Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
15 replies to this topic

#1 The Indian Guy

The Indian Guy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 09 August 2008 - 11:55 PM

my computer has been running slow lately; i'm positive i have a couple viruses. i've noticed a dramatic slow down in my computers performance and an occasional virus picked up by my anti virus program (norton). anyways, here is a hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:27 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Hiraga\Desktop\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\ijji\ENGLISH\u_gunz.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Documents and Settings\Hiraga\Desktop\HiJackThis.exe

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] "C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" /StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{1DCC7~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{1DCC7~1\reboot.ini
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Hiraga\Desktop\Ares.exe" -h
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8704 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 17 August 2008 - 07:11 PM

Hello, The Indian Guy.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

In your next reply, please include the following:
  • OTScanIt report

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 21 August 2008 - 06:36 PM

Hello, The Indian Guy.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 23 August 2008 - 02:39 PM

User returned;, Topic reopened.

Please post your log(s) below :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 The Indian Guy

The Indian Guy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 23 August 2008 - 05:18 PM

OTScanIt logfile created on: 8/23/2008 3:11:26 PM
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Hiraga\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 150.61 Mb Available Physical Memory | 29.48% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 64.15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.16 Gb Free Space | 21.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ATSUSHI-4CDBEF0
Current User Name: Hiraga
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 107.0.1.2 | Size = 211816 bytes | Modified Date = 9/19/2007 5:25:32 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:18 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 5:06:33 PM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
devsvc.exe -> %CommonProgramFiles%\InterVideo\DeviceService\DevSvc.exe -> InterVideo Inc. [Ver = 1.0.0.1 | Size = 198168 bytes | Modified Date = 3/6/2007 10:35:02 AM | Attr = ]
mysqld-nt.exe -> %ProgramFiles%\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -> [Ver = | Size = 5750784 bytes | Modified Date = 4/17/2008 7:13:44 PM | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4482 | Size = 73728 bytes | Modified Date = 6/24/2003 7:32:00 PM | Attr = ]
pen_tablet.exe -> %SystemRoot%\system32\Pen_Tablet.exe -> Wacom Technology, Corp. [Ver = 5.0.5-7 | Size = 1373480 bytes | Modified Date = 9/7/2007 11:16:18 AM | Attr = ]
pen_tabletuser.exe -> %SystemRoot%\system32\WTablet\Pen_TabletUser.exe -> Wacom Technology, Corp. [Ver = 5.0.5-7 | Size = 132392 bytes | Modified Date = 9/7/2007 11:16:50 AM | Attr = ]
pen_tablet.exe -> %SystemRoot%\system32\Pen_Tablet.exe -> Wacom Technology, Corp. [Ver = 5.0.5-7 | Size = 1373480 bytes | Modified Date = 9/7/2007 11:16:18 AM | Attr = ]
ezsp_px.exe -> %SystemRoot%\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 11:29:26 AM | Attr = ]
ceekey.exe -> %ProgramFiles%\Toshiba\E-KEY\CeEKey.exe -> COMPAL ELECTRONIC INC. [Ver = 2, 0, 0, 16 | Size = 638976 bytes | Modified Date = 6/9/2003 8:07:44 PM | Attr = ]
dragdrop.exe -> %ProgramFiles%\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe -> [Ver = 3, 0, 0, 0 | Size = 1171456 bytes | Modified Date = 7/8/2003 10:21:58 PM | Attr = ]
hpwuschd.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 2 | Size = 49152 bytes | Modified Date = 6/25/2003 12:24:48 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 289064 bytes | Modified Date = 7/10/2008 10:51:32 AM | Attr = ]
ares.exe -> %UserProfile%\Desktop\Ares.exe -> Ares Development Group [Ver = 2.0.9.3030 | Size = 962560 bytes | Modified Date = 12/31/2007 7:29:04 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.31.0.147 | Size = 233472 bytes | Modified Date = 7/7/2003 1:20:40 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 532264 bytes | Modified Date = 7/10/2008 10:51:22 AM | Attr = ]
teamviewer.exe -> %ProgramFiles%\TeamViewer3\TeamViewer.exe -> TeamViewer GmbH [Ver = 3.6.4606.0 | Size = 3029800 bytes | Modified Date = 6/20/2008 4:32:22 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.16: 2008070205 | Size = 7667312 bytes | Modified Date = 7/16/2008 7:23:00 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 2/24/2008 11:49:50 AM | Attr = ]
aupdate.exe -> %ProgramFiles%\Symantec\LiveUpdate\AUPDATE.EXE -> Symantec Corporation [Ver = 3.4.1.232 | Size = 308600 bytes | Modified Date = 2/9/2008 5:06:15 PM | Attr = ]
lucomserver_3_4.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.238 | Size = 3220856 bytes | Modified Date = 8/4/2008 11:20:16 AM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 8/14/2008 6:22:04 PM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:18 AM | Attr = ]
(AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.7.3029 | Size = 263168 bytes | Modified Date = 3/19/2007 6:19:14 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 5:06:33 PM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
(Capture Device Service) Capture Device Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\DeviceService\DevSvc.exe -> InterVideo Inc. [Ver = 1.0.0.1 | Size = 198168 bytes | Modified Date = 3/6/2007 10:35:02 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 107.0.1.2 | Size = 211816 bytes | Modified Date = 9/19/2007 5:25:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 8/22/2007 1:21:30 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 5:12:17 PM | Attr = ]
(GoogleDesktopManager-022208-143751) Google Desktop Manager 5.7.802.22438 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.802.22438 | Size = 29744 bytes | Modified Date = 5/20/2008 8:52:34 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/22/2008 11:10:04 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 532264 bytes | Modified Date = 7/10/2008 10:51:22 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.238 | Size = 3220856 bytes | Modified Date = 8/4/2008 11:20:16 AM | Attr = ]
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 6:47:02 PM | Attr = ]
(MySQL) MySQL [Win32_Own | Auto | Running] -> %ProgramFiles%\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -> [Ver = | Size = 5750784 bytes | Modified Date = 4/17/2008 7:13:44 PM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4482 | Size = 73728 bytes | Modified Date = 6/24/2003 7:32:00 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\hpzipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 8/11/2003 1:07:38 AM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 2/24/2008 11:49:50 AM | Attr = ]
(TabletServicePen) TabletServicePen [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Pen_Tablet.exe -> Wacom Technology, Corp. [Ver = 5.0.5-7 | Size = 1373480 bytes | Modified Date = 9/7/2007 11:16:18 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Modified Date = 10/7/2004 6:16:04 PM | Attr = ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5210 | Size = 740044 bytes | Modified Date = 5/14/2003 7:44:06 PM | Attr = ]
(AR5211) SMC Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ar5211.sys -> Atheros Communications, Inc. [Ver = 5.3.0.18 | Size = 543712 bytes | Modified Date = 3/27/2007 6:27:02 AM | Attr = ]
(COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23888 bytes | Modified Date = 7/30/2008 5:42:12 PM | Attr = ]
(CO_Mon) CO_Mon [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CO_Mon.sys -> Symantec Corporation [Ver = 2007.1.1.99 | Size = 36056 bytes | Modified Date = 8/8/2007 5:39:56 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 11:44:48 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 11:44:46 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 108.2.1.3 | Size = 371248 bytes | Modified Date = 8/18/2008 1:00:00 AM | Attr = ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 108.2.1.3 | Size = 99376 bytes | Modified Date = 8/18/2008 1:00:00 AM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ]
