-12 10:59:50 8448 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-12 10:59:50 15616 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-12 10:59:48 8960 --a------ C:\WINDOWS\cpan.dll
2008-06-12 10:54:19 99328 --a------ C:\WINDOWS\system32\opgqnwsh.dll
2008-06-12 10:49:28 89600 --a------ C:\WINDOWS\system32\mxduwwiq.dll
2008-06-12 10:48:17 685373 --ahs---- C:\WINDOWS\system32\uFPAKRqr.ini2
2008-06-12 10:48:08 322560 --a------ C:\WINDOWS\system32\rqRKAPFu.dll
2008-06-12 10:44:17 0 d-------- C:\Program Files\Outerinfo
2008-06-12 10:44:15 0 d-------- C:\Program Files\?ssembly
2008-06-12 10:43:43 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-12 10:43:14 0 d-------- C:\WINDOWS\system32\SGI
2008-06-12 10:43:14 0 d-------- C:\WINDOWS\system32\GTK
2008-06-12 10:43:13 0 d-------- C:\WINDOWS\system32\1039a
2008-06-12 10:43:12 0 d-------- C:\Documents and Settings\erin\Application Data\W?nSxS
2008-06-12 10:43:04 0 d-------- C:\WINDOWS\system32\netrax01
2008-06-12 10:43:03 25600 --a------ C:\WINDOWS\system32\byXOiFYS.dll
2008-05-15 11:00:20 0 d-------- C:\Downloads


-- Find3M Report ---------------------------------------------------------------

2008-06-14 22:48:52 16106 --a------ C:\WINDOWS\system32\tablet.dat
2008-06-14 16:27:38 2105918 --ah----- C:\Documents and Settings\erin\Application Data\IconCache.db
2008-06-12 10:44:16 0 d-------- C:\Program Files\?ssembly
2008-06-12 10:43:14 0 d-------- C:\Documents and Settings\erin\Application Data\W?nSxS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01bf1e38-1554-4d34-8e3c-da079c40f32b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13F20E4F-F379-41EA-8F80-CCAAE787362A}]
06/12/2008 10:43 AM 25600 --a------ C:\WINDOWS\system32\byXOiFYS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8528EA62-642A-4602-BA9C-93AE8C04CAA8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8d924c69-f112-4e76-8f74-cc5413685e17}]
06/14/2008 10:49 PM 98816 --a------ C:\WINDOWS\system32\prncqvke.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB66C94E-20D9-7820-FF34-7EA2E19918E7}]
C:\WINDOWS\system32\csiy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B72DF7D4-35D9-4509-B25A-28847C37E01A}]
06/12/2008 10:48 AM 322560 --a------ C:\WINDOWS\system32\rqRKAPFu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"runner1"="C:\WINDOWS\mrofinu572.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"BM29402039"="C:\WINDOWS\system32\lpiegquf.dll" []
"2a7313a5"="C:\WINDOWS\system32\vmasxlti.dll" [06/14/2008 10:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:56 AM]
"Awit"="C:\DOCUME~1\erin\APPLIC~1\WNSXS~1\spool32.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\erin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - E:\Last.fm\LastFMHelper.exe [1/5/2008 12:36:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory]"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Internet Explorer\cerej.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{13F20E4F-F379-41EA-8F80-CCAAE787362A}"= C:\WINDOWS\system32\byXOiFYS.dll [06/12/2008 10:43 AM 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOiFYS]
byXOiFYS.dll 06/12/2008 10:43 AM 25600 C:\WINDOWS\SYSTEM32\byXOiFYS.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gbawomde]
gbawomde.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zcnrzvxm]
zcnrzvxm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRKAPFu

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk.disabled]
backup=C:\WINDOWS\pss\Event Reminder.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^erin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\erin\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^erin^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\erin\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2a7313a5]
rundll32.exe "C:\WINDOWS\system32\xtcncoen.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Painter Essentials 21a]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
C:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qkzu]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"cmdService"=2 (0x2)
"aawservice"=2 (0x2)
"PhotoshopElementsDeviceConnect"=2 (0x2)
"ose"=3 (0x3)
"AdobeActiveFileMonitor"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"navapsvc"=2 (0x2)
"AOL ACS"=2 (0x2)
"TrkWks"=2 (0x2)
"DomainService"=2 (0x2)
"xmlprov"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb09.exe
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
"HP Component Manager"="C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
"HPHmon05"=C:\WINDOWS\SYSTEM32\hphmon05.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Tgcmd"="C:\Program Files\Support.com\Client\bin\tgcmd.exe" /server /nosystray
"ZTgServerSwitch"=C:\Program Files\support.com\client\lserver\server.vbs
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"PWSTray"=PwsTray.exe
"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
"DXM6Patch_981116"=C:\WINDOWS\p_981116.exe /Q:A
"LoadQM"=loadqm.exe
"NAV Agent"=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMON.EXE
"rq5U36V"=MPRNN10N.EXE
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f44c6c3d-9e9f-11db-bd4c-00038a000015}]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl



-- End of Deckard's System Scanner: finished at 2008-06-14 23:18:37 ------------

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:16 PM

Posted 15 June 2008 - 01:11 AM

Hello darkscout and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 darkscout

darkscout
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:FL
  • Local time:12:16 PM

Posted 15 June 2008 - 10:11 AM

Ok- so I followed your steps, and they seemed to work without problem...so here the attachment that you asked for :thumbsup:

Attached Files



#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:16 PM

Posted 15 June 2008 - 10:43 AM

Hi darkscout. Let's see what we can do. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
core
lredbooo
NAVAP
NAVENG
NAVEX15
SymEvent
SYMTDI
Files to delete:
%programfiles%\symantec\symevent.sys
%systemdrive%\docume~1\erin\locals~1\temp\lredbooo.sys
%systemdrive%\progra~1\common~1\symant~1\virusd~1\20080109.006\naveng.sys
%systemdrive%\progra~1\common~1\symant~1\virusd~1\20080109.006\navex15.sys
%systemroot%\bm29402039.xml
%systemroot%\cpan.dll
%systemroot%\ctfmon32.exe
%systemroot%\ctrlpan.dll
%systemroot%\default.htm
%systemroot%\directx32.exe
%systemroot%\dnsrelay.dll
%systemroot%\editpad.exe
%systemroot%\explore.exe
%systemroot%\explorer32.exe
%systemroot%\funniest.exe
%systemroot%\funny.exe
%systemroot%\gfmnaaa.dll
%systemroot%\helpcvs.exe
%systemroot%\inetinf.exe
%systemroot%\internet.exe
%systemroot%\mainms.vpi
%systemroot%\megavid.cdt
%systemroot%\msconfd.dll
%systemroot%\msspi.dll
%systemroot%\mswsc10.dll
%systemroot%\mswsc20.dll
%systemroot%\muotr.so
%systemroot%\qttasks.exe
%systemroot%\quicken.exe
%systemroot%\rundll16.exe
%systemroot%\rundll32.vbe
%systemroot%\searchword.dll
%systemroot%\sistem.exe
%systemroot%\svchost32.exe
%systemroot%\svcinit.exe
%systemroot%\system32\byxoifys.dll
%systemroot%\system32\drivers\core.sys
%systemroot%\system32\drivers\navap.sys
%systemroot%\system32\drivers\symtdi.sys
%systemroot%\system32\dtehybso.dll
%systemroot%\system32\hljwugsf.bin
%systemroot%\system32\itlxsamv.ini
%systemroot%\system32\kwlmkwrs.dll
%systemroot%\system32\mxduwwiq.dll
%systemroot%\system32\odsowism.dll
%systemroot%\system32\opgqnwsh.dll
%systemroot%\system32\prncqvke.dll
%systemroot%\system32\rqrkapfu.dll
%systemroot%\system32\srwkmlwk.ini
%systemroot%\system32\ufpakrqr.ini
%systemroot%\system32\ufpakrqr.ini2
%systemroot%\system32\vmasxlti.dll
%systemroot%\system32\vpsbdoga.ini
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
Folders to delete:
%programfiles%\outerinfo
%systemdrive%\found.000
%systemroot%\system32\1039a
%systemroot%\system32\gtk
%systemroot%\system32\netrax01
%systemroot%\system32\sgi

