Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan.inject.ia


  • Please log in to reply
14 replies to this topic

#1 wspt4

wspt4

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 07 September 2008 - 08:40 AM

My computer is not doing anything unusual except running slowly and my mouse pad does not respond (external USB mouse works).
Repeated BitDefender scans were turning up multiple viruses such as Rootkit-Hidden Items, Trojan.Kobcka.FB, Packer.Malware.Lighty.C.
After going through the bleepingcomputer process only the Trojan.Inject.IA and Rootkit-Hidden Items continue to appear. I need help removing these and making sure no permanent damage has been done to my system.

I have tried to do a System Restore, but my system was unable to complete the process.
Thanks in advance for any and all assistance.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:39 AM, on 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [buritos] buritos.exe
O4 - HKLM\..\Run: [Cpl32ver] C:\WINDOWS\System32\Cpl32ver.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe
O4 - Startup: ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///D:/CDVIEWER/CdViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBA7CF23-D229-4F9F-968F-C843EF326632}: NameServer = 192.168.2.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: karina.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaseya Agent (KaseyaAgent) - Kaseya - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 15341 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:57 PM

Posted 07 September 2008 - 08:46 AM

Hello wspt4

Welcome to BleepingComputer :thumbsup:
========================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 wspt4

wspt4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 07 September 2008 - 07:40 PM

OTScanIt logfile created on: 9/7/2008 10:01:47 AM

OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Daniel Seidler\Desktop\OTScanIt

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1014.86 Mb Total Physical Memory | 685.65 Mb Available Physical Memory | 67.56% Memory free

2.38 Gb Paging File | 1.29 Gb Available in Paging File | 54.29% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 102.92 Gb Total Space | 5.01 Gb Free Space | 4.86% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: DSTOSHIBA

Current User Name: Daniel Seidler

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On



[Processes - Non-Microsoft Only]

cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr =	]

agentmon.exe -> %ProgramFiles%\Kaseya\Agent\AgentMon.exe -> Kaseya [Ver = 5.0.0.6 | Size = 598016 bytes | Modified Date = 5/7/2008 5:26:26 PM | Attr =	]

pinger.exe -> %SystemDrive%\Toshiba\IVP\ISM\pinger.exe ->  [Ver =  | Size = 136816 bytes | Modified Date = 1/25/2007 8:47:50 PM | Attr =	]

swupdtmr.exe -> %SystemDrive%\Toshiba\IVP\swupdate\swupdtmr.exe ->  [Ver =  | Size = 63096 bytes | Modified Date = 1/25/2007 8:50:26 PM | Attr =	]

thpsrv.exe -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 9 | Size = 529976 bytes | Modified Date = 4/24/2007 6:31:10 AM | Attr =	]

tmesrv31.exe -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 50, 0 | Size = 126976 bytes | Modified Date = 12/14/2005 3:00:32 PM | Attr =	]

toddsrv.exe -> %SystemRoot%\system32\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 3 | Size = 114688 bytes | Modified Date = 5/25/2006 9:30:16 PM | Attr =	]

tosbtsrv.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> TOSHIBA CORPORATION [Ver = 1, 0, 1402, 0 | Size = 125048 bytes | Modified Date = 2/26/2007 12:55:18 AM | Attr =	]

winvnc4.exe -> %ProgramFiles%\RealVNC\VNC4\WinVNC4.exe -> RealVNC Ltd. [Ver = 4.1.2 | Size = 438272 bytes | Modified Date = 9/5/2008 4:38:55 PM | Attr =	]

xcommsvr.exe -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 12/4/2007 6:16:39 PM | Attr =	]

livesrv.exe -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender SRL [Ver = 11, 0, 1, 87 | Size = 1155072 bytes | Modified Date = 7/2/2008 11:51:32 AM | Attr =	]

tpsoddctl.exe -> %SystemRoot%\system32\TPSODDCtl.exe -> TOSHIBA Corporation [Ver = 1, 0, 16, 0 | Size = 118784 bytes | Modified Date = 4/24/2007 7:22:00 PM | Attr =	]

touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 1, 0 | Size = 126976 bytes | Modified Date = 6/28/2005 11:43:00 PM | Attr =	]

toshkcw.exe -> %ProgramFiles%\Toshiba\Wireless Hotkey\TosHKCW.exe -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 2 | Size = 49152 bytes | Modified Date = 5/17/2005 2:42:02 PM | Attr =	]

tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 3, 0 | Size = 45056 bytes | Modified Date = 4/24/2007 7:22:00 PM | Attr =	]

tmerzctl.exe -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 29 | Size = 90112 bytes | Modified Date = 4/26/2006 8:35:02 PM | Attr =	]

thpsrv.exe -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 9 | Size = 529976 bytes | Modified Date = 4/24/2007 6:31:10 AM | Attr =	]