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 8/10/2008 1:05:11 PM | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 3 | Size = 49920 bytes | Modified Date = 1/19/2007 12:46:10 PM | Attr = ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 16496 bytes | Modified Date = 1/19/2007 12:46:10 PM | Attr = ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 21568 bytes | Modified Date = 1/19/2007 12:46:12 PM | Attr = ]
(MDC8021X) WPA Security Protocol (IEEE 802.1x) v2.2.0.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2,2,0,0 | Size = 11861 bytes | Modified Date = 1/2/2008 8:32:55 AM | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080823.004\NAVENG.SYS -> Symantec Corporation [Ver = 20081.2.0.36 | Size = 89104 bytes | Modified Date = 8/20/2008 1:00:00 AM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080823.004\NAVEX15.SYS -> Symantec Corporation [Ver = 20081.2.0.36 | Size = 873552 bytes | Modified Date = 8/20/2008 1:00:00 AM | Attr = ]
(npkcrypt) npkcrypt [Kernel | Auto | Running] -> %SystemDrive%\Nexon\MapleStory\npkcrypt.sys -> INCA Internet Co., Ltd. [Ver = 2006. 11. 20. 1 | Size = 23217 bytes | Modified Date = 5/19/2008 5:36:28 PM | Attr = ]
(npkcusb) npkcusb [Kernel | On_Demand | Running] -> %SystemDrive%\Nexon\MapleStory\npkcusb.sys -> INCA Internet Co., Ltd. [Ver = 2006. 11. 9. 1 | Size = 15472 bytes | Modified Date = 5/19/2008 5:36:26 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.4482 | Size = 1326203 bytes | Modified Date = 6/24/2003 7:32:00 PM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.53a | Size = 17136 bytes | Modified Date = 6/3/2003 3:02:00 AM | Attr = ]
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5.681.1120.2007 built by: WinDDK | Size = 104320 bytes | Modified Date = 11/20/2007 12:09:22 PM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 3:31:34 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr = ]
(SMCIRDA) SMC IrCC Miniport Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smcirda.sys -> SMC [Ver = 5.1.2462.0 | Size = 35913 bytes | Modified Date = 4/23/2002 2:08:12 PM | Attr = ]
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 4.1.0.12 | Size = 447024 bytes | Modified Date = 1/16/2008 9:05:42 PM | Attr = ]
(SRTSP) SRTSP [File_System | System | Running] -> %SystemRoot%\system32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 279088 bytes | Modified Date = 1/31/2008 6:51:16 PM | Attr = ]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 317616 bytes | Modified Date = 1/31/2008 6:51:16 PM | Attr = ]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 43696 bytes | Modified Date = 1/31/2008 6:51:16 PM | Attr = ]
(SrvcEKIOMngr) SrvcEKIOMngr [Kernel | System | Running] -> %SystemRoot%\system32\drivers\EKIOMngr.sys -> COMPAL ELECTRONIC INC. [Ver = 1, 0, 0, 4 | Size = 5888 bytes | Modified Date = 12/18/2002 8:56:32 PM | Attr = ]
(SrvcSSIOMngr) SrvcSSIOMngr [Kernel | System | Running] -> %SystemRoot%\system32\drivers\SSIOMngr.sys -> COMPAL ELECTRONIC INC. [Ver = 1, 0, 0, 4 | Size = 5888 bytes | Modified Date = 12/18/2002 8:56:34 PM | Attr = ]
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 13616 bytes | Modified Date = 2/5/2008 12:34:44 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 6/10/2008 6:49:07 PM | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 96432 bytes | Modified Date = 2/5/2008 12:34:44 PM | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 38576 bytes | Modified Date = 2/5/2008 12:34:44 PM | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ipsdefs\20080818.001\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 2/13/2008 9:18:19 AM | Attr = ]
(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SymIM.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 31408 bytes | Modified Date = 2/6/2008 2:43:54 PM | Attr = ]
(SymIMMP) SymIMMP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SymIM.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 31408 bytes | Modified Date = 2/6/2008 2:43:54 PM | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 37424 bytes | Modified Date = 2/5/2008 12:34:44 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 22320 bytes | Modified Date = 2/5/2008 12:34:44 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 8.0.1.17 | Size = 188464 bytes | Modified Date = 2/5/2008 12:34:44 PM | Attr = ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 29, 0, 0 | Size = 32000 bytes | Modified Date = 7/10/2008 9:35:22 AM | Attr = ]
(USBIO) USBIO Driver (usbio.sys) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbio.sys -> Thesycon GmbH, Germany [Ver = 1.42.572 | Size = 19805 bytes | Modified Date = 5/7/2001 3:56:02 AM | Attr = R ]
(wacommousefilter) Wacom Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wacommousefilter.sys -> Wacom Technology [Ver = 1.2.0002.0 | Size = 11312 bytes | Modified Date = 2/16/2007 12:12:36 PM | Attr = ]
(wacomvhid) Wacom Virtual Hid Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wacomvhid.sys -> Wacom Technology [Ver = 2.8.0000.0 | Size = 12848 bytes | Modified Date = 2/16/2007 11:30:12 AM | Attr = ]
(WacomVKHid) Virtual Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WacomVKHid.sys -> Wacom Technology [Ver = 1.1.0000.0 | Size = 11440 bytes | Modified Date = 2/15/2007 5:11:28 PM | Attr = ]
(zntport) NTPort Library Driver [Kernel | Auto | Stopped] -> %SystemRoot%\system32\zntport.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr = ]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:28 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 107.0.4.2 | Size = 51048 bytes | Modified Date = 1/25/2008 6:47:22 PM | Attr = ]
CeEKEY -> %ProgramFiles%\Toshiba\E-KEY\CeEKey.exe ["C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"] -> COMPAL ELECTRONIC INC. [Ver = 2, 0, 0, 16 | Size = 638976 bytes | Modified Date = 6/9/2003 8:07:44 PM | Attr = ]
Drag'n Drop CD+DVD -> %ProgramFiles%\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe ["C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" /StartUp] -> [Ver = 3, 0, 0, 0 | Size = 1171456 bytes | Modified Date = 7/8/2003 10:21:58 PM | Attr = ]
DXDllRegExe -> [dxdllreg.exe] -> File not found
ezShieldProtector for Px -> %SystemRoot%\system32\ezSP_Px.exe [C:\WINDOWS\system32\ezSP_Px.exe] -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 11:29:26 AM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd.exe ["C:\Program Files\HP\HP Software Update\HPWuSchd.exe"] -> Hewlett-Packard [Ver = 1, 0, 0, 2 | Size = 49152 bytes | Modified Date = 6/25/2003 12:24:48 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.0.43 | Size = 289064 bytes | Modified Date = 7/10/2008 10:51:32 AM | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.4482 | Size = 4800512 bytes | Modified Date = 6/24/2003 7:32:00 PM | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe ["nwiz.exe" /install] -> NVIDIA Corporation [Ver = 6.14.10.4482 | Size = 323584 bytes | Modified Date = 6/24/2003 7:32:00 PM | Attr = ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> Symantec Corporation [Ver = 15.5.0.32 | Size = 718704 bytes | Modified Date = 2/6/2008 11:49:38 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ]
UVS11 Preload -> %ProgramFiles%\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe] -> InterVideo Digital Technology Corporation [Ver = 9.0 | Size = 341488 bytes | Modified Date = 3/3/2007 2:12:32 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ares -> %UserProfile%\Desktop\Ares.exe ["C:\Documents and Settings\Hiraga\Desktop\Ares.exe" -h] -> Ares Development Group [Ver = 2.0.9.3030 | Size = 962560 bytes | Modified Date = 12/31/2007 7:29:04 AM | Attr = ]
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.31.0.147 | Size = 233472 bytes | Modified Date = 7/7/2003 1:20:40 AM | Attr = ]
< Hiraga Startup Folder > -> C:\Documents and Settings\Hiraga\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 8:16:50 PM | Attr = ]