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (core) core [Kernel | System | Running] -> %SystemRoot%\system32\drivers\core.sys
YY -> (lredbooo) lredbooo [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\erin\LOCALS~1\Temp\lredbooo.sys
YY -> (NAVAP) NAVAP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\Drivers\NAVAP.SYS
YY -> (NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080109.006\NAVENG.SYS
YY -> (NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080109.006\NAVEX15.SYS
YY -> (SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS
YY -> (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\SYMTDI.SYS
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> 2a7313a5 -> %SystemRoot%\system32\vmasxlti.DLL [rundll32.exe "C:\WINDOWS\system32\vmasxlti.dll",b]
YN -> BM29402039 -> %SystemRoot%\system32\lpiegquf.DLL [Rundll32.exe "C:\WINDOWS\system32\lpiegquf.dll",s]
YN -> runner1 -> %SystemRoot%\mrofinu572.exe [C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Awit -> %SystemDrive%\DOCUME~1\erin\APPLIC~1\WNSXS~1\spool32.exe ["C:\DOCUME~1\erin\APPLIC~1\WNSXS~1\spool32.exe" -vt yazb]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {13F20E4F-F379-41EA-8F80-CCAAE787362A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\byXOiFYS.dll []
YN -> {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> byXOiFYS -> %SystemRoot%\system32\byXOiFYS.dll
YN -> gbawomde -> 
YN -> zcnrzvxm -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {01bf1e38-1554-4d34-8e3c-da079c40f32b} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
YY -> {13F20E4F-F379-41EA-8F80-CCAAE787362A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\byXOiFYS.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {3672D433-B39A-425A-BEA2-21BA9CA88620} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRKAPFu.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {8528EA62-642A-4602-BA9C-93AE8C04CAA8} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
YY -> {8d924c69-f112-4e76-8f74-cc5413685e17} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\prncqvke.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [Reg Error: Value  does not exist or could not be read.]
YN -> {AB66C94E-20D9-7820-FF34-7EA2E19918E7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\csiy.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\rqRKAPFu -> %SystemRoot%\system32\rqRKAPFu.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Super SpongeBob Collapse!\SBCollapse.exe -> D:\Program Files\Super SpongeBob Collapse!\SBCollapse.exe [D:\Program Files\Super SpongeBob Collapse!\SBCollapse.exe:*:Enabled:Super SpongeBob Collapse!]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Super Gem Drop\GemDrop.exe -> D:\Program Files\Super Gem Drop\GemDrop.exe [D:\Program Files\Super Gem Drop\GemDrop.exe:*:Enabled:Super Gem Drop]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\AOL Games\Bumper Deluxe\bumperdeluxe-am.exe -> D:\Program Files\AOL Games\Bumper Deluxe\bumperdeluxe-am.exe [D:\Program Files\AOL Games\Bumper Deluxe\bumperdeluxe-am.exe:*:Enabled:Bumper Deluxe				 ]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\AOL Games\Super Letter Linker\LLinker.exe -> D:\Program Files\AOL Games\Super Letter Linker\LLinker.exe [D:\Program Files\AOL Games\Super Letter Linker\LLinker.exe:*:Enabled:Letter Linker]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Super PileUp!\PileUp.exe -> D:\Program Files\Super PileUp!\PileUp.exe [D:\Program Files\Super PileUp!\PileUp.exe:*:Enabled:Super PileUp!]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\AOLSETUP.EXE -> H:\AOLSETUP.EXE [H:\AOLSETUP.EXE:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\AOL Games\PuzzleInlay\PuzzleInlay.exe -> D:\Program Files\AOL Games\PuzzleInlay\PuzzleInlay.exe [D:\Program Files\AOL Games\PuzzleInlay\PuzzleInlay.exe:*:Enabled:Puzzle Inlay]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\AOLSETUP.EXE -> G:\AOLSETUP.EXE [G:\AOLSETUP.EXE:*:Enabled:AOL]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\AOL Games\Slingo Deluxe\Slingo-am.exe -> D:\Program Files\AOL Games\Slingo Deluxe\Slingo-am.exe [D:\Program Files\AOL Games\Slingo Deluxe\Slingo-am.exe:*:Enabled:Slingo ®]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\AOL Games\Super TextTwist\TextTwist.exe -> D:\Program Files\AOL Games\Super TextTwist\TextTwist.exe [D:\Program Files\AOL Games\Super TextTwist\TextTwist.exe:*:Enabled:TextTwist]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Super WHATword\WhatWord.exe -> D:\Program Files\Super WHATword\WhatWord.exe [D:\Program Files\Super WHATword\WhatWord.exe:*:Enabled:Super WHATword?]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Halo\halo.exe -> %ProgramFiles%\Microsoft Games\Halo\halo.exe [C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> %ProgramFiles%\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM]
[Files/Folders - Created Within 30 days]
NY -> FOUND.000 -> %SystemDrive%\FOUND.000
NY -> 2 C:\*.tmp files -> C:\*.tmp
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 1039a -> %SystemRoot%\System32\1039a
NY -> SGI -> %SystemRoot%\System32\SGI
NY -> byXOiFYS.dll -> %SystemRoot%\System32\byXOiFYS.dll
NY -> GTK -> %SystemRoot%\System32\GTK
NY -> odsowism.dll -> %SystemRoot%\System32\odsowism.dll
NY -> hljwugsf.bin -> %SystemRoot%\System32\hljwugsf.bin
NY -> prncqvke.dll -> %SystemRoot%\System32\prncqvke.dll
NY -> vpsbdoga.ini -> %SystemRoot%\System32\vpsbdoga.ini
NY -> mxduwwiq.dll -> %SystemRoot%\System32\mxduwwiq.dll
NY -> vmasxlti.dll -> %SystemRoot%\System32\vmasxlti.dll
NY -> kwlmkwrs.dll -> %SystemRoot%\System32\kwlmkwrs.dll
NY -> opgqnwsh.dll -> %SystemRoot%\System32\opgqnwsh.dll
NY -> dtehybso.dll -> %SystemRoot%\System32\dtehybso.dll
NY -> rqRKAPFu.dll -> %SystemRoot%\System32\rqRKAPFu.dll
NY -> uFPAKRqr.ini -> %SystemRoot%\System32\uFPAKRqr.ini
NY -> itlxsamv.ini -> %SystemRoot%\System32\itlxsamv.ini
NY -> uFPAKRqr.ini2 -> %SystemRoot%\System32\uFPAKRqr.ini2
NY -> srwkmlwk.ini -> %SystemRoot%\System32\srwkmlwk.ini
NY -> muotr.so -> %SystemRoot%\muotr.so
NY -> 14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> megavid.cdt -> %SystemRoot%\megavid.cdt
NY -> mainms.vpi -> %SystemRoot%\mainms.vpi
NY -> cpan.dll -> %SystemRoot%\cpan.dll
NY -> ctfmon32.exe -> %SystemRoot%\ctfmon32.exe
NY -> ctrlpan.dll -> %SystemRoot%\ctrlpan.dll
NY -> directx32.exe -> %SystemRoot%\directx32.exe
NY -> dnsrelay.dll -> %SystemRoot%\dnsrelay.dll
NY -> editpad.exe -> %SystemRoot%\editpad.exe
NY -> explore.exe -> %SystemRoot%\explore.exe
NY -> funniest.exe -> %SystemRoot%\funniest.exe
NY -> funny.exe -> %SystemRoot%\funny.exe
NY -> explorer32.exe -> %SystemRoot%\explorer32.exe
NY -> gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll
NY -> helpcvs.exe -> %SystemRoot%\helpcvs.exe
NY -> inetinf.exe -> %SystemRoot%\inetinf.exe
NY -> internet.exe -> %SystemRoot%\internet.exe
NY -> msconfd.dll -> %SystemRoot%\msconfd.dll
NY -> msspi.dll -> %SystemRoot%\msspi.dll
NY -> mswsc10.dll -> %SystemRoot%\mswsc10.dll
NY -> mswsc20.dll -> %SystemRoot%\mswsc20.dll
NY -> qttasks.exe -> %SystemRoot%\qttasks.exe
NY -> quicken.exe -> %SystemRoot%\quicken.exe
NY -> rundll16.exe -> %SystemRoot%\rundll16.exe
NY -> rundll32.vbe -> %SystemRoot%\rundll32.vbe
NY -> searchword.dll -> %SystemRoot%\searchword.dll
NY -> sistem.exe -> %SystemRoot%\sistem.exe
NY -> svchost32.exe -> %SystemRoot%\svchost32.exe
NY -> svcinit.exe -> %SystemRoot%\svcinit.exe
NY -> default.htm -> %SystemRoot%\default.htm
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ?asks -> %AppData%\Τasks
NY -> W?nSxS -> %AppData%\WіnSxS
NY -> ?asks -> %AppData%\Τasks
NY -> W?nSxS -> %AppData%\WіnSxS
NY -> 1 C:\Documents and Settings\erin\Desktop\*.tmp files -> C:\Documents and Settings\erin\Desktop\*.tmp
NY -> ?asks -> %CommonProgramFiles%\Τasks
NY -> ?icrosoft.NET -> %CommonProgramFiles%\Μicrosoft.NET
NY -> ?dobe -> %CommonProgramFiles%\Αdobe
NY -> ?ssembly -> %ProgramFiles%\аssembly
NY -> Outerinfo -> %ProgramFiles%\Outerinfo
[Files/Folders - Modified Within 30 days]
NY -> FOUND.000 -> %SystemDrive%\FOUND.000
NY -> 2 C:\*.tmp files -> C:\*.tmp
NY -> netrax01 -> %SystemRoot%\System32\netrax01
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 1039a -> %SystemRoot%\System32\1039a
NY -> SGI -> %SystemRoot%\System32\SGI
NY -> byXOiFYS.dll -> %SystemRoot%\System32\byXOiFYS.dll
NY -> GTK -> %SystemRoot%\System32\GTK
NY -> odsowism.dll -> %SystemRoot%\System32\odsowism.dll
NY -> hljwugsf.bin -> %SystemRoot%\System32\hljwugsf.bin
NY -> prncqvke.dll -> %SystemRoot%\System32\prncqvke.dll
NY -> vpsbdoga.ini -> %SystemRoot%\System32\vpsbdoga.ini
NY -> mxduwwiq.dll -> %SystemRoot%\System32\mxduwwiq.dll
NY -> vmasxlti.dll -> %SystemRoot%\System32\vmasxlti.dll
NY -> kwlmkwrs.dll -> %SystemRoot%\System32\kwlmkwrs.dll
NY -> opgqnwsh.dll -> %SystemRoot%\System32\opgqnwsh.dll
NY -> dtehybso.dll -> %SystemRoot%\System32\dtehybso.dll
NY -> rqRKAPFu.dll -> %SystemRoot%\System32\rqRKAPFu.dll
NY -> uFPAKRqr.ini -> %SystemRoot%\System32\uFPAKRqr.ini
NY -> itlxsamv.ini -> %SystemRoot%\System32\itlxsamv.ini
NY -> uFPAKRqr.ini2 -> %SystemRoot%\System32\uFPAKRqr.ini2
NY -> srwkmlwk.ini -> %SystemRoot%\System32\srwkmlwk.ini
NY -> muotr.so -> %SystemRoot%\muotr.so
NY -> 14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> megavid.cdt -> %SystemRoot%\megavid.cdt
NY -> mainms.vpi -> %SystemRoot%\mainms.vpi
NY -> cpan.dll -> %SystemRoot%\cpan.dll
NY -> ctfmon32.exe -> %SystemRoot%\ctfmon32.exe
NY -> ctrlpan.dll -> %SystemRoot%\ctrlpan.dll
NY -> directx32.exe -> %SystemRoot%\directx32.exe
NY -> dnsrelay.dll -> %SystemRoot%\dnsrelay.dll
NY -> editpad.exe -> %SystemRoot%\editpad.exe
NY -> explore.exe -> %SystemRoot%\explore.exe
NY -> funniest.exe -> %SystemRoot%\funniest.exe
NY -> funny.exe -> %SystemRoot%\funny.exe
NY -> BM29402039.xml -> %SystemRoot%\BM29402039.xml
NY -> explorer32.exe -> %SystemRoot%\explorer32.exe
NY -> gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll
NY -> helpcvs.exe -> %SystemRoot%\helpcvs.exe
NY -> inetinf.exe -> %SystemRoot%\inetinf.exe
NY -> internet.exe -> %SystemRoot%\internet.exe
NY -> msconfd.dll -> %SystemRoot%\msconfd.dll
NY -> msspi.dll -> %SystemRoot%\msspi.dll
NY -> mswsc10.dll -> %SystemRoot%\mswsc10.dll
NY -> mswsc20.dll -> %SystemRoot%\mswsc20.dll
NY -> qttasks.exe -> %SystemRoot%\qttasks.exe
NY -> quicken.exe -> %SystemRoot%\quicken.exe
NY -> rundll16.exe -> %SystemRoot%\rundll16.exe
NY -> rundll32.vbe -> %SystemRoot%\rundll32.vbe
NY -> searchword.dll -> %SystemRoot%\searchword.dll
NY -> sistem.exe -> %SystemRoot%\sistem.exe
NY -> svchost32.exe -> %SystemRoot%\svchost32.exe
NY -> svcinit.exe -> %SystemRoot%\svcinit.exe
NY -> default.htm -> %SystemRoot%\default.htm
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> ?asks -> %AppData%\Τasks
NY -> W?nSxS -> %AppData%\WіnSxS
NY -> ?asks -> %AppData%\Τasks
NY -> W?nSxS -> %AppData%\WіnSxS
NY -> 1 C:\Documents and Settings\erin\Desktop\*.tmp files -> C:\Documents and Settings\erin\Desktop\*.tmp
NY -> ?asks -> %CommonProgramFiles%\Τasks
NY -> ?icrosoft.NET -> %CommonProgramFiles%\Μicrosoft.NET
NY -> ?dobe -> %CommonProgramFiles%\Αdobe
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary).
  • Close OTScanIt and locate the OTScanIt.txt file in the folder where OTScanIt.exe is located.
  • Attach that file back here in your next reply.
Step #5

Copy/paste the following back here in your next reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in your next reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 darkscout

darkscout
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:FL
  • Local time:12:16 PM

Posted 15 June 2008 - 11:39 AM

so, I'm having a slight problem after step 2..... I had to bring out the laptop so I can inform you of what's going on....
It rebooted as you said it would, but it did it twice.... the 1st time as soon as Windows booted to computer blackscreened and stood still for a good minute, then managed to reboot again. So, I went back to check my next copy and paste section and I cannot log back on the net at all....it's not even sending packets....I decided to burn the next step onto a cd, which I promptly followed, in hopes it would heal on the next startup. Well, it didn't and I can't do the online scan for step 3. I don;t think it's a coincidence- actually- something had to have happened during step 1.... I try "repairing" the connection, but it says it's renewing the IP address......and my IP is now set at all '0's.....
My network is OK though- I'm running my wireless card right now on my laptop- so I DO have an internet connection. Now I just feel frustrated...what's the next course of action? Thanx... *sigh*

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:16 PM

Posted 15 June 2008 - 01:05 PM

Hi darkscout. Yeah, that was a pretty messy infection. Let's try resetting the ip stack and see what happens:

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Commandline Commands]
netsh int ip reset reset.log
netsh winsock reset catalog
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 darkscout

darkscout
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:FL
  • Local time:12:16 PM

Posted 15 June 2008 - 01:28 PM

It's still giving me the same problem, and not giving me a log for OTScanIt... :/ What should I do now?