tfnf5.exe -> %SystemRoot%\system32\TFNF5.exe -> TOSHIBA Corp. [Ver = 3, 4, 5, 5 | Size = 622592 bytes | Modified Date = 4/10/2006 9:14:52 PM | Attr =	]

tmeejme.exe -> %ProgramFiles%\Toshiba\TME3\TMEEJME.exe -> TOSHIBA [Ver = 1, 0, 0, 23 | Size = 81920 bytes | Modified Date = 12/24/2004 11:15:26 PM | Attr =	]

tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.31.0.1 | Size = 188416 bytes | Modified Date = 3/29/2007 5:21:02 PM | Attr =	]

taudeff.exe -> %ProgramFiles%\Toshiba\TAudEffect\TAudEff.exe -> TOSHIBA [Ver = 2, 8, 2, 0 | Size = 344144 bytes | Modified Date = 8/9/2006 10:48:08 PM | Attr =	]

smoothview.exe -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 24 | Size = 159744 bytes | Modified Date = 4/9/2007 9:07:02 PM | Attr =	]

ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 1, 2 | Size = 974848 bytes | Modified Date = 3/16/2006 4:58:50 PM | Attr =	]

kausrtsk.exe -> %ProgramFiles%\Kaseya\Agent\KaUsrTsk.exe -> Kaseya [Ver = 5.0.0.0 | Size = 229376 bytes | Modified Date = 3/7/2008 1:12:38 PM | Attr =	]

ddwmon.exe -> %ProgramFiles%\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe -> TOSHIBA Corporation [Ver = 1.1.0.0 | Size = 311296 bytes | Modified Date = 4/13/2007 9:16:16 PM | Attr =	]

cfsserv.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSServ.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 117 | Size = 798720 bytes | Modified Date = 5/19/2006 3:13:38 PM | Attr =	]

bdagent.exe -> %ProgramFiles%\BitDefender\BitDefender 2008\bdagent.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 179 | Size = 368640 bytes | Modified Date = 7/2/2008 11:51:28 AM | Attr =	]

00thotkey.exe -> %SystemRoot%\system32\00THotkey.exe -> TOSHIBA Corporation [Ver = 1, 2, 0, 2 | Size = 258048 bytes | Modified Date = 7/5/2006 3:14:30 PM | Attr =	]

mmreminderservice.exe -> %ProgramFiles%\Mindjet\MindManager 7\MmReminderService.exe -> Mindjet [Ver = 7.1.394 | Size = 37144 bytes | Modified Date = 3/19/2008 11:39:58 PM | Attr =	]

toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr =	]

teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]

audibledownloadhelper.exe -> %ProgramFiles%\Audible\Bin\AudibleDownloadHelper.exe -> Audible, Inc. [Ver = 6.0.0.23 | Size = 1697112 bytes | Modified Date = 11/16/2007 3:40:16 PM | Attr =	]

tosbtmng.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 5.00.7522.ALL | Size = 2756608 bytes | Modified Date = 5/22/2007 7:57:26 PM | Attr =	]

cardlauncher.exe -> %ProgramFiles%\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe -> PFU Limited. [Ver = 3, 1, 10, 1 | Size = 36864 bytes | Modified Date = 10/9/2006 2:43:18 PM | Attr =	]

logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 12/28/2007 10:59:24 PM | Attr =	]

setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.24.99 | Size = 784912 bytes | Modified Date = 11/15/2007 10:12:04 AM | Attr =	]

qbupdate.exe -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit Inc. [Ver = 16.0 R12 | Size = 815104 bytes | Modified Date = 11/6/2007 8:40:54 PM | Attr =	]

pfussmon.exe -> %ProgramFiles%\PFU\ScanSnap\Driver\PfuSsMon.exe -> PFU LIMITED [Ver = 4.1.12.10 | Size = 1769472 bytes | Modified Date = 3/30/2007 11:14:06 PM | Attr =	]

vsserv.exe -> %ProgramFiles%\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 444 | Size = 1253376 bytes | Modified Date = 7/2/2008 11:51:30 AM | Attr =	]

tosa2dp.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe -> TOSHIBA CORPORATION. [Ver = 5.00.7227.ALL | Size = 278528 bytes | Modified Date = 2/27/2007 11:21:10 PM | Attr =	]

khalmnpr.exe -> %CommonProgramFiles%\LogiShrd\KHAL2\KHALMNPR.exe -> Logitech, Inc. [Ver = 4.24.28 | Size = 55824 bytes | Modified Date = 11/15/2007 10:08:26 AM | Attr =	]

tosbthid.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe -> TOSHIBA CORPORATION. [Ver = 4, 1, 1323, 0 | Size = 69632 bytes | Modified Date = 1/24/2006 2:14:10 AM | Attr =	]

tosbtbty.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe -> TOSHIBA CORPORATION. [Ver = 5, 0, 1204, 0 | Size = 69632 bytes | Modified Date = 12/4/2006 7:00:10 PM | Attr =	]

tosbthsp.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe -> TOSHIBA CORPORATION. [Ver = 5.10.05.70426 | Size = 274432 bytes | Modified Date = 4/26/2007 5:53:38 PM | Attr =	]

ivpsvmgr.exe -> %SystemDrive%\Toshiba\IVP\ISM\Ivpsvmgr.exe -> TOSHIBA Corporation [Ver = 3.5.3.5 | Size = 468600 bytes | Modified Date = 1/25/2007 8:45:42 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr =	]