%UserProfile%\Start Menu\Programs\Startup\hamachi.lnk -> %ProgramFiles%\Hamachi\hamachi.exe -> LogMeIn Inc. [Ver = 1, 0, 2, 5 | Size = 624416 bytes | Modified Date = 8/10/2008 1:05:04 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 5:12:19 PM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 5:12:38 PM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 5:12:24 PM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 5:12:41 PM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 11:40:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATbleepA_DVD-RAM_UJ-811_________________H100____\5&297443ff&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/25/2007 3:39:35 PM | Attr = ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://microsoft.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 6/30/2008 1:44:04 PM | Attr = ]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 2/24/2008 11:50:55 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 6/30/2008 1:44:04 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 6/30/2008 1:44:04 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Download All by Gigaget -> %ProgramFiles%\Giganology\Gigaget\getAllurl.htm -> [Ver = | Size = 886 bytes | Modified Date = 12/30/2005 12:32:54 PM | Attr = ]
&Download by Gigaget -> %ProgramFiles%\Giganology\Gigaget\geturl.htm -> [Ver = | Size = 2239 bytes | Modified Date = 12/30/2005 7:28:14 PM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6F55023F-C592-4521-A926-D3E6E85DE0DD} -> (802.11g Wireless Cardbus Adapter) ->
{7A0E6636-CDBB-4668-98CE-C3F85D438557} -> () ->
{8548DC57-7288-45AC-B52A-790B06A15A56} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{8E3DC1DE-35FE-4CAE-AA17-784BA7FE9F85} -> (1394 Net Adapter) ->
{90703E80-0546-45DA-9B20-0FA428EC04B8} -> () ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/7.../OGAControl.cab[Office Genuine Advantage Validation Tool] ->
{11260943-421B-11D0-8EAC-0000C07D88CF}[HKEY_LOCAL_MACHINE] -> http://www.ipix.com/viewers/ipixx.cab[iPIX ActiveX Control] ->
{6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipixx.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipixx.ocx\\.Owner -> {11260943-421B-11D0-8EAC-0000C07D88CF} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipixx.ocx\\{11260943-421B-11D0-8EAC-0000C07D88CF} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\.Owner -> {6A344D34-5231-452A-8A57-D064AC9B7862} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/IPX32d56.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/IPX32d56.dll\\.Owner -> {11260943-421B-11D0-8EAC-0000C07D88CF} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/IPX32d56.dll\\{11260943-421B-11D0-8EAC-0000C07D88CF} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mm32DCMP.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mm32DCMP.DLL\\.Owner -> {11260943-421B-11D0-8EAC-0000C07D88CF} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mm32DCMP.DLL\\{11260943-421B-11D0-8EAC-0000C07D88CF} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 5:12:00 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 5:11:56 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 5:12:00 PM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 5:12:08 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1616 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 5:12:05 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 5:12:02 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> E6 21 85 F3 7F 20 29 08 DD 1D D8 8A 50 C4 9A FE 38 65 38 65 64 61 35 33 00 FD 07 00 D9 18 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 01 9D 92 46 33 FF 8E 7D B9 51 78 8E [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 06 EC 6B 00 51 F7 A2 65 60 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 26 67 FB EC 3C 83 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 84 FC B1 97 15 7E 72 07 65 FA 2E B4 8C 2F 15 3D [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 20 06 D9 5F 72 DC C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 5:12:36 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 26541 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 5:11:55 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 5:12:34 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 11:53:32 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 5:12:34 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 11:53:32 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Giganology\Gigaget\Gigaget.exe -> %ProgramFiles%\Giganology\Gigaget\Gigaget.exe [C:\Program Files\Giganology\Gigaget\Gigaget.exe:*:Enabled:Gigaget] -> Giganology Inc. [Ver = 1.0.0.23 | Size = 1485824 bytes | Modified Date = 2/15/2006 4:47:48 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Hiraga\Desktop\New Folder\Dance_downloader_us_5-12-2008.exe -> %UserProfile%\Desktop\New Folder\Dance_downloader_us_5-12-2008.exe [C:\Documents and Settings\Hiraga\Desktop\New Folder\Dance_downloader_us_5-12-2008.exe:*:Enabled:Dance Downloader] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 4/13/2008 5:12:28 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.0.43 | Size = 20246824 bytes | Modified Date = 7/10/2008 10:51:26 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 5:12:36 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 5:12:11 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 8/14/2008 9:04:20 AM | Attr = HS]
WTablet -> %SystemDrive%\WTablet -> [Folder | Created Date = 8/11/2008 8:39:44 AM | Attr = ]
usbaapl.sys -> %SystemRoot%\System32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 29, 0, 0 | Size = 32000 bytes | Created Date = 7/24/2008 10:45:01 PM | Attr = ]
CGZipLibrary.dll -> %SystemRoot%\System32\CGZipLibrary.dll -> CodeGuru [Ver = 1.00 | Size = 57344 bytes | Created Date = 8/10/2008 1:42:38 PM | Attr = ]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 7/28/2008 10:10:12 AM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
Unzip32.dll -> %SystemRoot%\System32\Unzip32.dll -> Info-ZIP [Ver = 5.4 | Size = 143360 bytes | Created Date = 8/10/2008 1:42:38 PM | Attr = ]
zip32.dll -> %SystemRoot%\System32\zip32.dll -> Info-ZIP [Ver = 2.2 | Size = 133120 bytes | Created Date = 8/10/2008 1:42:38 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 7/24/2008 4:01:24 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
MSNInstaller -> %AppData%\MSNInstaller -> [Folder | Created Date = 7/27/2008 8:18:58 AM | Attr = ]
Windows Desktop Search -> %AppData%\Windows Desktop Search -> [Folder | Created Date = 7/28/2008 10:11:15 AM | Attr = ]
os604495.bin -> %AllUsersProfile%\Documents\os604495.bin -> [Ver = | Size = 687 bytes | Created Date = 8/15/2008 1:12:03 AM | Attr = H ]
cloud strife copy.jpg -> %UserProfile%\My Documents\cloud strife copy.jpg -> [Ver = | Size = 96388 bytes | Created Date = 8/20/2008 10:04:08 PM | Attr = ]
cloud strife.psd -> %UserProfile%\My Documents\cloud strife.psd -> [Ver = | Size = 1078853 bytes | Created Date = 8/19/2008 11:20:19 PM | Attr = ]
cloud.jpg -> %UserProfile%\My Documents\cloud.jpg -> [Ver = | Size = 246147 bytes | Created Date = 8/18/2008 7:12:55 PM | Attr = ]
Converted Videos -> %UserProfile%\My Documents\Converted Videos -> [Folder | Created Date = 7/24/2008 11:48:32 PM | Attr = ]
dustin -> %UserProfile%\My Documents\dustin -> [Folder | Created Date = 8/14/2008 7:57:12 PM | Attr = ]
dustin.rar -> %UserProfile%\My Documents\dustin.rar -> [Ver = | Size = 565216330 bytes | Created Date = 8/14/2008 8:52:15 PM | Attr = ]
fire.jpg -> %UserProfile%\My Documents\fire.jpg -> [Ver = | Size = 133095 bytes | Created Date = 8/20/2008 9:59:03 PM | Attr = ]
haruhi-1.jpg -> %UserProfile%\My Documents\haruhi-1.jpg -> [Ver = | Size = 48118 bytes | Created Date = 8/22/2008 4:40:41 PM | Attr = ]
knight.jpg -> %UserProfile%\My Documents\knight.jpg -> [Ver = | Size = 293215 bytes | Created Date = 8/18/2008 6:41:33 PM | Attr = ]
marian.jpg -> %UserProfile%\My Documents\marian.jpg -> [Ver = | Size = 156695 bytes | Created Date = 8/20/2008 10:14:25 PM | Attr = ]
marian.png -> %UserProfile%\My Documents\marian.png -> [Ver = | Size = 268058 bytes | Created Date = 8/20/2008 10:16:36 PM | Attr = ]
My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Created Date = 8/4/2008 4:26:02 PM | Attr = ]
My Scans -> %UserProfile%\My Documents\My Scans -> [Folder | Created Date = 8/4/2008 4:25:22 PM | Attr = ]
New Folder -> %UserProfile%\My Documents\New Folder -> [Folder | Created Date = 8/14/2008 11:47:48 PM | Attr = ]
SchoolCouple.jpg -> %UserProfile%\My Documents\SchoolCouple.jpg -> [Ver = | Size = 205532 bytes | Created Date = 8/17/2008 8:05:55 PM | Attr = ]