Edited: Hold on- I found the "reset" log.. I'll reedit within the post here.

OK- heres the log:



reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\NameServer
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGwDetect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePmtuDiscovery
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetried
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxPortsExhausted
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
<completed>


Still no connection.......

Edited by darkscout, 15 June 2008 - 01:36 PM.


#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:16 PM

Posted 15 June 2008 - 02:08 PM

Hi darkscout. Could be the infection just plain hosed it. Let's look at the machine that works and the machine that doesn't. Run the steps on both machines and post both logs back here:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the None button on the toolbar.
  • Copy/paste the text in the code box below into the Custom Scans editbox:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip /s
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT

Edited by OldTimer, 15 June 2008 - 02:09 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 darkscout

darkscout
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:FL
  • Local time:12:16 PM

Posted 15 June 2008 - 02:27 PM

Ok- I did as requested...first the laptop (AKA the machine that works)

OTScanIt logfile created on: 6/15/2008 3:22:34 PM
OTScanIt by OldTimer - Version 1.0.15.15	 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
502.42 Mb Total Physical Memory | 357.14 Mb Available Physical Memory | 71.08% Memory free
1.20 Gb Paging File | 1.01 Gb Available in Paging File | 83.94% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.87 Gb Free Space | 13.06% Space Free | Partition Type: NTFS
Drive D: | 1.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MALKIE
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Manual Scans]
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip /s >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\Tag -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\ImagePath -> %SystemRoot%\system32\drivers\tcpip.sys [System32\DRIVERS\tcpip.sys] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 332928 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\DisplayName -> TCP/IP Protocol Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\Group -> PNP_TDI -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\DependOnService -> 
IPSec ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\Description -> TCP/IP Protocol Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\ -> -> 
*Bind* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\\Bind -> 
\Device\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36} ->  -> File not found
\Device\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC} ->  -> File not found
\Device\{3C4052C8-263D-4CDB-9864-20560CDC7CE1} ->  -> File not found
\Device\NdisWanIp ->  -> File not found
*MultiFile Done* -> -> 
*Route* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\\Route -> 
"{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}" ->  -> File not found
"{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}" ->  -> File not found
"{3C4052C8-263D-4CDB-9864-20560CDC7CE1}" ->  -> File not found
"NdisWanIp" ->  -> File not found
*MultiFile Done* -> -> 
*Export* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\\Export -> 
\Device\Tcpip_{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36} ->  -> File not found
\Device\Tcpip_{3C707EB5-C34E-4318-B83D-AD9342BA0DEC} ->  -> File not found
\Device\Tcpip_{3C4052C8-263D-4CDB-9864-20560CDC7CE1} ->  -> File not found
\Device\Tcpip_{17CFB48E-1A73-4D30-9712-D62342CB40E5} ->  -> File not found
\Device\Tcpip_{1E248CB3-5F17-4ECD-B649-D07715EF6426} ->  -> File not found
\Device\Tcpip_{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E} ->  -> File not found
\Device\Tcpip_{A9380219-E419-42CB-9DF9-E0A629D0170A} ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\NV Hostname -> MALKIE -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DataBasePath -> %SystemRoot%\system32\drivers\etc [%SystemRoot%\System32\drivers\etc] ->  [Folder | Modified Date = 2/20/2008 11:29:41 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\ForwardBroadcasts -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\IPEnableRouter -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\Hostname -> MALKIE -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\SearchList ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\UseDomainNameDevolution -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\EnableICMPRedirect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DeadGWDetectDefault -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DontAddDefaultGatewayDefault -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\EnableSecurityFilters -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\TcpMaxDataRetransmissions -> 5 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\Tcp1323Opts -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\TcpWindowSize -> 262144 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpDomain -> cfl.rr.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer -> 65.32.5.111 65.32.5.112 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp\\LLInterface -> WANARP -> 
*IpConfig* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp\\IpConfig -> 
Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5} ->  -> File not found
Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426} ->  -> File not found
Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E} ->  -> File not found
Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A} ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp\\NumInterfaces -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp\\IpInterfaces -> 8E B4 CF 17 73 1A 30 4D 97 12 D6 23 42 CB 40 E5 B3 8C 24 1E 17 5F CD 4E B6 49 D0 77 15 EF 64 26 11 BC 3F 2F E4 BC C3 48 B1 FD 4F 26 44 E4 5B 6E 19 02 38 A9 19 E4 CB 42 9D F9 E0 A6 29 D0 17 0A  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\LLInterface ->  -> 
*IpConfig* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\IpConfig -> 
Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1} ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\LLInterface ->  -> 
*IpConfig* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\IpConfig -> 
Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC} ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\LLInterface ->  -> 
*IpConfig* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\IpConfig -> 
Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36} ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\EnableDHCP -> 0 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\EnableDeadGWDetect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\DontAddDefaultGateway -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\RegisterAdapterName -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\RegistrationEnabled -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\DhcpIPAddress -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\DhcpSubnetMask -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17CFB48E-1A73-4D30-9712-D62342CB40E5}\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\EnableDHCP -> 0 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\EnableDeadGWDetect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\DontAddDefaultGateway -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\NTEContextList ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\DhcpClassIdBin -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\DhcpIPAddress -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\DhcpSubnetMask -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\RegistrationEnabled -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E248CB3-5F17-4ECD-B649-D07715EF6426}\\RegisterAdapterName -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\EnableDHCP -> 0 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\EnableDeadGWDetect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\DontAddDefaultGateway -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\NTEContextList ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\DhcpIPAddress -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\DhcpSubnetMask -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\RegistrationEnabled -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\RegisterAdapterName -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2F3FBC11-BCE4-48C3-B1FD-4F2644E45B6E}\\DhcpClassIdBin -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\EnableDeadGWDetect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\EnableDHCP -> 1 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\DefaultGatewayMetric ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\RegistrationEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\RegisterAdapterName -> 0 -> 
*TCPAllowedPorts* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\TCPAllowedPorts -> 
0 ->  -> File not found
*MultiFile Done* -> -> 
*UDPAllowedPorts* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\UDPAllowedPorts -> 
0 ->  -> File not found
*MultiFile Done* -> -> 
*RawIPAllowedProtocols* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\RawIPAllowedProtocols -> 
0 ->  -> File not found
*MultiFile Done* -> -> 
*NTEContextList* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\NTEContextList -> 
0x00000002 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\DhcpClassIdBin -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\DhcpServer -> 255.255.255.255 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\Lease -> 3600 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\LeaseObtainedTime -> 1203548145 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\T1 -> 1203549945 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\T2 -> 1203551295 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\LeaseTerminatesTime -> 1203551745 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\IPAutoconfigurationAddress -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\IPAutoconfigurationMask -> 255.255.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\IPAutoconfigurationSeed -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4052C8-263D-4CDB-9864-20560CDC7CE1}\\AddressType -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\EnableDeadGWDetect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\EnableDHCP -> 1 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\DefaultGatewayMetric ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\RegistrationEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\RegisterAdapterName -> 0 -> 
*TCPAllowedPorts* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\TCPAllowedPorts -> 
0 ->  -> File not found
*MultiFile Done* -> -> 
*UDPAllowedPorts* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\UDPAllowedPorts -> 
0 ->  -> File not found
*MultiFile Done* -> -> 
*RawIPAllowedProtocols* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\RawIPAllowedProtocols -> 
0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\NTEContextList ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\DhcpClassIdBin -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\DhcpServer -> 255.255.255.255 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\Lease -> 3600 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\LeaseObtainedTime -> 1131945513 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\T1 -> 1131947313 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\T2 -> 1131948663 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\LeaseTerminatesTime -> 1131949113 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\IPAutoconfigurationAddress -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\IPAutoconfigurationMask -> 255.255.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\IPAutoconfigurationSeed -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\AddressType -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\DhcpIPAddress -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C707EB5-C34E-4318-B83D-AD9342BA0DEC}\\DhcpSubnetMask -> 255.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\EnableDeadGWDetect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\EnableDHCP -> 1 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\DefaultGatewayMetric ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\RegistrationEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\RegisterAdapterName -> 0 -> 
*TCPAllowedPorts* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\TCPAllowedPorts -> 
0 ->  -> File not found
*MultiFile Done* -> -> 
*UDPAllowedPorts* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\UDPAllowedPorts -> 
0 ->  -> File not found
*MultiFile Done* -> -> 
*RawIPAllowedProtocols* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\RawIPAllowedProtocols -> 
0 ->  -> File not found
*MultiFile Done* -> -> 
*NTEContextList* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\NTEContextList -> 
0x00000003 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\DhcpClassIdBin -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\DhcpServer -> 192.168.1.1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\Lease -> 86400 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\LeaseObtainedTime -> 1213527791 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\T1 -> 1213570991 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\T2 -> 1213603391 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\LeaseTerminatesTime -> 1213614191 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\IPAutoconfigurationAddress -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\IPAutoconfigurationMask -> 255.255.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\IPAutoconfigurationSeed -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\AddressType -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\DhcpIPAddress -> 192.168.1.100 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\DhcpSubnetMask -> 255.255.255.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\DhcpDomain -> cfl.rr.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\DhcpNameServer -> 65.32.5.111 65.32.5.112 -> 
*DhcpDefaultGateway* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\DhcpDefaultGateway -> 
192.168.1.1 ->  -> File not found
*MultiFile Done* -> -> 
*DhcpSubnetMaskOpt* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A26BB7D-2D0B-45B0-86B4-4F5F16D50F36}\\DhcpSubnetMaskOpt -> 
255.255.255.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\EnableDHCP -> 0 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\EnableDeadGWDetect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\DontAddDefaultGateway -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\NTEContextList ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\DhcpClassIdBin -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\DhcpIPAddress -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\DhcpSubnetMask -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\RegistrationEnabled -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9380219-E419-42CB-9DF9-E0A629D0170A}\\RegisterAdapterName -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\UseDelayedAcceptance -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\HelperDllName -> %SystemRoot%\system32\wshtcpip.dll [%SystemRoot%\System32\wshtcpip.dll] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 17408 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\MaxSockAddrLength -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\MinSockAddrLength -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\Mapping -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Close -> CloseTcpIpPerformanceData -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Collect -> CollectTcpIpPerformanceData -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Library -> %SystemRoot%\system32\perfctrs.dll [Perfctrs.dll] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 37376 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Open -> OpenTcpIpPerformanceData -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Object List -> 502 510 546 582 638 658 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapFileSignature -> 97 2E FF C8 0D 9E 80 65 39 48 98 83 D3 70 32 F5  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapFileTime -> 00 88 AB CA C9 E7 A8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapFileSize -> 37376 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapStatus -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\Class -> 8 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\DnsPriority -> 2000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\HostsPriority -> 500 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\LocalPriority -> 499 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\ProviderPath -> %SystemRoot%\system32\wsock32.dll [%SystemRoot%\System32\wsock32.dll] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 21504 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\NetbtPriority -> 2001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\Name -> TCP/IP -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\\0 -> Root\LEGACY_TCPIP\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\\NextInstance -> 1 -> 
< End of report >