(KaseyaAgent) Kaseya Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaseya\Agent\AgentMon.exe -> Kaseya [Ver = 5.0.0.6 | Size = 598016 bytes | Modified Date = 5/7/2008 5:26:26 PM | Attr =	]

(LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\LogiShrd\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.24.99 | Size = 121360 bytes | Modified Date = 11/15/2007 10:09:42 AM | Attr =	]

(LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender SRL [Ver = 11, 0, 1, 87 | Size = 1155072 bytes | Modified Date = 7/2/2008 11:51:32 AM | Attr =	]

(pinger) pinger [Win32_Own | Auto | Running] -> %SystemDrive%\Toshiba\IVP\ISM\pinger.exe ->  [Ver =  | Size = 136816 bytes | Modified Date = 1/25/2007 8:47:50 PM | Attr =	]

(RampartSvc) SonicWall VPN Client Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -> SonicWALL, Inc. [Ver = 3, 0, 2, 2 | Size = 230672 bytes | Modified Date = 9/27/2007 12:10:02 PM | Attr =	]

(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\Toshiba\IVP\swupdate\swupdtmr.exe ->  [Ver =  | Size = 63096 bytes | Modified Date = 1/25/2007 8:50:26 PM | Attr =	]

(Thpsrv) TOSHIBA HDD Protection [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 9 | Size = 529976 bytes | Modified Date = 4/24/2007 6:31:10 AM | Attr =	]

(Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 50, 0 | Size = 126976 bytes | Modified Date = 12/14/2005 3:00:32 PM | Attr =	]

(TODDSrv) TOSHIBA Optical Disc Drive Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 3 | Size = 114688 bytes | Modified Date = 5/25/2006 9:30:16 PM | Attr =	]

(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> TOSHIBA CORPORATION [Ver = 1, 0, 1402, 0 | Size = 125048 bytes | Modified Date = 2/26/2007 12:55:18 AM | Attr =	]

(VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 444 | Size = 1253376 bytes | Modified Date = 7/2/2008 11:51:30 AM | Attr =	]

(WinVNC4) VNC Server Version 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\RealVNC\VNC4\WinVNC4.exe -> RealVNC Ltd. [Ver = 4.1.2 | Size = 438272 bytes | Modified Date = 9/5/2008 4:38:55 PM | Attr =	]

(XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 12/4/2007 6:16:39 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\Apfiltr.sys -> File not found

(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\asyncmac.sys -> File not found

(ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ATSwpDrv.sys -> AuthenTec, Inc. [Ver = 6.29.2.0 | Size = 117010 bytes | Modified Date = 7/12/2005 5:40:00 PM | Attr =	]

(Bdfndisf) BitDefender Firewall NDIS Filter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bdfndisf.sys -> BitDefender SRL [Ver = 3.0.0.18 built by: WinDDK | Size = 86792 bytes | Modified Date = 7/2/2008 11:51:30 AM | Attr =	]

(bdfsfltr) bdfsfltr [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\bdfsfltr.sys -> BitDefender S.R.L. Bucharest, ROMANIA [Ver = 0.3.124.3908, RELEASE,  built by: WinDDK | Size = 196368 bytes | Modified Date = 1/7/2008 6:41:34 PM | Attr =	]

(bdftdif) bdftdif [Kernel | System | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Firewall\bdftdif.sys -> BitDefender SRL [Ver = 3.0.0.11 | Size = 156688 bytes | Modified Date = 2/12/2008 12:12:56 PM | Attr =	]

(BDSelfPr) BDSelfPr [Kernel | On_Demand | Running] -> %ProgramFiles%\BitDefender\BitDefender 2008\bdselfpr.sys -> BitDefender S.R.L. [Ver = 11.00 built by: WinDDK | Size = 8320 bytes | Modified Date = 1/21/2008 9:24:19 PM | Attr =	]

(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dne2000.sys -> Deterministic Networks, Inc. [Ver = 3.21.2.16899 | Size = 128144 bytes | Modified Date = 7/9/2007 6:40:52 PM | Attr = R  ]