stupidgoku.fla -> %UserProfile%\My Documents\stupidgoku.fla -> [Ver = | Size = 49152 bytes | Created Date = 8/15/2008 1:48:21 AM | Attr = ]
stupidgoku.gif -> %UserProfile%\My Documents\stupidgoku.gif -> [Ver = | Size = 36864 bytes | Created Date = 8/15/2008 6:12:08 PM | Attr = ]
stupidgoku.html -> %UserProfile%\My Documents\stupidgoku.html -> [Ver = | Size = 783 bytes | Created Date = 8/15/2008 6:12:28 PM | Attr = ]
stupidgoku.swf -> %UserProfile%\My Documents\stupidgoku.swf -> [Ver = | Size = 6636 bytes | Created Date = 8/15/2008 6:12:28 PM | Attr = ]
Sunset.jpg -> %UserProfile%\My Documents\Sunset.jpg -> [Ver = | Size = 52519 bytes | Created Date = 8/18/2008 5:44:26 PM | Attr = ]
Video Downloads -> %UserProfile%\My Documents\Video Downloads -> [Folder | Created Date = 7/24/2008 11:48:32 PM | Attr = ]
旅行記録.doc -> %UserProfile%\My Documents\旅行記録.doc -> [Ver = | Size = 35328 bytes | Created Date = 8/7/2008 10:27:08 AM | Attr = ]
Ben 10 Bounty Hunters.lnk -> %AllUsersProfile%\Desktop\Ben 10 Bounty Hunters.lnk -> [Ver = | Size = 1815 bytes | Created Date = 8/19/2008 8:14:36 AM | Attr = ]
Videora iPod Converter.lnk -> %AllUsersProfile%\Desktop\Videora iPod Converter.lnk -> [Ver = | Size = 1824 bytes | Created Date = 7/24/2008 11:48:32 PM | Attr = ]
Adobe Photoshop CS2 -> %UserProfile%\Desktop\Adobe Photoshop CS2 -> [Folder | Created Date = 8/14/2008 5:34:57 PM | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 8/23/2008 3:01:08 PM | Attr = ]
fsg-4_4.exe -> %UserProfile%\Desktop\fsg-4_4.exe -> [Ver = | Size = 2977280 bytes | Created Date = 8/8/2008 1:30:00 AM | Attr = ]
iTunes.lnk -> %UserProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 7/24/2008 10:53:44 PM | Attr = ]
jxpiinstall.exe -> %UserProfile%\Desktop\jxpiinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 382352 bytes | Created Date = 7/28/2008 1:22:32 PM | Attr = ]
Macromedia Flash MX.lnk -> %UserProfile%\Desktop\Macromedia Flash MX.lnk -> [Ver = | Size = 1680 bytes | Created Date = 8/15/2008 1:03:40 AM | Attr = ]
music3 -> %UserProfile%\Desktop\music3 -> [Folder | Created Date = 7/27/2008 7:08:48 PM | Attr = ]
ninja glare.mp3 -> %UserProfile%\Desktop\ninja glare.mp3 -> [Ver = | Size = 5763137 bytes | Created Date = 8/18/2008 11:04:36 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/23/2008 3:06:19 PM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 8/23/2008 3:01:49 PM | Attr = ]
settings.ini -> %UserProfile%\Desktop\settings.ini -> [Ver = | Size = 104 bytes | Created Date = 8/15/2008 8:38:23 PM | Attr = ]
Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk -> [Ver = | Size = 1787 bytes | Created Date = 7/28/2008 10:10:32 AM | Attr = ]
Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Created Date = 8/14/2008 6:22:04 PM | Attr = ]
Vbox -> %CommonProgramFiles%\Vbox -> [Folder | Created Date = 8/15/2008 12:56:13 AM | Attr = ]
AviSynth 2.5 -> %ProgramFiles%\AviSynth 2.5 -> [Folder | Created Date = 7/24/2008 11:48:38 PM | Attr = ]
Bonjour -> %ProgramFiles%\Bonjour -> [Folder | Created Date = 7/24/2008 10:47:56 PM | Attr = ]
Cartoon Network -> %ProgramFiles%\Cartoon Network -> [Folder | Created Date = 8/19/2008 8:14:23 AM | Attr = ]
e-Drome Productions -> %ProgramFiles%\e-Drome Productions -> [Folder | Created Date = 8/10/2008 1:42:37 PM | Attr = ]
Elements Online -> %ProgramFiles%\Elements Online -> [Folder | Created Date = 8/10/2008 1:22:13 PM | Attr = ]
Hamachi -> %ProgramFiles%\Hamachi -> [Folder | Created Date = 8/10/2008 1:05:02 PM | Attr = ]
iPod -> %ProgramFiles%\iPod -> [Folder | Created Date = 7/24/2008 10:48:56 PM | Attr = ]
iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 7/24/2008 10:48:42 PM | Attr = ]
Macromedia -> %ProgramFiles%\Macromedia -> [Folder | Created Date = 8/15/2008 12:55:01 AM | Attr = ]
Red Kawa -> %ProgramFiles%\Red Kawa -> [Folder | Created Date = 7/24/2008 11:48:32 PM | Attr = ]
Windows Desktop Search -> %ProgramFiles%\Windows Desktop Search -> [Folder | Created Date = 7/28/2008 10:10:12 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/20/2008 3:54:00 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535875584 bytes | Modified Date = 8/23/2008 2:46:54 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/19/2008 8:14:23 AM | Attr = ]
TDdownload -> %SystemDrive%\TDdownload -> [Folder | Modified Date = 8/19/2008 8:12:55 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/23/2008 2:48:21 PM | Attr = ]
WTablet -> %SystemDrive%\WTablet -> [Folder | Modified Date = 8/11/2008 8:39:44 AM | Attr = ]
COH_Mon.cat -> %SystemRoot%\System32\drivers\COH_Mon.cat -> [Ver = | Size = 10537 bytes | Modified Date = 7/30/2008 5:28:04 PM | Attr = ]
COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf -> [Ver = | Size = 706 bytes | Modified Date = 7/30/2008 5:28:04 PM | Attr = ]
COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23888 bytes | Modified Date = 7/30/2008 5:42:12 PM | Attr = ]
hamachi.sys -> %SystemRoot%\System32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 8/10/2008 1:05:11 PM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/23/2008 2:48:53 PM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/21/2008 9:37:26 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/10/2008 1:06:43 PM | Attr = ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 7/24/2008 10:45:01 PM | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 7/28/2008 10:10:16 AM | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 313968 bytes | Modified Date = 8/15/2008 10:27:19 AM | Attr = ]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 7/28/2008 10:10:12 AM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 79404 bytes | Modified Date = 7/28/2008 10:10:27 AM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 465770 bytes | Modified Date = 7/28/2008 10:10:27 AM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 548478 bytes | Modified Date = 7/28/2008 10:10:27 AM | Attr = ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 8/10/2008 1:05:51 PM | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 7/28/2008 10:10:12 AM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 8/23/2008 2:47:21 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/14/2008 4:45:20 PM | Attr = H ]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/23/2008 2:47:04 PM | Attr = S]
GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI -> [Ver = | Size = 32 bytes | Modified Date = 8/22/2008 10:09:36 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/21/2008 2:53:52 PM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 8/14/2008 4:41:12 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/14/2008 4:45:26 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/22/2008 3:47:55 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/20/2008 3:54:01 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/23/2008 3:11:08 PM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/22/2008 3:48:35 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/24/2008 10:45:33 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/23/2008 3:10:37 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 658 bytes | Modified Date = 8/18/2008 3:52:11 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 7/26/2008 8:17:28 AM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 7/24/2008 10:45:34 PM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 258 bytes | Modified Date = 8/22/2008 10:39:00 PM | Attr = ]
Norton Internet Security - Run Full System Scan - Hiraga.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Hiraga.job -> [Ver = | Size = 640 bytes | Modified Date = 8/18/2008 8:00:57 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/23/2008 2:47:32 PM | Attr = H ]
WebReg 20080102183253.job -> %SystemRoot%\tasks\WebReg 20080102183253.job -> [Ver = | Size = 436 bytes | Modified Date = 8/22/2008 6:32:00 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\MSNIA\ -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\MSNIA -> [Folder | Modified Date = 1/6/2008 9:34:24 AM | Attr = ]
Settings.Dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\MSNIA\Settings.Dat -> [Ver = | Size = 1932 bytes | Modified Date = 7/13/2008 9:16:56 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 1/2/2008 9:58:13 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 8/18/2008 9:59:34 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5507 bytes | Modified Date = 8/18/2008 9:59:34 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 1/5/2008 11:59:06 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11068 bytes | Modified Date = 1/5/2008 11:59:31 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc -> [Folder | Modified Date = 8/23/2008 2:49:37 PM | Attr = ]