Now the desktop thats dieing:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\EnableDHCP -> 1 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\DefaultGatewayMetric ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\RegistrationEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\RegisterAdapterName -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\TCPAllowedPorts ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\UDPAllowedPorts ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\RawIPAllowedProtocols ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\AddressType -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\DisableDynamicUpdate -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\UseDelayedAcceptance -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\HelperDllName -> %SystemRoot%\System32\wshtcpip.dll [%SystemRoot%\System32\wshtcpip.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19968 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\MaxSockAddrLength -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\MinSockAddrLength -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\Mapping -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Close -> CloseTcpIpPerformanceData -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Collect -> CollectTcpIpPerformanceData -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Library -> %SystemRoot%\system32\Perfctrs.dll [Perfctrs.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Open -> OpenTcpIpPerformanceData -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Object List -> 502 510 546 582 638 658 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapFileSignature -> 96 49 2C 72 1C 6E A5 17 E2 BF D5 38 1F EF 55 E3  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapFileTime -> 00 3B 83 7F 22 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapFileSize -> 39936 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapStatus -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\Class -> 8 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\DnsPriority -> 2000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\HostsPriority -> 500 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\LocalPriority -> 499 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\ProviderPath -> %SystemRoot%\System32\wsock32.dll [%SystemRoot%\System32\wsock32.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 22528 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\NetbtPriority -> 2001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\Name -> TCP/IP -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\\0 -> Root\LEGACY_TCPIP\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\\NextInstance -> 1 -> 
< End of report >

Edited by darkscout, 15 June 2008 - 02:29 PM.


#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:16 PM

Posted 15 June 2008 - 03:55 PM

Hi darkscout. There seems to be a big portion of the log for the machine that doesn't work missing. Can you post that again and make sure that it starts with the header information and ends with the <End of Report> line.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 darkscout

darkscout
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:FL
  • Local time:12:16 PM

Posted 15 June 2008 - 04:01 PM

OMG- so sorry- dunno how that happened...here's the log again... >.<;


OTScanIt logfile created on: 6/15/2008 3:17:48 PM
OTScanIt by OldTimer - Version 1.0.15.15	 Folder = C:\Documents and Settings\erin\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy
 
510.53 Mb Total Physical Memory | 244.11 Mb Available Physical Memory | 47.81% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.97 Gb Total Space | 0.88 Gb Free Space | 5.53% Space Free | Partition Type: FAT32
Drive D: | 21.24 Gb Total Space | 1.27 Gb Free Space | 5.99% Space Free | Partition Type: FAT32
Drive E: | 37.26 Gb Total Space | 0.84 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 16.35 Gb Free Space | 43.89% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALPHAE
Current User Name: erin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Manual Scans]
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip /s >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\Tag -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\ImagePath -> %SystemRoot%\system32\DRIVERS\tcpip.sys [system32\DRIVERS\tcpip.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359040 bytes | Modified Date = 8/4/2004 3:14:42 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\DisplayName -> TCP/IP Protocol Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\Group -> PNP_TDI -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\DependOnService -> 
IPSec ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\\Description -> TCP/IP Protocol Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\ -> -> 
*Bind* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\\Bind -> 
\Device\{19BE69F6-6C3A-445F-A151-83BE5128C310} ->  -> File not found
\Device\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0} ->  -> File not found
\Device\NdisWanIp ->  -> File not found
*MultiFile Done* -> -> 
*Route* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\\Route -> 
"{19BE69F6-6C3A-445F-A151-83BE5128C310}" ->  -> File not found
"{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}" ->  -> File not found
"NdisWanIp" ->  -> File not found
*MultiFile Done* -> -> 
*Export* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\\Export -> 
\Device\Tcpip_{19BE69F6-6C3A-445F-A151-83BE5128C310} ->  -> File not found
\Device\Tcpip_{F8038EEA-AC60-4873-827E-AE3D15D5F6C0} ->  -> File not found
\Device\Tcpip_{37CD993C-54CC-409E-B9E6-2563D21510C9} ->  -> File not found
\Device\Tcpip_{DAF0B353-DFCC-4C66-BEE9-03C752F3DFA4} ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\NV Hostname -> ALPHAE -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DataBasePath -> %SystemRoot%\System32\drivers\etc [%SystemRoot%\System32\drivers\etc] ->  [Folder | Modified Date = 8/6/2005 4:45:12 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\ForwardBroadcasts -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\IPEnableRouter -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\Hostname -> ALPHAE -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DeadGWDetectDefault -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\PerformRouterDiscovery -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpDomain -> cfl.rr.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer -> 65.32.5.111 65.32.5.112 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp\\LLInterface -> WANARP -> 
*IpConfig* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp\\IpConfig -> 
Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9} ->  -> File not found
Tcpip\Parameters\Interfaces\{DAF0B353-DFCC-4C66-BEE9-03C752F3DFA4} ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp\\NumInterfaces -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp\\IpInterfaces -> 3C 99 CD 37 CC 54 9E 40 B9 E6 25 63 D2 15 10 C9 53 B3 F0 DA CC DF 66 4C BE E9 03 C7 52 F3 DF A4  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{19BE69F6-6C3A-445F-A151-83BE5128C310}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\LLInterface ->  -> 
*IpConfig* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\IpConfig -> 
Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310} ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\LLInterface -> ARP1394 -> 
*IpConfig* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\IpConfig -> 
Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0} ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\EnableDeadGWDetect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\EnableDHCP -> 1 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DefaultGatewayMetric ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\RegistrationEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\RegisterAdapterName -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\TCPAllowedPorts ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\UDPAllowedPorts ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\RawIPAllowedProtocols ->  -> 
*NTEContextList* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\NTEContextList -> 
0x00000002 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DhcpClassIdBin -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DhcpServer -> 192.168.1.1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\Lease -> 86400 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\LeaseObtainedTime -> 1213552062 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\T1 -> 1213595262 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\T2 -> 1213627662 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\LeaseTerminatesTime -> 1213638462 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\AddressType -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DhcpIPAddress -> 192.168.1.105 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DhcpSubnetMask -> 255.255.255.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DhcpDomain -> cfl.rr.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DhcpNameServer -> 65.32.5.111 65.32.5.112 -> 
*DhcpDefaultGateway* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DhcpDefaultGateway -> 
192.168.1.1 ->  -> File not found
*MultiFile Done* -> -> 
*DhcpSubnetMaskOpt* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DhcpSubnetMaskOpt -> 
255.255.255.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19BE69F6-6C3A-445F-A151-83BE5128C310}\\DisableDynamicUpdate -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\EnableDHCP -> 0 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\EnableDeadGWDetect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\DontAddDefaultGateway -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\RegisterAdapterName -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\RegistrationEnabled -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\DhcpIPAddress -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\DhcpSubnetMask -> 0.0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37CD993C-54CC-409E-B9E6-2563D21510C9}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAF0B353-DFCC-4C66-BEE9-03C752F3DFA4}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAF0B353-DFCC-4C66-BEE9-03C752F3DFA4}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAF0B353-DFCC-4C66-BEE9-03C752F3DFA4}\\EnableDHCP -> 0 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAF0B353-DFCC-4C66-BEE9-03C752F3DFA4}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAF0B353-DFCC-4C66-BEE9-03C752F3DFA4}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAF0B353-DFCC-4C66-BEE9-03C752F3DFA4}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAF0B353-DFCC-4C66-BEE9-03C752F3DFA4}\\EnableDeadGWDetect -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAF0B353-DFCC-4C66-BEE9-03C752F3DFA4}\\DontAddDefaultGateway -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\UseZeroBroadcast -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\EnableDHCP -> 1 -> 
*IPAddress* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\IPAddress -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
*SubnetMask* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\SubnetMask -> 
0.0.0.0 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\DefaultGateway ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\DefaultGatewayMetric ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\NameServer ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\Domain ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\RegistrationEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\RegisterAdapterName -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\TCPAllowedPorts ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\UDPAllowedPorts ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\RawIPAllowedProtocols ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\AddressType -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8038EEA-AC60-4873-827E-AE3D15D5F6C0}\\DisableDynamicUpdate -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\UseDelayedAcceptance -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\HelperDllName -> %SystemRoot%\System32\wshtcpip.dll [%SystemRoot%\System32\wshtcpip.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19968 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\MaxSockAddrLength -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\MinSockAddrLength -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock\\Mapping -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Close -> CloseTcpIpPerformanceData -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Collect -> CollectTcpIpPerformanceData -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Library -> %SystemRoot%\system32\Perfctrs.dll [Perfctrs.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Open -> OpenTcpIpPerformanceData -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\Object List -> 502 510 546 582 638 658 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapFileSignature -> 96 49 2C 72 1C 6E A5 17 E2 BF D5 38 1F EF 55 E3  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapFileTime -> 00 3B 83 7F 22 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapFileSize -> 39936 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Performance\\WbemAdapStatus -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\Class -> 8 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\DnsPriority -> 2000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\HostsPriority -> 500 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\LocalPriority -> 499 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\ProviderPath -> %SystemRoot%\System32\wsock32.dll [%SystemRoot%\System32\wsock32.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 22528 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\NetbtPriority -> 2001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\\Name -> TCP/IP -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\\0 -> Root\LEGACY_TCPIP\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Enum\\NextInstance -> 1 -> 
< End of report >


#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:16 PM

Posted 15 June 2008 - 04:31 PM

Hi darkscout. That all looks normal. Let's look at some other things on the machine that does not work:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the None button on the toolbar.
  • In the Processes group click All
  • In the Services group click All
  • In the Drivers group click All
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 darkscout

darkscout
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:FL
  • Local time:12:16 PM

Posted 15 June 2008 - 05:00 PM

Ok- here's the log:



OTScanIt logfile created on: 6/15/2008 5:49:15 PM
OTScanIt by OldTimer - Version 1.0.15.15	 Folder = C:\Documents and Settings\erin\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy
 