(IFXTPM) IFXTPM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ifxtpm.sys -> Infineon Technologies AG [Ver = 1.80.0004.00 built by: WinDDK | Size = 36608 bytes | Modified Date = 9/19/2006 11:28:00 PM | Attr =	]

(IntelIde) IntelIde [Kernel | Boot | Stopped] -> %SystemRoot%\System32\DRIVERS\intelide.sys -> File not found

(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidFilt.Sys -> Logitech, Inc. [Ver = 4.24.28.00 | Size = 35088 bytes | Modified Date = 9/21/2007 3:10:40 AM | Attr =	]

(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LMouFilt.Sys -> Logitech, Inc. [Ver = 4.24.28.00 | Size = 36240 bytes | Modified Date = 9/21/2007 3:10:46 AM | Attr =	]

(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Netdevio.sys -> TOSHIBA Corporation. [Ver = Version 5.00.01.00 built by: WinDDK | Size = 12032 bytes | Modified Date = 1/29/2003 5:35:00 PM | Attr =	]

(Profos) Profos [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\BitDefender\BitDefender Threat Scanner\profos.sys ->  [Ver =  | Size = 12800 bytes | Modified Date = 7/12/2007 1:32:44 AM | Attr =	]

(Rai53) Rai53 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Rai53.sys ->  [Ver =  | Size = 32256 bytes | Modified Date = 9/5/2008 7:08:39 AM | Attr =	]

(RCFOX) SonicWALL IPsec Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\RCFOX.SYS -> SonicWALL, Inc. [Ver = 10.0.7.31 | Size = 101528 bytes | Modified Date = 9/27/2007 3:49:50 PM | Attr =	]

(rcvpn) SonicWALL VPN Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rcvpn.sys -> SonicWALL, Inc. [Ver = 9.0.3.2 | Size = 24876 bytes | Modified Date = 11/8/2005 9:58:20 AM | Attr =	]

(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RimSerial.sys -> Research in Motion Ltd [Ver = 2.1.0.4 | Size = 26496 bytes | Modified Date = 1/18/2007 10:24:58 AM | Attr = R  ]

(tbiosdrv) tbiosdrv [Kernel | On_Demand | Stopped] -> %SystemDrive%\tbiosdrv.sys -> File not found

(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tdcmdpst.sys -> TOSHIBA Corporation. [Ver = 2, 0, 0, 0 | Size = 16128 bytes | Modified Date = 2/22/2007 6:10:30 PM | Attr =	]

(tdudf) TOSHIBA UDF File System Driver [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\tdudf.sys -> TOSHIBA Corporation [Ver = 1.0.0.7 | Size = 105856 bytes | Modified Date = 3/26/2007 3:22:18 PM | Attr =	]

(TEchoCan) Toshiba Audio Effect [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TEchoCan.sys -> TOSHIBA Corporation [Ver = 2, 8, 3, 0 | Size = 435072 bytes | Modified Date = 2/21/2007 9:20:36 PM | Attr =	]

(Thpdrv) TOSHIBA HDD Protection Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\thpdrv.sys -> TOSHIBA Corporation [Ver = 2.0.1.2 | Size = 21120 bytes | Modified Date = 4/27/2007 1:19:00 PM | Attr =	]

(Thpevm) TOSHIBA HDD Protection - Shock Sensor Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Thpevm.sys -> TOSHIBA Corporation [Ver = 2.0.0.3 | Size = 6528 bytes | Modified Date = 3/9/2007 6:23:18 PM | Attr =	]

(TMEI3E) TMEI3E [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TMEI3E.sys -> Toshiba Corporation [Ver = 1, 0, 0, 5 | Size = 5888 bytes | Modified Date = 6/16/2004 2:08:48 PM | Attr =	]

(toshidpt) Bluetooth HID Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Toshidpt.sys -> TOSHIBA Corporation. [Ver = Version 1.01.00 | Size = 3712 bytes | Modified Date = 7/11/2005 9:58:00 PM | Attr =	]

(tosporte) Bluetooth COM Port [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosporte.sys -> TOSHIBA Corporation [Ver = 5.00.1003.0 built by: WinDDK | Size = 41600 bytes | Modified Date = 10/10/2006 10:33:00 PM | Attr =	]

(tosrfbd) Bluetooth RFBUS [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tosrfbd.sys -> TOSHIBA CORPORATION [Ver = 5.00.1623.0 built by: WinDDK | Size = 113920 bytes | Modified Date = 4/24/2007 4:20:06 PM | Attr =	]

(tosrfbnp) Bluetooth RFBNEP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tosrfbnp.sys -> TOSHIBA Corporation [Ver = 5.0.1120.00 built by: WinDDK | Size = 36480 bytes | Modified Date = 11/20/2006 8:55:16 PM | Attr =	]