Perflib_Perfdata_a64.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_a64.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/23/2008 2:48:12 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\ -> C:\Documents and Settings\Hiraga\Local Settings\temp -> [Folder | Modified Date = 8/23/2008 3:13:14 PM | Attr = ]
symlcsv1.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\symlcsv1.exe -> [Ver = | Size = 58760 bytes | Modified Date = 8/23/2008 2:55:08 PM | Attr = ]
204 C:\Documents and Settings\Hiraga\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Hiraga\Local Settings\temp\*.tmp ->
C:\Documents and Settings\Hiraga\Local Settings\temp\IXP487.TMP\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\IXP487.TMP\ -> [Folder | Modified Date = 7/24/2008 4:26:00 PM | Attr = ]
SetupAdmin.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\IXP487.TMP\SetupAdmin.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 75048 bytes | Modified Date = 7/10/2008 11:01:24 AM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\ -> [Folder | Modified Date = 7/27/2008 8:50:06 PM | Attr = ]
UtherverseSetup.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\UtherverseSetup.exe -> Utherverse Digital Inc [Ver = 1.6.26150 | Size = 2567864 bytes | Modified Date = 7/21/2008 6:21:10 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\DirectXWebInstall\mFileBagIDE.dll\bag\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\DirectXWebInstall\mFileBagIDE.dll\bag -> [Folder | Modified Date = 7/27/2008 8:50:00 PM | Attr = ]
dxwebsetup.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\DirectXWebInstall\mFileBagIDE.dll\bag\dxwebsetup.exe -> Microsoft Corporation [Ver = 4.09.00.0904 | Size = 287240 bytes | Modified Date = 3/4/2008 5:38:07 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi -> [Folder | Modified Date = 7/27/2008 8:50:07 PM | Attr = ]
msiexec.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msiexec.exe -> Microsoft Corporation [Ver = 2.0.2600.1 | Size = 83456 bytes | Modified Date = 11/12/2004 6:27:16 PM | Attr = ]
msiinst.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msiinst.exe -> Microsoft Corporation [Ver = 2.0.2600.1 | Size = 36864 bytes | Modified Date = 11/12/2004 6:27:16 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\unicode\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\unicode -> [Folder | Modified Date = 7/27/2008 8:50:00 PM | Attr = ]
update.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\unicode\update.exe -> Microsoft Corporation [Ver = 6.1.0006.0 built by: main(hemchans) | Size = 2003176 bytes | Modified Date = 11/1/2005 8:08:45 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C -> [Folder | Modified Date = 7/27/2008 8:50:06 PM | Attr = ]
Utherverse.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\Utherverse.exe -> [Ver = | Size = 2012480 bytes | Modified Date = 7/18/2008 6:17:28 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\625AF3E1\565D2D36\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\625AF3E1\565D2D36 -> [Folder | Modified Date = 7/27/2008 8:50:01 PM | Attr = ]
UtherversePatcher.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\625AF3E1\565D2D36\UtherversePatcher.exe -> Utherverse Digital Inc. [Ver = 1.6.0.0 | Size = 1438016 bytes | Modified Date = 7/17/2008 4:59:41 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4 -> [Folder | Modified Date = 7/27/2008 8:50:06 PM | Attr = ]
artpschd.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\artpschd.exe -> Pocket Soft, Inc. [Ver = 10.50 | Size = 427624 bytes | Modified Date = 1/12/2007 11:50:00 PM | Attr = ]
cabarc.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\cabarc.exe -> [Ver = | Size = 114688 bytes | Modified Date = 1/12/2007 11:50:00 PM | Attr = ]
chktrust.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\chktrust.exe -> Microsoft Corporation [Ver = 5.101.1670.1 | Size = 12560 bytes | Modified Date = 1/12/2007 11:50:00 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP -> [Folder | Modified Date = 7/7/2008 8:08:03 PM | Attr = ]
SetupMenu.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\SetupMenu.exe -> [Ver = | Size = 323584 bytes | Modified Date = 8/30/2005 6:00:00 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1 -> [Folder | Modified Date = 7/7/2008 8:08:02 PM | Attr = ]
InstMsiA.Exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\InstMsiA.Exe -> Microsoft Corporation [Ver = 2.0.2600.1 | Size = 1707856 bytes | Modified Date = 8/30/2005 6:01:00 PM | Attr = ]
InstMsiW.Exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\InstMsiW.Exe -> Microsoft Corporation [Ver = 2.0.2600.0 | Size = 1821008 bytes | Modified Date = 8/30/2005 6:02:00 PM | Attr = ]
Setup.Exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\Setup.Exe -> Microsoft Corporation [Ver = 7.10.3077 | Size = 110592 bytes | Modified Date = 8/30/2005 6:15:00 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2 -> [Folder | Modified Date = 7/7/2008 8:08:03 PM | Attr = ]
InstMsiA.Exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\InstMsiA.Exe -> Microsoft Corporation [Ver = 2.0.2600.1 | Size = 1707856 bytes | Modified Date = 8/30/2005 6:16:00 PM | Attr = ]
InstMsiW.Exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\InstMsiW.Exe -> Microsoft Corporation [Ver = 2.0.2600.0 | Size = 1821008 bytes | Modified Date = 8/30/2005 6:17:00 PM | Attr = ]
Setup.Exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\Setup.Exe -> Microsoft Corporation [Ver = 7.10.3077 | Size = 110592 bytes | Modified Date = 8/30/2005 6:18:00 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\ -> [Folder | Modified Date = 7/8/2008 2:42:31 PM | Attr = ]
AutoRun.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\AutoRun.exe -> [Ver = | Size = 364544 bytes | Modified Date = 2/28/2008 11:32:00 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\Extra\SampleMap\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\Extra\SampleMap -> [Folder | Modified Date = 7/16/2008 10:07:13 AM | Attr = ]
Game.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\Extra\SampleMap\Game.exe -> [Ver = 2, 0, 0, 1 | Size = 135168 bytes | Modified Date = 2/29/2008 10:53:00 AM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\RPGVX\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\RPGVX -> [Folder | Modified Date = 7/8/2008 2:42:29 PM | Attr = ]
Setup.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\RPGVX\Setup.exe -> Enterbrain [Ver = 1.0.2.0 | Size = 4921657 bytes | Modified Date = 2/29/2008 11:04:00 AM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\RPGVX_RTP\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\RPGVX_RTP -> [Folder | Modified Date = 7/8/2008 2:42:31 PM | Attr = ]
Setup.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\RPGVX_RTP\Setup.exe -> Enterbrain [Ver = 1.0.2.0 | Size = 36808265 bytes | Modified Date = 2/28/2008 11:28:00 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\Temporary Directory 1 for Photoshop_Keygen.zip\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\Temporary Directory 1 for Photoshop_Keygen.zip\ -> [Folder | Modified Date = 8/14/2008 6:19:04 PM | Attr = H ]
Photoshop_Keygen.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\Temporary Directory 1 for Photoshop_Keygen.zip\Photoshop_Keygen.exe -> [Ver = | Size = 190976 bytes | Modified Date = 2/17/2008 1:29:52 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\Temporary Directory 2 for Photoshop_Keygen.zip\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\Temporary Directory 2 for Photoshop_Keygen.zip\ -> [Folder | Modified Date = 8/14/2008 6:44:16 PM | Attr = H ]
Photoshop_Keygen.exe -> C:\Documents and Settings\Hiraga\Local Settings\temp\Temporary Directory 2 for Photoshop_Keygen.zip\Photoshop_Keygen.exe -> [Ver = | Size = 190976 bytes | Modified Date = 2/17/2008 1:29:52 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia1\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia1 -> [Folder | Modified Date = 7/27/2008 8:50:09 PM | Attr = ]
mDownExec.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia1\mDownExec.dll -> [Ver = | Size = 506368 bytes | Modified Date = 7/5/2008 5:52:16 PM | Attr = ]