510.53 Mb Total Physical Memory | 237.85 Mb Available Physical Memory | 46.59% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.97 Gb Total Space | 0.88 Gb Free Space | 5.54% Space Free | Partition Type: FAT32
Drive D: | 21.24 Gb Total Space | 1.27 Gb Free Space | 5.99% Space Free | Partition Type: FAT32
Drive E: | 37.26 Gb Total Space | 0.84 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 16.35 Gb Free Space | 43.89% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALPHAE
Current User Name: erin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - All]
smss.exe -> %SystemRoot%\System32\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
csrss.exe -> %SystemRoot%\system32\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/4/2004 4:56:50 AM | Attr =	]
winlogon.exe -> %SystemRoot%\system32\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
services.exe -> %SystemRoot%\system32\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 4:56:56 AM | Attr =	]
lsass.exe -> %SystemRoot%\system32\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:56:52 AM | Attr =	]
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
 -> %SystemRoot%\system32\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr =	]
 -> %SystemRoot%\System32\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr =	]
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
 -> %SystemRoot%\system32\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
svchost.exe -> %SystemRoot%\System32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
 -> %SystemRoot%\System32\appmgmts.dll [AppMgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 167936 bytes | Modified Date = 8/4/2004 4:56:42 AM | Attr =	]
 -> %SystemRoot%\System32\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 4:56:42 AM | Attr =	]
 -> %SystemRoot%\system32\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 4:56:42 AM | Attr =	]
 -> %SystemRoot%\System32\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 4:56:42 AM | Attr =	]
 -> %SystemRoot%\System32\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 4:56:42 AM | Attr =	]
 -> %SystemRoot%\System32\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 4:56:44 AM | Attr =	]
 -> %SystemRoot%\System32\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 4:56:44 AM | Attr =	]
 -> %SystemRoot%\System32\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 4:56:44 AM | Attr =	]
 -> %SystemRoot%\system32\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 243200 bytes | Modified Date = 8/4/2004 4:56:44 AM | Attr =	]
 -> %SystemRoot%\System32\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 134656 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr =	]
 ->  [HidServ] -> File not found
 -> %SystemRoot%\System32\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 96768 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 132096 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
 -> %SystemRoot%\System32\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 4:56:44 AM | Attr =	]
 -> %SystemRoot%\System32\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 198144 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\system32\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174080 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/7/2004 12:17:12 AM | Attr =	]
 -> %SystemRoot%\system32\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\system32\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 4:56:44 AM | Attr =	]
 -> %SystemRoot%\System32\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 134656 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\system32\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 246272 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
 -> %SystemRoot%\System32\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 134656 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\system32\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
 -> %SystemRoot%\system32\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
 -> %SystemRoot%\System32\advapi32.dll [Wmi] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 616960 bytes | Modified Date = 8/4/2004 4:56:42 AM | Attr =	]
 -> %SystemRoot%\system32\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
 -> %SystemRoot%\system32\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr =	]
 -> %SystemRoot%\System32\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
 -> %SystemRoot%\System32\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
 -> %SystemRoot%\System32\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 4:56:44 AM | Attr =	]
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
 -> %SystemRoot%\system32\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 4:56:42 AM | Attr =	]
 -> %SystemRoot%\System32\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 4:56:44 AM | Attr =	]
 -> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 4:56:46 AM | Attr =	]
 -> %SystemRoot%\System32\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 185344 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
 -> %SystemRoot%\System32\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 67584 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 5/15/2008 4:06:58 PM | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 5/15/2008 4:19:24 PM | Attr =	]
spoolsv.exe -> %SystemRoot%\system32\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57856 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
explorer.exe -> %SystemRoot%\Explorer.EXE -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 4:56:50 AM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr =	]
ctfmon.exe -> %SystemRoot%\system32\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/4/2004 4:56:50 AM | Attr =	]
lastfmhelper.exe -> E:\Last.fm\LastFMHelper.exe -> Last.fm [Ver = 1.4.2.59470 | Size = 106496 bytes | Modified Date = 1/8/2008 5:23:18 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr =	]
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
 -> %SystemRoot%\system32\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 333312 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
tablet.exe -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.94-3 | Size = 753664 bytes | Modified Date = 12/5/2005 9:00:44 PM | Attr =	]
tlntsvr.exe -> %SystemRoot%\system32\tlntsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 5/15/2008 4:19:00 PM | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 5/15/2008 4:17:00 PM | Attr =	]
inetinfo.exe -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/3/2004 8:56:52 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.15 | Size = 397312 bytes | Modified Date = 6/12/2008 12:29:06 AM | Attr =	]

[Win32 Services - All]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Disabled | Stopped] ->  -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 5/19/2006 9:04:18 AM | Attr =	]
(AdobeActiveFileMonitor) Adobe Active File Monitor [Win32_Own | Disabled | Stopped] -> E:\Adobe\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 98304 bytes | Modified Date = 10/4/2004 4:47:04 AM | Attr =	]
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
(AOL ACS) AOL Connectivity Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> America Online [Ver = 3.0.0.1 | Size = 10328 bytes | Modified Date = 10/20/2004 6:40:04 AM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr =	]
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 5/15/2008 4:06:58 PM | Attr =	]
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 5/15/2008 4:19:24 PM | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 5/15/2008 4:19:00 PM | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 5/15/2008 4:17:00 PM | Attr =	]
(BITS) Background Intelligent Transfer Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
(Browser) Computer Browser [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5632 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 4:56:48 AM | Attr =	]
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 4:56:50 AM | Attr =	]
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(Dhcp) DHCP Client [Win32_Shared | Auto | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:56:50 AM | Attr =	]
(dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 4:56:56 AM | Attr =	]
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(IISADMIN) IIS Admin [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/3/2004 8:56:52 PM | Attr =	]
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150016 bytes | Modified Date = 8/4/2004 4:56:52 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr =	]
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\mnmsrvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 32768 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr =	]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 6144 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr =	]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 5/4/2005 2:45:36 PM | Attr =	]
(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Norton AntiVirus\navapsvc.exe -> Symantec Corporation [Ver = 8.00.58 | Size = 115792 bytes | Modified Date = 8/16/2001 6:16:12 PM | Attr =	]
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 4:56:56 AM | Attr =	]
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 4:56:56 AM | Attr =	]
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:56:52 AM | Attr =	]
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:56:52 AM | Attr =	]
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(ose) Office Source Engine [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> Microsoft Corporation [Ver = 11.0.5525 | Size = 89136 bytes | Modified Date = 7/28/2003 12:28:22 PM | Attr =	]
(PhotoshopElementsDeviceConnect) Photoshop Elements Device Connect [Win32_Own | Disabled | Stopped] -> E:\Adobe\PhotoshopElementsDeviceConnect.exe ->  [Ver =  | Size = 118784 bytes | Modified Date = 10/4/2004 3:40:50 AM | Attr =	]
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 4:56:56 AM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/14/2003 6:45:02 AM | Attr =	]
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:56:52 AM | Attr =	]
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:56:52 AM | Attr =	]
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr =	]
(RemoteAccess) Routing and Remote Access [Win32_Shared | Auto | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 8/4/2004 4:56:52 AM | Attr =	]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\rsvp.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 8/7/2004 12:17:50 AM | Attr =	]
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:56:52 AM | Attr =	]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 0, 126 | Size = 54408 bytes | Modified Date = 8/13/2001 11:18:36 PM | Attr =	]
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\SCardSvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95744 bytes | Modified Date = 8/4/2004 4:56:56 AM | Attr =	]
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57856 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(SSDPSRV) SSDP Discovery Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 4:56:50 AM | Attr =	]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89600 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(TabletService) TabletService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.94-3 | Size = 753664 bytes | Modified Date = 12/5/2005 9:00:44 PM | Attr =	]
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(Themes) Themes [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(TlntSvr) Telnet [Win32_Own | Auto | Running] -> %SystemRoot%\system32\tlntsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(UMWdf) Windows User Mode Driver Framework [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wdfmgr.exe -> Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Modified Date = 1/28/2005 1:44:28 PM | Attr =	]
(upnphost) Universal Plug and Play Device Host [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18432 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:10 PM | Attr =	]
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 289792 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(W3SVC) World Wide Web Publishing [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/3/2004 8:56:52 PM | Attr =	]
(WebClient) WebClient [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(WmiApSrv) WMI Performance Adapter [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\wbem\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 126464 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr =	]
(wscsvc) Security Center [Win32_Shared | Auto | Stopped] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(wuauserv) Automatic Updates [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]
(xmlprov) Network Provisioning Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\System32\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:56:58 AM | Attr =	]

[Driver Services - All]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 5/15/2008 4:13:26 PM | Attr =	]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 12:20:04 PM | Attr =	]
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ACPI.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 187776 bytes | Modified Date = 8/4/2004 3:07:38 AM | Attr =	]
(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 8/7/2004 12:15:22 AM | Attr =	]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.2078 | Size = 142464 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(AFD) AFD [Kernel | System | Running] -> %SystemRoot%\System32\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 138496 bytes | Modified Date = 8/4/2004 3:14:16 AM | Attr =	]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\arp1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Stopped] ->  -> File not found
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\DRIVERS\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Modified Date = 5/15/2008 4:16:06 PM | Attr =	]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 5/15/2008 4:18:34 PM | Attr =	]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 5/15/2008 4:15:30 PM | Attr =	]
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 5/15/2008 4:20:32 PM | Attr =	]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 5/15/2008 4:14:12 PM | Attr =	]
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:05:04 AM | Attr =	]
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95360 bytes | Modified Date = 8/4/2004 2:59:44 AM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 2:58:32 AM | Attr =	]
(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 8/17/2001 1:59:44 PM | Attr =	]
(Beep) Beep [Kernel | System | Running] -> %SystemRoot%\System32\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/7/2004 12:15:30 AM | Attr =	]
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/7/2004 12:15:32 AM | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/7/2004 12:15:50 AM | Attr =	]
(Cdfs) Cdfs [File_System | Disabled | Running] -> %SystemRoot%\System32\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63744 bytes | Modified Date = 8/4/2004 3:14:12 AM | Attr =	]
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 2:59:54 AM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36352 bytes | Modified Date = 8/4/2004 2:59:56 AM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Running] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 3:07:18 AM | Attr =	]
(DMICall) Sony DMI Call service [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\DMICall.sys -> Sony Corporation [Ver = 1.0.01.12050 | Size = 3952 bytes | Modified Date = 8/6/2004 8:15:12 PM | Attr = R  ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 3:07:18 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/7/2004 12:15:44 AM | Attr =	]
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DMusic.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52864 bytes | Modified Date = 8/3/2004 11:07:40 PM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2944 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(Fastfat) Fastfat [File_System | Disabled | Running] -> %SystemRoot%\System32\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/4/2004 3:14:18 AM | Attr =	]
(Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27392 bytes | Modified Date = 8/4/2004 2:59:28 AM | Attr =	]
(Fips) Fips [Kernel | System | Running] -> %SystemRoot%\System32\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 8/7/2004 12:16:30 AM | Attr =	]
(Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/4/2004 2:59:28 AM | Attr =	]
(FltMgr) FltMgr [File_System | Boot | Running] -> %SystemRoot%\system32\DRIVERS\fltMgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 124800 bytes | Modified Date = 8/3/2004 7:01:20 PM | Attr =	]
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 8/7/2004 12:16:32 AM | Attr =	]
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\gameenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 10624 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr =	]
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35072 bytes | Modified Date = 8/4/2004 3:04:14 AM | Attr =	]
(HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 8/7/2004 12:16:38 AM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZid412.sys -> HP [Ver = 7, 0, 0, 0 | Size = 51056 bytes | Modified Date = 5/13/2003 11:19:52 PM | Attr = R  ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZipr12.sys -> HP [Ver = 7, 0, 0, 0 | Size = 16496 bytes | Modified Date = 5/13/2003 11:19:54 PM | Attr = R  ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZius12.sys -> HP [Ver = 7, 0, 0, 0 | Size = 21488 bytes | Modified Date = 5/13/2003 11:17:54 PM | Attr = R  ]
(HTTP) HTTP [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\HTTP.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 263040 bytes | Modified Date = 8/4/2004 3:00:14 AM | Attr =	]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52736 bytes | Modified Date = 8/4/2004 3:14:38 AM | Attr =	]
(i81x) i81x [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 161020 bytes | Modified Date = 8/3/2004 10:29:38 PM | Attr =	]
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wADV01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12415 bytes | Modified Date = 8/3/2004 10:29:38 PM | Attr =	]
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wADV02NT.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12127 bytes | Modified Date = 8/3/2004 10:29:38 PM | Attr =	]
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wADV05NT.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11775 bytes | Modified Date = 8/3/2004 10:29:38 PM | Attr =	]
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wSiINTxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12063 bytes | Modified Date = 8/3/2004 10:29:48 PM | Attr =	]
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wVchNTxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19455 bytes | Modified Date = 8/3/2004 10:29:50 PM | Attr =	]
(iAimFP5) iAimFP5 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wADV07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11807 bytes | Modified Date = 8/3/2004 10:29:40 PM | Attr =	]
(iAimFP6) iAimFP6 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wADV08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11295 bytes | Modified Date = 8/3/2004 10:29:40 PM | Attr =	]
(iAimFP7) iAimFP7 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wADV09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11871 bytes | Modified Date = 8/3/2004 10:29:42 PM | Attr =	]
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wATV01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 29311 bytes | Modified Date = 8/3/2004 10:29:42 PM | Attr =	]
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wATV02NT.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19551 bytes | Modified Date = 8/3/2004 10:29:44 PM | Attr =	]
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wATV04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 33599 bytes | Modified Date = 8/3/2004 10:29:44 PM | Attr =	]
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wCh7xxNT.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 23615 bytes | Modified Date = 8/3/2004 10:29:46 PM | Attr =	]
(iAimTV5) iAimTV5 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wATV10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Modified Date = 8/3/2004 10:29:46 PM | Attr =	]
(iAimTV6) iAimTV6 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\wATV06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 22271 bytes | Modified Date = 8/3/2004 10:29:46 PM | Attr =	]
(Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41856 bytes | Modified Date = 8/4/2004 3:00:16 AM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\intelide.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5504 bytes | Modified Date = 8/4/2004 2:59:42 AM | Attr =	]
(Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\Ip6Fw.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29056 bytes | Modified Date = 8/4/2004 3:00:08 AM | Attr =	]
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ipfltdrv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 8/7/2004 12:16:54 AM | Attr =	]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 3:04:46 AM | Attr =	]
(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 134912 bytes | Modified Date = 8/4/2004 3:04:52 AM | Attr =	]
(IPSec) IPSEC driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74752 bytes | Modified Date = 8/4/2004 3:14:30 AM | Attr =	]
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11264 bytes | Modified Date = 8/3/2004 11:00:48 PM | Attr =	]
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\isapnp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Modified Date = 8/7/2004 12:16:56 AM | Attr =	]
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 2:58:34 AM | Attr =	]
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 171776 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(KSecDD) KSecDD [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92032 bytes | Modified Date = 8/4/2004 2:59:48 AM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mnmdd) mnmdd [Kernel | System | Running] -> %SystemRoot%\System32\drivers\mnmdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/7/2004 12:17:10 AM | Attr =	]
(Modem) Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30080 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\mouhid.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 8/7/2004 12:15:50 AM | Attr =	]
(MountMgr) MountMgr [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/4/2004 2:58:32 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 181248 bytes | Modified Date = 8/4/2004 3:00:58 AM | Attr =	]
(MRxSmb) MRxSmb [File_System | System | Running] -> %SystemRoot%\system32\DRIVERS\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 451456 bytes | Modified Date = 8/4/2004 3:15:18 AM | Attr =	]
(Msfs) Msfs [File_System | System | Running] -> %SystemRoot%\System32\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19072 bytes | Modified Date = 8/4/2004 3:00:42 AM | Attr =	]
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MSKSSRV.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 7552 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MSPCLOCK.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5376 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MSPQM.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4992 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\mssmbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(ms_mpu401) Microsoft MPU-401 MIDI UART Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msmpu401.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 8/17/2001 2:00:04 PM | Attr =	]
(Mup) Mup [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 107904 bytes | Modified Date = 8/4/2004 3:15:22 AM | Attr =	]
(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 182912 bytes | Modified Date = 8/4/2004 3:14:30 AM | Attr =	]
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ndistapi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 8/7/2004 12:17:26 AM | Attr =	]
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12928 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 91776 bytes | Modified Date = 8/4/2004 3:14:32 AM | Attr =	]
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ndproxy.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 8/7/2004 12:17:26 AM | Attr =	]
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %SystemRoot%\system32\DRIVERS\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/4/2004 3:03:22 AM | Attr =	]
(NetBT) NetBT [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162816 bytes | Modified Date = 8/4/2004 3:14:38 AM | Attr =	]
(NIC1394) 1394 Net Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\nic1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61824 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(Npfs) Npfs [File_System | System | Running] -> %SystemRoot%\System32\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30848 bytes | Modified Date = 8/4/2004 3:00:44 AM | Attr =	]
(Ntfs) Ntfs [File_System | Disabled | Running] -> %SystemRoot%\System32\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 574592 bytes | Modified Date = 8/4/2004 3:15:10 AM | Attr =	]
(Null) Null [Kernel | System | Running] -> %SystemRoot%\System32\drivers\null.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 8/7/2004 12:17:32 AM | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 10:29:56 PM | Attr =	]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nwlnkflt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 8/7/2004 12:17:34 AM | Attr =	]
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nwlnkfwd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 8/7/2004 12:17:34 AM | Attr =	]
(ohci1394) Texas Instruments OHCI Compliant IEEE 1394 Host Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\ohci1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61056 bytes | Modified Date = 8/4/2004 3:10:10 AM | Attr =	]
(P3) Intel PentiumIII Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\p3.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(Parport) Parallel port driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80128 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(PartMgr) PartMgr [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\partmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/7/2004 12:17:38 AM | Attr =	]
(ParVdm) ParVdm [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\parvdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6784 bytes | Modified Date = 8/7/2004 12:17:38 AM | Attr =	]
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68224 bytes | Modified Date = 8/4/2004 3:07:48 AM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] ->  -> File not found
(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119936 bytes | Modified Date = 8/4/2004 3:07:48 AM | Attr =	]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PenClass) Pen Class [Kernel | Boot | Running] -> %SystemRoot%\system32\Drivers\PenClass.sys -> Wacom Technology Corporation [Ver = 4.00 | Size = 8138 bytes | Modified Date = 11/29/2005 9:50:42 PM | Attr =	]
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48384 bytes | Modified Date = 8/4/2004 3:14:28 AM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/7/2004 12:17:44 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.18a | Size = 20576 bytes | Modified Date = 5/10/2005 4:04:10 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\rasacd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 8832 bytes | Modified Date = 8/7/2004 12:17:46 AM | Attr =	]
(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\rasl2tp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51328 bytes | Modified Date = 8/4/2004 3:14:24 AM | Attr =	]
(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\raspppoe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41472 bytes | Modified Date = 8/4/2004 3:05:08 AM | Attr =	]
(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\raspti.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16512 bytes | Modified Date = 8/7/2004 12:17:46 AM | Attr =	]
(Rdbss) Rdbss [File_System | System | Running] -> %SystemRoot%\system32\DRIVERS\rdbss.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 176512 bytes | Modified Date = 8/4/2004 3:20:08 AM | Attr =	]
(RDPCDD) RDPCDD [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\RDPCDD.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4224 bytes | Modified Date = 8/7/2004 12:17:46 AM | Attr =	]
(rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\rdpdr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 196864 bytes | Modified Date = 8/3/2004 11:01:16 PM | Attr =	]
(RDPWD) RDPWD [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\rdpwd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 139400 bytes | Modified Date = 8/3/2004 9:01:10 PM | Attr =	]
(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\redbook.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57472 bytes | Modified Date = 8/3/2004 10:59:38 PM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\RTL8139.SYS -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 10:31:34 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 7/17/2004 3:36:38 PM | Attr =	]
(serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\serenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/4/2004 2:59:08 AM | Attr =	]
(Serial) Serial port driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\serial.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 64896 bytes | Modified Date = 8/4/2004 3:15:54 AM | Attr =	]
(Sfloppy) High-Capacity Floppy Disk Drive [Kernel | System | Stopped] -> %SystemRoot%\system32\DRIVERS\sfloppy.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11392 bytes | Modified Date = 8/4/2004 2:59:56 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\splitter.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6400 bytes | Modified Date = 8/3/2004 11:07:48 PM | Attr =	]
(sr) System Restore Filter Driver [File_System | Boot | Running] -> %SystemRoot%\system32\DRIVERS\sr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73472 bytes | Modified Date = 8/3/2004 11:06:26 PM | Attr =	]
(Srv) Srv [File_System | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\srv.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 336256 bytes | Modified Date = 8/4/2004 3:14:46 AM | Attr =	]
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\swenum.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4352 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\swmidi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 54272 bytes | Modified Date = 8/7/2004 12:15:50 AM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sysaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\tcpip.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359040 bytes | Modified Date = 8/4/2004 3:14:42 AM | Attr =	]
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\tdpipe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12040 bytes | Modified Date = 8/4/2004 1:01:08 AM | Attr =	]
(TDTCP) TDTCP [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\tdtcp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21896 bytes | Modified Date = 8/4/2004 1:01:08 AM | Attr =	]
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\termdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 40840 bytes | Modified Date = 8/4/2004 1:01:08 AM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(Udfs) Udfs [File_System | Disabled | Stopped] -> %SystemRoot%\System32\drivers\udfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66176 bytes | Modified Date = 8/4/2004 3:00:32 AM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\update.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 209408 bytes | Modified Date = 8/4/2004 2:58:34 AM | Attr =	]
(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\usbccgp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 31616 bytes | Modified Date = 8/4/2004 3:08:48 AM | Attr =	]
(usbhub) Microsoft USB Standard Hub Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\usbhub.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57600 bytes | Modified Date = 8/4/2004 3:08:44 AM | Attr =	]
(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\usbprint.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25856 bytes | Modified Date = 8/3/2004 11:01:26 PM | Attr =	]
(usbscan) USB Scanner Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\usbscan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15104 bytes | Modified Date = 8/3/2004 10:58:46 PM | Attr =	]
(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\USBSTOR.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26496 bytes | Modified Date = 8/4/2004 3:08:48 AM | Attr =	]
(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\usbuhci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/4/2004 3:08:38 AM | Attr =	]
(VgaSave) VgaSave [Kernel | System | Running] -> %SystemRoot%\System32\drivers\vga.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 3:07:08 AM | Attr =	]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(VolSnap) VolSnap [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\volsnap.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52352 bytes | Modified Date = 8/4/2004 3:00:18 AM | Attr =	]
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wanarp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/4/2004 3:04:58 AM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 1:13:04 PM | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wdmaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 82944 bytes | Modified Date = 8/4/2004 5:05:44 AM | Attr =	]
(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\wpdusb.sys -> Microsoft Corporation [Ver = 5.2.3802.3802 built by: dnsrv(bld4act) | Size = 18944 bytes | Modified Date = 1/28/2005 1:44:28 PM | Attr =	]