mFileBagEXE.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia1\mFileBagEXE.dll -> [Ver = | Size = 97280 bytes | Modified Date = 7/5/2008 5:52:55 PM | Attr = ]
mMSIExec.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia1\mMSIExec.dll -> [Ver = | Size = 433152 bytes | Modified Date = 7/5/2008 5:52:29 PM | Attr = ]
mWinRunExec.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia1\mWinRunExec.dll -> [Ver = | Size = 407040 bytes | Modified Date = 7/5/2008 5:52:10 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\DirectXWebInstall\mFileBagIDE.dll\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\DirectXWebInstall\mFileBagIDE.dll\ -> [Folder | Modified Date = 7/27/2008 8:50:05 PM | Attr = ]
mFileBagEXE.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\DirectXWebInstall\mFileBagIDE.dll\mFileBagEXE.dll -> [Ver = | Size = 97280 bytes | Modified Date = 7/5/2008 5:52:55 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftVisualCRuntime\mFileBagIDE.dll\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftVisualCRuntime\mFileBagIDE.dll\ -> [Folder | Modified Date = 7/27/2008 8:50:05 PM | Attr = ]
mFileBagEXE.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftVisualCRuntime\mFileBagIDE.dll\mFileBagEXE.dll -> [Ver = | Size = 97280 bytes | Modified Date = 7/5/2008 5:52:55 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftVisualCRuntime\mMSI.dll\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftVisualCRuntime\mMSI.dll\ -> [Folder | Modified Date = 7/27/2008 8:50:05 PM | Attr = ]
mMSIExec.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftVisualCRuntime\mMSI.dll\mMSIExec.dll -> [Ver = | Size = 433152 bytes | Modified Date = 7/5/2008 5:52:29 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ -> [Folder | Modified Date = 7/27/2008 8:50:06 PM | Attr = ]
mWinRunExec.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\mWinRunExec.dll -> [Ver = | Size = 407040 bytes | Modified Date = 7/5/2008 5:52:10 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi -> [Folder | Modified Date = 7/27/2008 8:50:07 PM | Attr = ]
cabinet.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\cabinet.dll -> Microsoft Corporation [Ver = 5.00.2147.1 | Size = 56080 bytes | Modified Date = 11/12/2004 6:27:16 PM | Attr = ]
imagehlp.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\imagehlp.dll -> Microsoft Corporation [Ver = 4.00 | Size = 106013 bytes | Modified Date = 11/12/2004 6:27:16 PM | Attr = ]
msi.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msi.dll -> Microsoft Corporation [Ver = 2.0.2600.1 | Size = 1927680 bytes | Modified Date = 11/12/2004 6:27:16 PM | Attr = ]
msihnd.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msihnd.dll -> Microsoft Corporation [Ver = 2.0.2600.1 | Size = 297472 bytes | Modified Date = 11/12/2004 6:27:16 PM | Attr = ]
msimsg.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msimsg.dll -> Microsoft Corporation [Ver = 2.0.2600.1 | Size = 847872 bytes | Modified Date = 11/12/2004 6:27:16 PM | Attr = ]
msisip.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msisip.dll -> Microsoft Corporation [Ver = 2.0.2600.1 | Size = 40448 bytes | Modified Date = 11/12/2004 6:27:17 PM | Attr = ]
msls31.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\msls31.dll -> Microsoft Corporation [Ver = 3.10.337.0 | Size = 167936 bytes | Modified Date = 11/12/2004 6:27:17 PM | Attr = ]
mspatcha.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\mspatcha.dll -> Microsoft Corporation [Ver = 1.97 | Size = 28746 bytes | Modified Date = 11/12/2004 6:27:17 PM | Attr = ]
riched20.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\riched20.dll -> Microsoft Corporation [Ver = 5.30.23.1200 | Size = 431133 bytes | Modified Date = 11/12/2004 6:27:17 PM | Attr = ]
sdbapi.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\sdbapi.dll -> Microsoft Corporation [Ver = 1, 0, 0, 1 | Size = 63488 bytes | Modified Date = 11/12/2004 6:27:17 PM | Attr = ]
shfolder.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\shfolder.dll -> Microsoft Corporation [Ver = 5.00.2919.200 | Size = 21021 bytes | Modified Date = 11/12/2004 6:27:17 PM | Attr = ]
usp10.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\MicrosoftWindowsInstaller3\mWinRun.dll\ansi\usp10.dll -> Microsoft Corporation [Ver = 1.0325.2180.1 | Size = 314906 bytes | Modified Date = 11/12/2004 6:27:17 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\mMSI.dll\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\mMSI.dll\ -> [Folder | Modified Date = 7/27/2008 8:50:06 PM | Attr = ]
mMSIExec.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\mMSI.dll\mMSIExec.dll -> [Ver = | Size = 433152 bytes | Modified Date = 7/5/2008 5:52:29 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\mWinRun.dll\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\mWinRun.dll\ -> [Folder | Modified Date = 7/27/2008 8:50:06 PM | Attr = ]
mWinRunExec.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\mWinRun.dll\mWinRunExec.dll -> [Ver = | Size = 407040 bytes | Modified Date = 7/5/2008 5:52:10 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C -> [Folder | Modified Date = 7/27/2008 8:50:06 PM | Attr = ]
ATL80.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\ATL80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 96256 bytes | Modified Date = 10/8/2007 2:28:02 PM | Attr = ]
cshtpav5.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\cshtpav5.dll -> Catalyst Development Corporation [Ver = 5.00.5000 | Size = 243560 bytes | Modified Date = 10/8/2007 2:37:26 PM | Attr = ]
d3dx9_35.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\d3dx9_35.dll -> Microsoft Corporation [Ver = 9.19.949.1104 | Size = 3727720 bytes | Modified Date = 7/19/2007 7:14:42 PM | Attr = ]
D3DX9_37.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\D3DX9_37.dll -> Microsoft Corporation [Ver = 9.22.949.2248 | Size = 3786760 bytes | Modified Date = 3/5/2008 4:56:58 PM | Attr = ]
granny2.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\granny2.dll -> RAD Game Tools, Inc. [Ver = 2.7.0.20 | Size = 516608 bytes | Modified Date = 10/8/2007 2:39:08 PM | Attr = ]
xmllite.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\xmllite.dll -> Microsoft Corporation [Ver = 1.00.1018.0 | Size = 121856 bytes | Modified Date = 9/13/2007 12:14:26 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4 -> [Folder | Modified Date = 7/27/2008 8:50:06 PM | Attr = ]
artpclnt.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\artpclnt.dll -> Pocket Soft, Inc. [Ver = 10.50 | Size = 116328 bytes | Modified Date = 1/12/2007 11:50:00 PM | Attr = ]
patchw32.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\F0A05814\3C5CCDD4\patchw32.dll -> [Ver = | Size = 215144 bytes | Modified Date = 1/12/2007 11:50:00 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\mDown.dll\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\mDown.dll\ -> [Folder | Modified Date = 7/27/2008 8:50:03 PM | Attr = ]
mDownExec.dll -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\mDown.dll\mDownExec.dll -> [Ver = | Size = 506368 bytes | Modified Date = 7/5/2008 5:52:16 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\ -> C:\Documents and Settings\Hiraga\Local Settings\temp -> [Folder | Modified Date = 8/23/2008 3:13:14 PM | Attr = ]
Perflib_Perfdata_3b4.dat -> C:\Documents and Settings\Hiraga\Local Settings\temp\Perflib_Perfdata_3b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/22/2008 7:09:52 PM | Attr = ]
204 C:\Documents and Settings\Hiraga\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Hiraga\Local Settings\temp\*.tmp ->
C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C -> [Folder | Modified Date = 7/27/2008 8:50:06 PM | Attr = ]
language.ini -> C:\Documents and Settings\Hiraga\Local Settings\temp\mia226.tmp\data\Utherverse3DClient\36C1515C\2A7F981C\language.ini -> [Ver = | Size = 658612 bytes | Modified Date = 6/4/2008 6:22:57 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1 -> [Folder | Modified Date = 7/7/2008 8:08:02 PM | Attr = ]
Setup.Ini -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\Setup.Ini -> [Ver = | Size = 47 bytes | Modified Date = 8/30/2005 6:15:00 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2 -> [Folder | Modified Date = 7/7/2008 8:08:03 PM | Attr = ]