< End of report >


#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:16 PM

Posted 15 June 2008 - 06:30 PM

Hi darkscout. The DHCP Client service isn't running. That's probably why it won't get an address and cannot connect. Let's look at the Event logs and see what they show:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Evnt - EventViewer Errors/Warnings (last 7 days)
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary).
  • Close OTScanIt and locate the OTScanIt.txt file in the folder where OTScanIt.exe is located.
  • Attach that file back here in your next reply.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 darkscout

darkscout
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:FL
  • Local time:12:16 PM

Posted 15 June 2008 - 07:22 PM

Here's the log you asked for:



OTScanIt logfile created on: 6/15/2008 8:15:36 PM
OTScanIt by OldTimer - Version 1.0.15.15	 Folder = C:\Documents and Settings\erin\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy
 
510.53 Mb Total Physical Memory | 234.85 Mb Available Physical Memory | 46.00% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.69% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.97 Gb Total Space | 0.88 Gb Free Space | 5.53% Space Free | Partition Type: FAT32
Drive D: | 21.24 Gb Total Space | 1.27 Gb Free Space | 5.99% Space Free | Partition Type: FAT32
Drive E: | 37.26 Gb Total Space | 0.84 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 16.35 Gb Free Space | 43.89% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALPHAE
Current User Name: erin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 5/15/2008 4:06:58 PM | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 5/15/2008 4:19:24 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr =	]
lastfmhelper.exe -> E:\Last.fm\LastFMHelper.exe -> Last.fm [Ver = 1.4.2.59470 | Size = 106496 bytes | Modified Date = 1/8/2008 5:23:18 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr =	]
tablet.exe -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.94-3 | Size = 753664 bytes | Modified Date = 12/5/2005 9:00:44 PM | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 5/15/2008 4:19:00 PM | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 5/15/2008 4:17:00 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.15 | Size = 397312 bytes | Modified Date = 6/12/2008 12:29:06 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Disabled | Stopped] ->  -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 5/19/2006 9:04:18 AM | Attr =	]
(AdobeActiveFileMonitor) Adobe Active File Monitor [Win32_Own | Disabled | Stopped] -> E:\Adobe\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 98304 bytes | Modified Date = 10/4/2004 4:47:04 AM | Attr =	]
(AOL ACS) AOL Connectivity Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> America Online [Ver = 3.0.0.1 | Size = 10328 bytes | Modified Date = 10/20/2004 6:40:04 AM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr =	]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 5/15/2008 4:06:58 PM | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 5/15/2008 4:19:24 PM | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 5/15/2008 4:19:00 PM | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 5/15/2008 4:17:00 PM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:56:50 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr =	]
(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Norton AntiVirus\navapsvc.exe -> Symantec Corporation [Ver = 8.00.58 | Size = 115792 bytes | Modified Date = 8/16/2001 6:16:12 PM | Attr =	]
(PhotoshopElementsDeviceConnect) Photoshop Elements Device Connect [Win32_Own | Disabled | Stopped] -> E:\Adobe\PhotoshopElementsDeviceConnect.exe ->  [Ver =  | Size = 118784 bytes | Modified Date = 10/4/2004 3:40:50 AM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/14/2003 6:45:02 AM | Attr =	]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 0, 126 | Size = 54408 bytes | Modified Date = 8/13/2001 11:18:36 PM | Attr =	]
(TabletService) TabletService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.94-3 | Size = 753664 bytes | Modified Date = 12/5/2005 9:00:44 PM | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:10 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< erin Startup Folder > -> C:\Documents and Settings\erin\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Last.fm Helper.lnk -> E:\Last.fm\LastFMHelper.exe -> Last.fm [Ver = 1.4.2.59470 | Size = 106496 bytes | Modified Date = 1/8/2008 5:23:18 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\\NoRealMode -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun ->  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyDocs -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyPictures -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMyMusic -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory] -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 2:59:54 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD-ROM_DVD-115R________________1.25____\5&18bef761&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomSONY_CD-RW__CRX140E_____________________1.1a____\5&18bef761&0&0.1.0 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.DOS [@ECHO OFF | SmartDrv | REM [CD-ROM Drive]	   | REM [Miscellaneous]	  |  |  |  | ] -> %SystemDrive%\AUTOEXEC.DOS [ FAT32 ] ->  [Ver =  | Size = 79 bytes | Modified Date = 6/8/2000 5:00:00 PM | Attr =  HS]
AUTOEXEC.BAK [SET windir=C:\WINDOWS | SET winbootdir=C:\WINDOWS | SET COMSPEC=C:\WINDOWS\COMMAND.COM | SET PROMPT=$p$g | SET TEMP=C:\WINDOWS\TEMP | SET TMP=C:\WINDOWS\TEMP | SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;"C:\Program Files\Mts" | ] -> %SystemDrive%\AUTOEXEC.BAK [ FAT32 ] ->  [Ver =  | Size = 252 bytes | Modified Date = 9/9/2003 3:25:02 PM | Attr =  HS]
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ FAT32 ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/6/2005 5:07:44 PM | Attr =	]
< HOSTS File > (858 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
comments (such as these) may be inserted on individual -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOLTBSearch Class] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/2007 6:57:00 AM | Attr =	]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://home.microsoft.com/access/allinone.asp -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.myspace.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOLTBSearch Class] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/2007 6:57:00 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;*.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4174 domain(s) found. -> 
www_adobe.com [http] -> Trusted sites -> 
www_facebook.com [https] -> Trusted sites -> 
www_neopets.com [http] -> Trusted sites -> 
youtube.com .[http] -> Trusted sites -> 
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKEY_LOCAL_MACHINE] -> E:\Program Files\FlashGet\Jccatch.dll [IeCatch5 Class] -> FlashGet [Ver = 1, 1, 5, 0 | Size = 81920 bytes | Modified Date = 5/16/2006 4:19:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> H:\VIRUS~10\SPYBO~19\SDHelper.dll [] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NavShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 8.00.58 | Size = 102400 bytes | Modified Date = 8/16/2001 4:35:10 PM | Attr =	]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/2007 6:57:00 AM | Attr =	]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> E:\Program Files\FlashGet\fgiebar.dll [FlashGet Bar] -> Amaze Soft [Ver = 1, 2, 0, 0 | Size = 86016 bytes | Modified Date = 6/7/2005 12:06:10 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NavShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 8.00.58 | Size = 102400 bytes | Modified Date = 8/16/2001 4:35:10 PM | Attr =	]
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/2007 6:57:00 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr =	]
{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/2007 6:57:00 AM | Attr =	]
{44226DFF-747E-4edc-B30C-78752E50CD0C}:BandCLSID -> Reg Error: Value  does not exist or could not be read. [ATI TV] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %SystemDrive%\PROGRA~1\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr =	]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec -> E:\Program Files\FlashGet\flashget.exe [FlashGet] -> FlashGet.com [Ver = 1, 7, 2, 0 | Size = 1368064 bytes | Modified Date = 5/31/2006 11:55:42 PM | Attr =	]
{FB5F1910-F110-11d2-BB9E-00C04F795683}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/2007 6:57:00 AM | Attr =	]
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [ATI TV] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr =	]
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> E:\Program Files\FlashGet\flashget.exe [FlashGet] -> FlashGet.com [Ver = 1, 7, 2, 0 | Size = 1368064 bytes | Modified Date = 5/31/2006 11:55:42 PM | Attr =	]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&AOL Toolbar Search -> Reg Error: Value  does not exist or could not be read. -> File not found
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr =	]
Download All by FlashGet -> E:\Program Files\FlashGet\jc_all.htm ->  [Ver =  | Size = 575 bytes | Modified Date = 2/6/2000 12:06:06 PM | Attr =	]
Download using FlashGet -> E:\Program Files\FlashGet\jc_link.htm ->  [Ver =  | Size = 1898 bytes | Modified Date = 2/6/2000 12:06:34 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{19BE69F6-6C3A-445F-A151-83BE5128C310} ->	(D-Link DFE-538TX 10/100 Adapter) -> 
{F8038EEA-AC60-4873-827E-AE3D15D5F6C0} ->	(1394 Net Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\HPCORETECH\COMP\HPUIPROT.DLL[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/2003 8:38:40 AM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\msdxm.ocx[AsyncPProt Class] ->  [Ver =  | Size = 844314 bytes | Modified Date = 8/4/2004 2:51:04 AM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000075-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/voxacm.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{00000161-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/msaudio.cab[Reg Error: Key does not exist or could not be opened.] -> 
{0713E8D2-850A-101B-AFC0-4210102A8DA7}[HKEY_LOCAL_MACHINE] -> [Microsoft ProgressBar Control, version 5.0 (SP2)] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{32564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv8ax.cab[Reg Error: Key does not exist or could not be opened.] -> 
{32564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab[Reg Error: Key does not exist or could not be opened.] -> 
{33363249-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/i263_32.cab[Reg Error: Key does not exist or could not be opened.] -> 
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871[Java Plug-in 1.6.0_06] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38226.6352893518[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab[Java Plug-in 1.5.0_12] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4256/mcfscan.cab[McFreeScan Class] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\SYSTEM\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/ActiveSecurity.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/ActiveSecurity.ocx\\.Owner -> {75D1F3B2-2A21-11D7-97B9-0010DC -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/ActiveSecurity.ocx\\{75D1F3B2-2A21-11D7-97B9-0010DC ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\\.Owner -> {15AD4789-CDB4-47E1-A9DA-992EE8 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8 ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/AktiveSekurity.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/AktiveSekurity.ocx\\.Owner -> {0F9B4CA4-A30F-480A-841D-69B45C -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/AktiveSekurity.ocx\\{0F9B4CA4-A30F-480A-841D-69B45C ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/gsda.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/gsda.dll\\.Owner -> {70BA88C8-DAE8-4CE9-92BB-979C4A -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\\.Owner -> {B38870E4-7ECB-40DA-8C6A-595F0A -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\\{B38870E4-7ECB-40DA-8C6A-595F0A ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\\.Owner -> {30528230-99F7-4BB4-88D8-FA1D4F -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\\{30528230-99F7-4BB4-88D8-FA1D4F ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/danim.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/danim.dll\\.Owner -> {E00E9E61-A51F-11d3-BD85-0000C1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/danim.dll\\{E00E9E61-A51F-11d3-BD85-0000C1 ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/danim.dll\\{48DBB0E4-0DC6-11d1-8177-00AA00 ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/danim.dll\\My Little Pony ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/danim.dll\\GottaGroove ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/ddrawex.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/ddrawex.dll\\.Owner -> 22d6f312-b0f6-11d0-94ab-0080c74 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/ddrawex.dll\\{E00E9E61-A51F-11d3-BD85-0000C1 ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/ddrawex.dll\\My Little Pony ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/ddrawex.dll\\GottaGroove ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/iuctl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/iuctl.dll\\.Owner -> {9F1C11AA-197B-4942-BA54-47A848 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/iuctl.dll\\{9F1C11AA-197B-4942-BA54-47A848 ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/iuengine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/iuengine.dll\\.Owner -> {9F1C11AA-197B-4942-BA54-47A848 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/iuengine.dll\\{9F1C11AA-197B-4942-BA54-47A848 ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/quartz.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/quartz.dll\\.Owner -> {4112DF42-0DCB-11d1-8177-00AA00 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/quartz.dll\\{22d6f312-b0f6-11d0-94ab-0080c7 ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/quartz.dll\\{E00E9E61-A51F-11d3-BD85-0000C1 ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/quartz.dll\\My Little Pony ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Software/Microsoft/Windows/CurrentVersion/ModuleUsage/C:/WINDOWS/SYSTEM/quartz.dll\\GottaGroove ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< EventViewer Logs > -> Errors and Warnings -> Description
Application - Warning - 6/8/2008 11:44:05 PM -> Computer Name = ALPHAE - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = 
Application - Warning - 6/11/2008 10:45:33 PM -> Computer Name = ALPHAE - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = 
Application - Warning - 6/12/2008 11:47:57 AM -> Computer Name = ALPHAE - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = 
Application - Warning - 6/12/2008 5:36:59 PM -> Computer Name = ALPHAE - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = 
Application - Warning - 6/13/2008 11:10:44 PM -> Computer Name = ALPHAE - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = 
Application - Warning - 6/14/2008 6:57:44 PM -> Computer Name = ALPHAE - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = 
System - Error - 6/9/2008 6:43:08 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = RemoteAccess -> Description = Unable to add the interface F8038EEA-AC60-4873-827E-AE3D15D5F6C0 with the Router Manager for the IP protocol Thefollowing error occurred Cannot complete this function
System - Warning - 6/9/2008 8:22:13 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized
System - Error - 6/11/2008 6:16:25 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = RemoteAccess -> Description = Unable to add the interface F8038EEA-AC60-4873-827E-AE3D15D5F6C0 with the Router Manager for the IP protocol Thefollowing error occurred Cannot complete this function
System - Error - 6/12/2008 7:19:20 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = RemoteAccess -> Description = Unable to add the interface F8038EEA-AC60-4873-827E-AE3D15D5F6C0 with the Router Manager for the IP protocol Thefollowing error occurred Cannot complete this function
System - Error - 6/12/2008 9:52:53 AM -> Computer Name = ALPHAE - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Error - 6/12/2008 9:52:54 AM -> Computer Name = ALPHAE - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Error - 6/12/2008 9:53:30 AM -> Computer Name = ALPHAE - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Error - 6/12/2008 10:08:46 AM -> Computer Name = ALPHAE - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Error - 6/12/2008 10:46:25 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681102 for the Network Card with network address 0050BA864FAF has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message)
System - Error - 6/12/2008 10:47:34 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = RemoteAccess -> Description = Unable to add the interface F8038EEA-AC60-4873-827E-AE3D15D5F6C0 with the Router Manager for the IP protocol Thefollowing error occurred Cannot complete this function
System - Error - 6/12/2008 5:34:07 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0050BA864FAF has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message)
System - Error - 6/12/2008 7:02:48 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0050BA864FAF has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message)
System - Error - 6/13/2008 4:14:35 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = atapi -> Description = The device DeviceIdeIdePort0 did not respond within the timeout period
System - Error - 6/13/2008 4:16:17 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = atapi -> Description = The device DeviceIdeIdePort0 did not respond within the timeout period
System - Error - 6/13/2008 4:19:45 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = atapi -> Description = The device DeviceIdeIdePort0 did not respond within the timeout period
System - Error - 6/13/2008 5:23:27 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = atapi -> Description = The device DeviceIdeIdePort0 did not respond within the timeout period
System - Error - 6/13/2008 7:51:21 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = atapi -> Description = The device DeviceIdeIdePort0 did not respond within the timeout period
System - Error - 6/13/2008 7:51:21 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = atapi -> Description = The driver detected a controller error on DeviceIdeIdePort0
System - Warning - 6/13/2008 8:42:51 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized
System - Error - 6/13/2008 2:03:21 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = Disk -> Description = The device DeviceHarddisk0D has a bad block
System - Error - 6/13/2008 2:03:28 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = Disk -> Description = The device DeviceHarddisk0D has a bad block
Antivirus - Error - 6/9/2008 6:42:53 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/9/2008 6:42:53 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/9/2008 6:42:53 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/11/2008 6:16:02 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/11/2008 6:16:02 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/11/2008 6:16:02 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 7:19:06 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 7:19:06 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 7:19:06 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 10:46:45 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 10:46:45 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 10:46:45 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Warning - 6/12/2008 11:45:32 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Sign of Win32PurityScan-Q Trj has been found in cdocume1erinapplic1wnsxs1spool32exeUPX file
Antivirus - Warning - 6/12/2008 11:46:10 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Sign of Win32Adware-gen Adw has been found in cprogram filesnetwork monitornetmonexe file
Antivirus - Warning - 6/12/2008 11:46:17 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Sign of Win32Rootkit-gen Rtk has been found in cwindows444470UPX file
Antivirus - Warning - 6/12/2008 11:46:21 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Sign of Win32Trojan-gen Other has been found in cwindowscyaasappsrvdll file
Antivirus - Warning - 6/12/2008 11:46:26 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Sign of Win32Adware-gen Adw has been found in cwindowscyacommandexe file
Antivirus - Error - 6/12/2008 1:48:27 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 1:48:27 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 1:48:27 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 7:03:07 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 7:03:07 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/12/2008 7:03:07 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/13/2008 9:23:26 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/13/2008 9:23:30 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/13/2008 9:23:31 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Warning - 6/13/2008 9:26:34 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Sign of Win32Trojan-gen Other has been found in cwindowssystem32iftuyszvexeUPX file
Antivirus - Error - 6/13/2008 3:17:14 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/13/2008 3:17:14 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/13/2008 3:17:14 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 7:59:00 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 7:59:00 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 7:59:00 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 3:31:37 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 3:31:40 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 3:31:40 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 7:07:31 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 7:07:33 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 7:07:33 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 9:48:03 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 9:48:03 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/14/2008 9:48:03 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/15/2008 9:48:24 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Instant Messaging provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/15/2008 9:48:25 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error P2P provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Error - 6/15/2008 9:48:25 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = AAVM - initialization error Standard Shield provider cannot start because Norton Antivirus  Symantec Antivirus is active 00000000
Antivirus - Warning - 6/15/2008 10:56:07 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 6/15/2008 11:09:44 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 6/15/2008 11:29:42 AM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 6/15/2008 12:11:42 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 6/15/2008 12:47:16 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 6/15/2008 1:13:57 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 6/15/2008 1:25:55 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004
Antivirus - Warning - 6/15/2008 5:30:12 PM -> Computer Name = ALPHAE - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004