Setup.Ini -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\Setup.Ini -> [Ver = | Size = 41 bytes | Modified Date = 9/20/2005 8:04:00 PM | Attr = ]
C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\Extra\SampleMap\ -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\Extra\SampleMap -> [Folder | Modified Date = 7/16/2008 10:07:13 AM | Attr = ]
Game.ini -> C:\Documents and Settings\Hiraga\Local Settings\temp\RPGMakerVX102\RPGMakerVX102\RPGMakerVX1.02\Extra\SampleMap\Game.ini -> [Ver = | Size = 87 bytes | Modified Date = 2/29/2008 10:53:00 AM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer -> [Folder | Modified Date = 7/24/2008 10:46:06 PM | Attr = ]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 7/28/2008 10:10:37 AM | Attr = S]
Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 8/4/2008 4:36:05 PM | Attr = ]
Apple Computer -> %AppData%\Apple Computer -> [Folder | Modified Date = 7/27/2008 6:41:44 PM | Attr = ]
Hamachi -> %AppData%\Hamachi -> [Folder | Modified Date = 8/23/2008 2:50:39 PM | Attr = ]
Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 8/15/2008 12:59:54 AM | Attr = ]
MSN6 -> %AppData%\MSN6 -> [Folder | Modified Date = 8/7/2008 9:24:56 AM | Attr = ]
MSNInstaller -> %AppData%\MSNInstaller -> [Folder | Modified Date = 7/27/2008 8:19:20 AM | Attr = ]
Windows Desktop Search -> %AppData%\Windows Desktop Search -> [Folder | Modified Date = 7/28/2008 10:11:16 AM | Attr = ]
WTablet -> %AppData%\WTablet -> [Folder | Modified Date = 8/23/2008 2:48:06 PM | Attr = ]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 7/24/2008 4:36:19 PM | Attr = ]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 8/4/2008 4:27:21 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 99296 bytes | Modified Date = 8/15/2008 6:08:41 PM | Attr = ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 8/10/2008 2:34:12 AM | Attr = ]
os604495.bin -> %AllUsersProfile%\Documents\os604495.bin -> [Ver = | Size = 687 bytes | Modified Date = 8/17/2008 2:10:58 PM | Attr = H ]
cloud strife copy.jpg -> %UserProfile%\My Documents\cloud strife copy.jpg -> [Ver = | Size = 96388 bytes | Modified Date = 8/20/2008 10:04:16 PM | Attr = ]
cloud strife.psd -> %UserProfile%\My Documents\cloud strife.psd -> [Ver = | Size = 1078853 bytes | Modified Date = 8/20/2008 10:16:55 PM | Attr = ]
cloud.jpg -> %UserProfile%\My Documents\cloud.jpg -> [Ver = | Size = 246147 bytes | Modified Date = 8/18/2008 7:12:55 PM | Attr = ]
Converted Videos -> %UserProfile%\My Documents\Converted Videos -> [Folder | Modified Date = 7/27/2008 2:53:05 PM | Attr = ]
dustin -> %UserProfile%\My Documents\dustin -> [Folder | Modified Date = 8/14/2008 8:51:55 PM | Attr = ]
dustin.rar -> %UserProfile%\My Documents\dustin.rar -> [Ver = | Size = 565216330 bytes | Modified Date = 8/14/2008 9:06:27 PM | Attr = ]
fire.jpg -> %UserProfile%\My Documents\fire.jpg -> [Ver = | Size = 133095 bytes | Modified Date = 8/20/2008 9:59:05 PM | Attr = ]
haruhi-1.jpg -> %UserProfile%\My Documents\haruhi-1.jpg -> [Ver = | Size = 48118 bytes | Modified Date = 8/22/2008 4:40:41 PM | Attr = ]
history.doc -> %UserProfile%\My Documents\history.doc -> [Ver = | Size = 57344 bytes | Modified Date = 7/26/2008 10:39:09 AM | Attr = ]
iMacros -> %UserProfile%\My Documents\iMacros -> [Folder | Modified Date = 8/23/2008 2:56:51 PM | Attr = ]
Imigration -> %UserProfile%\My Documents\Imigration -> [Folder | Modified Date = 8/7/2008 11:06:25 AM | Attr = ]
knight.jpg -> %UserProfile%\My Documents\knight.jpg -> [Ver = | Size = 293215 bytes | Modified Date = 8/18/2008 6:41:36 PM | Attr = ]
marian.jpg -> %UserProfile%\My Documents\marian.jpg -> [Ver = | Size = 156695 bytes | Modified Date = 8/20/2008 10:14:34 PM | Attr = ]
marian.png -> %UserProfile%\My Documents\marian.png -> [Ver = | Size = 268058 bytes | Modified Date = 8/20/2008 10:20:57 PM | Attr = ]
memo-2.doc -> %UserProfile%\My Documents\memo-2.doc -> [Ver = | Size = 28160 bytes | Modified Date = 7/27/2008 9:23:45 AM | Attr = ]
memo.doc -> %UserProfile%\My Documents\memo.doc -> [Ver = | Size = 26112 bytes | Modified Date = 7/27/2008 8:52:17 AM | Attr = ]
My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Modified Date = 8/4/2008 4:26:02 PM | Attr = ]
My Downloads -> %UserProfile%\My Documents\My Downloads -> [Folder | Modified Date = 7/30/2008 10:00:34 AM | Attr = ]
My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 8/22/2008 5:10:20 PM | Attr = R ]
My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 8/20/2008 3:55:47 PM | Attr = ]
My Scans -> %UserProfile%\My Documents\My Scans -> [Folder | Modified Date = 8/4/2008 4:25:22 PM | Attr = ]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 608 bytes | Modified Date = 8/22/2008 7:10:05 PM | Attr = ]
New Folder -> %UserProfile%\My Documents\New Folder -> [Folder | Modified Date = 8/14/2008 11:52:54 PM | Attr = ]
SchoolCouple.jpg -> %UserProfile%\My Documents\SchoolCouple.jpg -> [Ver = | Size = 205532 bytes | Modified Date = 8/17/2008 8:05:55 PM | Attr = ]
stupidgoku.fla -> %UserProfile%\My Documents\stupidgoku.fla -> [Ver = | Size = 49152 bytes | Modified Date = 8/15/2008 1:48:22 AM | Attr = ]
stupidgoku.gif -> %UserProfile%\My Documents\stupidgoku.gif -> [Ver = | Size = 36864 bytes | Modified Date = 8/15/2008 6:12:09 PM | Attr = ]
stupidgoku.html -> %UserProfile%\My Documents\stupidgoku.html -> [Ver = | Size = 783 bytes | Modified Date = 8/15/2008 6:13:59 PM | Attr = ]
stupidgoku.swf -> %UserProfile%\My Documents\stupidgoku.swf -> [Ver = | Size = 6636 bytes | Modified Date = 8/15/2008 6:17:07 PM | Attr = ]
Sunset.jpg -> %UserProfile%\My Documents\Sunset.jpg -> [Ver = | Size = 52519 bytes | Modified Date = 8/18/2008 5:44:29 PM | Attr = ]
Video Downloads -> %UserProfile%\My Documents\Video Downloads -> [Folder | Modified Date = 7/24/2008 11:48:32 PM | Attr = ]
旅行記録.doc -> %UserProfile%\My Documents\旅行記録.doc -> [Ver = | Size = 35328 bytes | Modified Date = 8/7/2008 10:27:08 AM | Attr = ]
Ben 10 Bounty Hunters.lnk -> %AllUsersProfile%\Desktop\Ben 10 Bounty Hunters.lnk -> [Ver = | Size = 1815 bytes | Modified Date = 8/19/2008 8:14:36 AM | Attr = ]
MSN.lnk -> %AllUsersProfile%\Desktop\MSN.lnk -> [Ver = | Size = 1833 bytes | Modified Date = 7/26/2008 8:19:30 AM | Attr = ]
Videora iPod Converter.lnk -> %AllUsersProfile%\Desktop\Videora iPod Converter.lnk -> [Ver = | Size = 1824 bytes | Modified Date = 7/24/2008 11:48:32 PM | Attr = ]
Adobe Photoshop CS2 -> %UserProfile%\Desktop\Adobe Photoshop CS2 -> [Folder | Modified Date = 8/14/2008 5:34:57 PM | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 8/23/2008 3:00:53 PM | Attr = ]
fsg-4_4.exe -> %UserProfile%\Desktop\fsg-4_4.exe -> [Ver = | Size = 2977280 bytes | Modified Date = 8/8/2008 1:29:56 AM | Attr = ]
iTunes.lnk -> %UserProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 8/18/2008 1:00:00 AM | Attr = ]
jxpiinstall.exe -> %UserProfile%\Desktop\jxpiinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 382352 bytes | Modified Date = 7/28/2008 1:22:34 PM | Attr = ]
Macromedia Flash MX.lnk -> %UserProfile%\Desktop\Macromedia Flash MX.lnk -> [Ver = | Size = 1680 bytes | Modified Date = 8/15/2008 12:56:02 AM | Attr = ]
music2 -> %UserProfile%\Desktop\music2 -> [Folder | Modified Date = 7/24/2008 3:52:40 PM | Attr = ]
music3 -> %UserProfile%\Desktop\music3 -> [Folder | Modified Date = 8/10/2008 3:19:57 PM | Attr = ]
New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Modified Date = 8/17/2008 11:51:25 PM | Attr = ]
ninja glare.mp3 -> %UserProfile%\Desktop\ninja glare.mp3 -> [Ver = | Size = 5763137 bytes | Modified Date = 8/22/2008 4:24:34 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/23/2008 3:06:19 PM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 8/23/2008 3:01:34 PM | Attr = ]
settings.ini -> %UserProfile%\Desktop\settings.ini -> [Ver = | Size = 104 bytes | Modified Date = 8/15/2008 8:38:23 PM | Attr = ]
Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk -> [Ver = | Size = 1787 bytes | Modified Date = 7/28/2008 10:10:32 AM | Attr = ]
Adobe Gamma.lnk -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> [Ver = | Size = 988 bytes | Modified Date = 8/14/2008 6:26:37 PM | Attr = ]
Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Modified Date = 8/14/2008 6:22:04 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 8/23/2008 3:12:15 PM | Attr = ]
Vbox -> %CommonProgramFiles%\Vbox -> [Folder | Modified Date = 8/15/2008 12:56:13 AM | Attr = ]