[Files/Folders - Created Within 30 days]
FOUND.000 -> %SystemDrive%\FOUND.000 ->  [Folder | Created Date = 6/15/2008 1:06:12 PM | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 6/14/2008 7:46:08 PM | Attr =	]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 6/15/2008 11:51:08 AM | Attr =	]
aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Created Date = 6/13/2008 10:18:47 AM | Attr =	]
aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Created Date = 6/13/2008 10:18:47 AM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/14/2008 10:24:53 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/14/2008 10:24:54 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 6/14/2008 10:24:54 PM | Attr =	]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Created Date = 6/14/2008 4:34:35 PM | Attr =  H ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 6/14/2008 7:46:15 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
FOUND.000 -> %SystemDrive%\FOUND.000 ->  [Folder | Modified Date = 6/15/2008 1:06:12 PM | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 6/14/2008 7:46:10 PM | Attr =	]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 6/15/2008 11:51:10 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 535400448 bytes | Modified Date = 6/15/2008 2:22:20 PM | Attr =  HS]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 6/14/2008 7:19:58 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 6/15/2008 10:50:54 AM | Attr =	]
tablet.dat -> %SystemRoot%\System32\tablet.dat ->  [Ver =  | Size = 16106 bytes | Modified Date = 6/15/2008 2:24:54 PM | Attr =	]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 6/13/2008 10:18:48 AM | Attr =	]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Modified Date = 6/14/2008 4:34:36 PM | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 6/15/2008 2:22:26 PM | Attr =   S]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 982 bytes | Modified Date = 6/14/2008 10:02:40 PM | Attr =	]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP ->  [Ver =  | Size = 535429120 bytes | Modified Date = 6/14/2008 8:05:46 PM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 6/14/2008 7:46:16 PM | Attr =	]
pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 22 bytes | Modified Date = 6/14/2008 10:03:12 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 710 bytes | Modified Date = 6/14/2008 7:19:58 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1917 bytes | Modified Date = 6/14/2008 7:19:58 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 6/15/2008 2:22:38 PM | Attr =  H ]
Tune-up Application Start.job -> %SystemRoot%\tasks\Tune-up Application Start.job ->  [Ver =  | Size = 502 bytes | Modified Date = 6/7/2008 11:00:02 PM | Attr =	]
Maintenance-Defragment programs.job -> %SystemRoot%\tasks\Maintenance-Defragment programs.job ->  [Ver =  | Size = 486 bytes | Modified Date = 6/9/2008 9:00:04 PM | Attr =	]
Maintenance-Disk cleanup.job -> %SystemRoot%\tasks\Maintenance-Disk cleanup.job ->  [Ver =  | Size = 524 bytes | Modified Date = 6/1/2008 8:30:02 PM | Attr =	]
HP Usg Daily.job -> %SystemRoot%\tasks\HP Usg Daily.job ->  [Ver =  | Size = 340 bytes | Modified Date = 6/15/2008 5:37:02 PM | Attr =	]
PCHealth Scheduler for Data Collection.job -> %SystemRoot%\tasks\PCHealth Scheduler for Data Collection.job ->  [Ver =  | Size = 354 bytes | Modified Date = 6/15/2008 8:11:04 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 6/12/2008 9:27:02 PM | Attr =	]
RegSweep Scheduled Scan.job -> %SystemRoot%\tasks\RegSweep Scheduled Scan.job ->  [Ver =  | Size = 384 bytes | Modified Date = 6/15/2008 3:30:02 AM | Attr =	]
RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 370 bytes | Modified Date = 6/5/2008 3:00:02 AM | Attr =	]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 436 bytes | Modified Date = 6/15/2008 5:00:02 PM | Attr =	]
Norton AntiVirus - Scan my computer.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer.job ->  [Ver =  | Size = 462 bytes | Modified Date = 6/13/2008 8:00:02 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 8/6/2005 5:13:24 PM | Attr =	]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1303 bytes | Modified Date = 8/13/2005 10:25:20 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 10/19/2005 7:46:28 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 10/19/2005 7:52:18 PM | Attr =	]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 4/23/2005 2:15:42 PM | Attr =	]
Perflib_Perfdata_3b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3b8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/15/2008 2:22:40 PM | Attr =	]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

< End of report >



I noticed alot of Norton stuff, but I thought I had uninstalled and deleted it..... :/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users