< End of report >

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 23 August 2008 - 08:19 PM

Hello, The Indian Guy.
Hmm... I don't see any malware on this machine. Are you still having problems?

You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Aries). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 The Indian Guy

The Indian Guy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 24 August 2008 - 10:32 PM

i'm having trouble doing the eset online scan. twice while scanning the laptop has shut down. i noticed that both times the laptop shut off at the same part, however, i'm not quiet sure what exact part that was because i wasn't paying close attention.

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 24 August 2008 - 11:00 PM

Hello, The Indian Guy.

Please try this one instead :thumbsup:

Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • Kaspersky's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 The Indian Guy

The Indian Guy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 27 August 2008 - 08:24 PM

i've been very busy lately. this is the first chance i've had to get on in three days. i'm planning on taking the scan later tonight. just writing this to inform you that i haven't forgotten about the thread.

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 27 August 2008 - 09:08 PM

Okie dokie :thumbsup:

Thanks for letting me know.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 The Indian Guy

The Indian Guy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 27 August 2008 - 09:49 PM

my computer continues to restart itself even when i'm not scanning. simple tasks such as writing an email become impossible because my computer restarts after 15-20 minutes. while attempting to install java for the kapersky scan to run, the pc shut itself down once again. i'm going to attempt installing once more with no other programs running.

Edited by The Indian Guy, 27 August 2008 - 10:07 PM.


#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 27 August 2008 - 10:18 PM

Alright... please post one more fresh HJT log...

Though I don't think this is malware related. Sounds thermal to me.

Have you ever opened this machine and removed the dust that builds up?
You may want to see this topic:
http://www.bleepingcomputer.com/tutorials/cleaning-the-inside-of-your-pc/

Sometimes the dust clogs up heatsinks and things and that makes things start to fail.

Good luck!
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 The Indian Guy

The Indian Guy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 27 August 2008 - 10:23 PM

Alright... please post one more fresh HJT log...

Though I don't think this is malware related. Sounds thermal to me.

Have you ever opened this machine and removed the dust that builds up?
You may want to see this topic:
http://www.bleepingcomputer.com/tutorials/cleaning-the-inside-of-your-pc/

Sometimes the dust clogs up heatsinks and things and that makes things start to fail.

Good luck!
Billy3


would it be the same for a laptop?

edit: here is the hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:49 PM, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\Hiraga\Desktop\Ares.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\Hiraga\Desktop\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] "C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" /StartUp
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Hiraga\Desktop\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8729 bytes

Edited by The Indian Guy, 27 August 2008 - 10:34 PM.


#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 27 August 2008 - 10:39 PM

Yes, that would be the same for a laptop. Here are some example images of a Toshiba laptop heatsink:
http://www.laptoprepair101.com/laptop/2006...op-overheating/
(Not sure about the article's quality, but the pics are nice :thumbsup:)

That log looks clean to me, but I still would like an onlinescan as a second opinion.

Sometimes you can get at lappys without disassembly by simply using compressed/canned air and blowing into the laptop heatsinks backwards, which sometimes forces the dust out :)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 PM

Posted 29 August 2008 - 09:49 PM

Hello, The Indian Guy.
You now appear to be clean. Congratulations!


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infections you had were "None"

Below are some steps to follow in order to dramatically lower the chances of reinfection.
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    You can view a video of the following instructions.
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    Note: You should only do this once!
    :thumbsup:
  • Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications.
    Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.
    :)
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    :)
  • Make Internet Explorer more secure
    • Click Start -> Run
    • Type "Inetcpl.cpl" (without quotes) & click OK.
    • Click on the Security tab.
    • Click "Reset all zones to default level"
    • Make sure the Internet Zone is selected & click "Custom level"
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Click OK, then Apply, then OK to exit the Internet Properties page.
    :)
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer.
    If you don't know what ActiveX controls are, see here
    You can download SpywareBlaster from here.
    :spacer:
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly.
    :spacer:
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
    Spybot Search & Destroy has a good HOSTS file built in. To enable it,
    • Run Spybot Search & Destroy
    • Click the Mode button on the toolbar, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File.
    • Click on "Add Spybot-S&D hosts list"
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start -> Run.
    • Type "services.msc" (without quotes) & click OK.
    • In the list, find the service called "DNS Client" & double click on it.
    • On the dropdown box, change the setting from "Automatic" to "Manual".
    • Click OK.
    • Exit/close the Services window
    For a more detailed explanation of the HOSTS file, click here.
    :spacer:
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
    :spacer:
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date!
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users