(Tosrfcom) Bluetooth RFCOMM [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tosrfcom.sys -> TOSHIBA Corporation [Ver = 1.02 | Size = 64896 bytes | Modified Date = 8/1/2005 7:45:00 PM | Attr =	]

(tosrfec) Bluetooth ACPI [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosrfec.sys -> TOSHIBA Corporation [Ver = 5.00.1023.0 built by: WinDDK | Size = 9216 bytes | Modified Date = 10/23/2006 7:32:20 PM | Attr =	]

(Tosrfhid) Bluetooth RFHID [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Tosrfhid.sys -> TOSHIBA Corporation. [Ver = Version 5.00.1501.0 built by: WinDDK | Size = 73728 bytes | Modified Date = 3/1/2007 7:53:12 PM | Attr =	]

(tosrfnds) Bluetooth Personal Area Network [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tosrfnds.sys -> TOSHIBA Corporation. [Ver = Version 1.00.03 | Size = 18612 bytes | Modified Date = 1/6/2005 4:42:00 PM | Attr =	]

(TosRfSnd) Bluetooth Audio [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TosRfSnd.sys -> TOSHIBA Corporation [Ver = 5.0.1322.0 | Size = 53376 bytes | Modified Date = 1/22/2007 1:43:26 PM | Attr =	]

(tosrfusb) Bluetooth USB Controller [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tosrfusb.sys -> TOSHIBA CORPORATION [Ver = 5, 0, 1624, 0 | Size = 41856 bytes | Modified Date = 4/24/2007 10:36:00 PM | Attr =	]

(trudf) TOSHIBA DVD-RAM UDF File System Driver [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\trudf.sys -> TOSHIBA Corporation [Ver = 1.0.0.0 | Size = 134016 bytes | Modified Date = 2/19/2007 3:15:32 PM | Attr =	]

(Trufos) Trufos [Kernel | On_Demand | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Threat Scanner\trufos.sys ->  [Ver =  | Size = 36736 bytes | Modified Date = 7/10/2007 8:00:42 AM | Attr =	]

(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\TVALZ.SYS -> TOSHIBA Corporation [Ver = 2, 0, 0, 0 | Size = 16768 bytes | Modified Date = 2/15/2007 7:44:06 PM | Attr =	]

(KAPFA) KAPFA [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\KaPFA.sys -> Kaseya [Ver = 5.0.0.1 | Size = 20792 bytes | Modified Date = 3/30/2008 1:35:58 PM | Attr =	]

(tcpsr) tcpsr [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\tcpsr.sys -> File not found

(809CC) 809CC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\809CC.sys ->  [Ver =  | Size = 54624 bytes | Modified Date = 9/6/2008 5:57:00 PM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

 ->  [] -> File not found

000StTHK -> %SystemRoot%\system32\000StTHK.exe [000StTHK.exe] ->  [Ver =  | Size = 24576 bytes | Modified Date = 6/23/2001 7:28:00 AM | Attr =	]

00THotkey -> %SystemRoot%\system32\00THotkey.exe [C:\WINDOWS\system32\00THotkey.exe] -> TOSHIBA Corporation [Ver = 1, 2, 0, 2 | Size = 258048 bytes | Modified Date = 7/5/2006 3:14:30 PM | Attr =	]

Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 4:48:20 AM | Attr =	]

Alcmtr -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 9:43:28 PM | Attr =	]

Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/24/2004 1:40:42 AM | Attr =	]

AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:28 AM | Attr =	]

BDAgent -> %ProgramFiles%\BitDefender\BitDefender 2008\bdagent.exe ["C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"] -> BitDefender S.R.L. [Ver = 11, 0, 0, 179 | Size = 368640 bytes | Modified Date = 7/2/2008 11:51:28 AM | Attr =	]

BitDefender Antiphishing Helper -> %ProgramFiles%\BitDefender\BitDefender 2008\IEShow.exe ["C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"] -> BitDefender [Ver = 11, 0, 0, 5 | Size = 61440 bytes | Modified Date = 10/9/2007 4:46:58 PM | Attr =	]

buritos ->  [buritos.exees%] -> File not found

CFSServ.exe ->  [CFSServ.exe -NoClient] -> File not found

Cpl32ver -> %SystemRoot%\System32\Cpl32ver.exe [C:\WINDOWS\System32\Cpl32ver.exe] -> File not found

DDWMon -> %ProgramFiles%\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe [C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe] -> TOSHIBA Corporation [Ver = 1.1.0.0 | Size = 311296 bytes | Modified Date = 4/13/2007 9:16:16 PM | Attr =	]

IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe ["C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"] -> Intel Corporation [Ver = 7.5.0.1017 | Size = 174872 bytes | Modified Date = 3/21/2007 4:00:00 PM | Attr =	]

igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4631 | Size = 84760 bytes | Modified Date = 4/20/2007 1:33:50 PM | Attr =	]

igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4631 | Size = 125720 bytes | Modified Date = 4/20/2007 1:34:08 PM | Attr =	]

igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4631 | Size = 101144 bytes | Modified Date = 4/20/2007 1:34:14 PM | Attr =	]

IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> Intel Corporation [Ver = 11.1.0.2 | Size = 970752 bytes | Modified Date = 3/6/2007 8:44:48 PM | Attr =	]

IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> Intel Corporation [Ver = 11.1.0.5   | Size = 819200 bytes | Modified Date = 3/6/2007 8:47:02 PM | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr =	]

Kaseya Agent Service Helper -> %ProgramFiles%\Kaseya\Agent\KaUsrTsk.exe [C:\Program Files\Kaseya\Agent\KaUsrTsk.exe] -> Kaseya [Ver = 5.0.0.0 | Size = 229376 bytes | Modified Date = 3/7/2008 1:12:38 PM | Attr =	]

Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech, Inc. [Ver = 4.24.28 | Size = 55824 bytes | Modified Date = 9/21/2007 3:10:12 AM | Attr =	]

MMReminderService -> %ProgramFiles%\Mindjet\MindManager 7\MmReminderService.exe [C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe] -> Mindjet [Ver = 7.1.394 | Size = 37144 bytes | Modified Date = 3/19/2008 11:39:58 PM | Attr =	]

NDSTray.exe ->  [NDSTray.exe] -> File not found

OrderReminder -> %ProgramFiles%\Hewlett-Packard\OrderReminder\OrderReminder.exe [C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe] -> Hewlett-Packard [Ver = 2, 0, 1, 26 | Size = 98304 bytes | Modified Date = 1/30/2006 5:00:00 AM | Attr = R  ]

pdfSaver3 ->  [] -> File not found

PfuSsSct.exe -> %ProgramFiles%\PFU\ScanSnap\PfuSsSct.exe [C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station] -> File not found

Pinger -> %SystemDrive%\Toshiba\IVP\ISM\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] ->  [Ver =  | Size = 136816 bytes | Modified Date = 1/25/2007 8:47:50 PM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr =	]

RoxWatchTray -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe ["C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"] -> Sonic Solutions [Ver = 9.4.1.2 | Size = 236016 bytes | Modified Date = 8/16/2007 8:56:14 AM | Attr =	]

RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.1.3.2 | Size = 16132608 bytes | Modified Date = 4/12/2007 8:33:10 PM | Attr =	]

SmoothView -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> TOSHIBA Corporation [Ver = 2, 0, 0, 24 | Size = 159744 bytes | Modified Date = 4/9/2007 9:07:02 PM | Attr =	]

TAudEffect -> %ProgramFiles%\Toshiba\TAudEffect\TAudEff.exe [C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run] -> TOSHIBA [Ver = 2, 8, 2, 0 | Size = 344144 bytes | Modified Date = 8/9/2006 10:48:08 PM | Attr =	]

TFncKy ->  [TFncKy.exe] -> File not found

TFNF5 -> %SystemRoot%\system32\TFNF5.exe [TFNF5.exe] -> TOSHIBA Corp. [Ver = 3, 4, 5, 5 | Size = 622592 bytes | Modified Date = 4/10/2006 9:14:52 PM | Attr =	]

ThpSrv -> %SystemRoot%\system32\ThpSrv.exe [C:\WINDOWS\system32\thpsrv /logon] -> TOSHIBA Corporation [Ver = 2, 0, 0, 9 | Size = 529976 bytes | Modified Date = 4/24/2007 6:31:10 AM | Attr =	]

TMERzCtl.EXE -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe [C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service] -> TOSHIBA [Ver = 1, 0, 2, 29 | Size = 90112 bytes | Modified Date = 4/26/2006 8:35:02 PM | Attr =	]

TMESRV.EXE -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe [C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon] -> TOSHIBA [Ver = 3, 1, 50, 0 | Size = 126976 bytes | Modified Date = 12/14/2005 3:00:32 PM | Attr =	]

TosAutLk -> %ProgramFiles%\Toshiba\WirelessKeyLogon\TosAutLk.exe [C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s] ->  TOSHIBA CORPORATION [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 11/20/2006 9:14:00 PM | Attr =	]

TOSDCR -> %SystemRoot%\system32\TOSDCR.exe [TOSDCR.EXE] -> TOSHIBA Corporation [Ver = 1, 0, 0, 9 | Size = 57344 bytes | Modified Date = 12/13/2005 1:54:44 PM | Attr =	]

TosHKCW.exe -> %ProgramFiles%\Toshiba\Wireless Hotkey\TosHKCW.exe ["C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"] -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 2 | Size = 49152 bytes | Modified Date = 5/17/2005 2:42:02 PM | Attr =	]

TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe [C:\Program Files\TOSHIBA\TouchED\TouchED.exe] -> TOSHIBA Corporation [Ver = 2, 5, 1, 0 | Size = 126976 bytes | Modified Date = 6/28/2005 11:43:00 PM | Attr =	]

TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 23, 0 | Size = 315392 bytes | Modified Date = 4/24/2007 7:22:00 PM | Attr =	]

TPSODDCtl -> %SystemRoot%\system32\TPSODDCtl.exe [TPSODDCtl.exe] -> TOSHIBA Corporation [Ver = 1, 0, 16, 0 | Size = 118784 bytes | Modified Date = 4/24/2007 7:22:00 PM | Attr =	]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]

TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr =	]

< Run [HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\] > -> HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]

TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr =	]

< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Audible Download Manager.lnk -> %ProgramFiles%\Audible\Bin\AudibleDownloadHelper.exe -> Audible, Inc. [Ver = 6.0.0.23 | Size = 1697112 bytes | Modified Date = 11/16/2007 3:40:16 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 5.00.7522.ALL | Size = 2756608 bytes | Modified Date = 5/22/2007 7:57:26 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\CardMinder Viewer.lnk -> %ProgramFiles%\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe -> PFU Limited. [Ver = 3, 1, 10, 1 | Size = 36864 bytes | Modified Date = 10/9/2006 2:43:18 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk -> %ProgramFiles%\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe -> PFU LIMITED [Ver = 3, 1, 12, 11 | Size = 24576 bytes | Modified Date = 3/27/2007 5:47:32 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 12/28/2007 10:59:24 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.24.99 | Size = 784912 bytes | Modified Date = 11/15/2007 10:12:04 AM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit Inc. [Ver = 16.0 R12 | Size = 815104 bytes | Modified Date = 11/6/2007 8:40:54 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\ScanSnap Manager.lnk -> %ProgramFiles%\PFU\ScanSnap\Driver\PfuSsMon.exe -> PFU LIMITED [Ver = 4.1.12.10 | Size = 1769472 bytes | Modified Date = 3/30/2007 11:14:06 PM | Attr =	]

< Daniel Seidler Startup Folder > -> C:\Documents and Settings\Daniel Seidler\Start Menu\Programs\Startup -> 

%UserProfile%\Start Menu\Programs\Startup\Product Registration.lnk -> %CommonProgramFiles%\LogiShared\eReg\SetPoint\eReg.exe -> File not found

%UserProfile%\Start Menu\Programs\Startup\ScanSnap Manager.lnk -> %ProgramFiles%\PFU\ScanSnap\Driver\PfuSsMon.exe -> PFU LIMITED [Ver = 4.1.12.10 | Size = 1769472 bytes | Modified Date = 3/30/2007 11:14:06 PM | Attr =	]

< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 

< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 

karina.dat ->  -> File not found

FILES ->  -> File not found

*MultiFile Done* -> -> 

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr =	]

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 

logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr =	]

Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008] > -> HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4631 | Size = 139264 bytes | Modified Date = 6/30/2006 3:54:26 PM | Attr =	]

LBTWlgn -> %CommonProgramFiles%\LogiShrd\Bluetooth\LBTWLgn.dll -> Logitech, Inc. [Ver = 4.24.99 | Size = 72208 bytes | Modified Date = 11/15/2007 10:10:16 AM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceClassicControlPanel -> 1 -> 

Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008] > -> HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceClassicControlPanel -> 1 -> 

Reg Error: Key HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 

< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 

SCSI miniport ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 

*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 

NEC	 MBR-7	->  -> File not found

NEC	 MBR-7.4  ->  -> File not found

PIONEER CHANGR DRM-1804X ->  -> File not found

PIONEER CD-ROM DRM-6324X ->  -> File not found

PIONEER CD-ROM DRM-624X  ->  -> File not found

TORiSAN CD-ROM CDR_C36 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 

< Drives with AutoRun files > ->  -> 

AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 5/29/2007 12:36:18 PM | Attr =	]

< HOSTS File > (262919 bytes and 9165 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

First 25 entries...

127.0.0.1	   localhost

192.168.2.2	wsptfs1

127.0.0.1	www.007guard.com

127.0.0.1	007guard.com

127.0.0.1	008i.com

127.0.0.1	www.008k.com

127.0.0.1	008k.com

127.0.0.1	www.00hq.com

127.0.0.1	00hq.com

127.0.0.1	010402.com

127.0.0.1	www.032439.com

127.0.0.1	032439.com

127.0.0.1	www.0scan.com

127.0.0.1	0scan.com

127.0.0.1	www.100888290cs.com

127.0.0.1	100888290cs.com

127.0.0.1	www.100sexlinks.com

127.0.0.1	100sexlinks.com

127.0.0.1	www.10sek.com

127.0.0.1	10sek.com

127.0.0.1	www.123topsearch.com

127.0.0.1	123topsearch.com

127.0.0.1	www.132.com

127.0.0.1	132.com

127.0.0.1	www.136136.net

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 

< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 

HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://www.toshiba.com/search -> 

HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> 

HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 

HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://www.toshiba.com/search -> 

HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> 

HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 

HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.toshiba.com/search -> 

HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 

HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.toshiba.com/search -> 

HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://www.toshibadirect.com/dpdstart -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\] > -> -> 

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\: Main\\Search Bar -> http://www.google.com/ie -> 

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\: Main\\Search Page -> http://www.google.com -> 

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\: Main\\Start Page -> http://www.google.com -> 

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\: ProxyEnable -> 0 -> 

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\: ProxyOverride -> *.local -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4799 domain(s) found. -> 

46 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4798 domain(s) found. -> 

45 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4798 domain(s) found. -> 

45 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4798 domain(s) found. -> 

45 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\] > -> HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4798 domain(s) found. -> 

45 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\] > -> HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =	]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 6/7/2007 7:34:20 PM | Attr = R  ]

{381FFDE8-2394-4f90-B10D-FC6124A40F8C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BitDefender\BitDefender 2008\IEToolbar.dll [BitDefender Toolbar] -> Bitdefender [Ver = 11.0.0.29 | Size = 86016 bytes | Modified Date = 3/4/2008 2:26:56 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 6/7/2007 7:34:20 PM | Attr = R  ]

< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\] > -> HKEY_USERS\S-1-5-21-1330406757-2812264998-2269138038-1008\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 6/7/2007 7:34:20 PM | Attr = R  ]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 132744 bytes | Modified Date = 6/7/2007 6:57:50 PM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.104 | Size = 501384 bytes | Modified Date = 6/7/2007 6:57:50 PM | Attr =	]

{941E1A34-C6AF-4baa-A973-224F9C3E04BF}:{07A11D74-9D25-4fea-A833-8B0D76A5577A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Mindjet\MindManager 7\Mm7InternetExplorer.dll [Send to Mindjet MindManager] -> Mindjet [Ver = 7.1.394 | Size = 70944 bytes | Modified Date = 3/19/2008 11:40:24 PM | Attr =	]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{36A64869-A909-4DC8-879E-1F0BC6B03371} ->	() -> 

{3AE72737-B330-4185-B9D6-E655FC8A6867} ->	() -> 

{B7A59AD7-9F81-4A51-9B6C-3B35F3BFBE4D} ->	(1394 Net Adapter) -> 

{BBA7CF23-D229-4F9F-968F-C843EF326632} -> 192.168.2.2   (Intel(R) PRO/1000 PL Network Connection) -> 

{D7AEB5EA-392A-4E4E-82EE-CA411F5F8FC6} ->	(Intel(R) Wireless WiFi Link 4965AGN) -> 

{FA096B8A-9CA8-4DF8-8F7B-08C3C47B13E8} ->	() -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 12/28/2007 10:59:24 PM | Attr =	]

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> 

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{FC11A119-C2F7-46F4-9E32-937ABA26816E}[HKEY_LOCAL_MACHINE] -> file:///D:/CDVIEWER/CdViewer.cab[AMI DicomDir TreeView Control 2.1] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AmiDicomDirTreeView21.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AmiDicomDirTreeView21.ocx\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AmiDicomDirTreeView21.ocx\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AmiViewerLite21.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AmiViewerLite21.ocx\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AmiViewerLite21.ocx\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dict.dat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dict.dat\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dict.dat\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iiscomplib2.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iiscomplib2.dll\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iiscomplib2.dll\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR100.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR100.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR100.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR101.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR101.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR101.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR109.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR109.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR109.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR110.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR110.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR110.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR126.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR126.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR126.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR127.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR127.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR127.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR13.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR13.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR13.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR138.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR138.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR138.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR14.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR14.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR14.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR144.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR144.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR144.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR148.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR148.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR148.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR149.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR149.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR149.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR159.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR159.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR159.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR6.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR6.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR6.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR87.txt\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR87.txt\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IR87.txt\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn20.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn20.dll\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn20.dll\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn6320.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn6320.dll\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn6320.dll\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn9020.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn9020.dll\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn9020.dll\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn9120.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn9120.dll\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/picn9120.dll\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/unicows.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/unicows.dll\\.Owner -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/unicows.dll\\{FC11A119-C2F7-46F4-9E32-937ABA26816E} ->  -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 660 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 9D 6A 38 6C C6 0E 2A FC B2 AF C5 71 A8 1E 10 2B 64 34 31 61 38 33 39 30 00 00 00 00 7D 78 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 67 19 3B FC 69 99 1A 99 F0 23 AA D4  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 28 4C 71 25 1F DA 51 4A 4F  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 4F 96 6F DB 65 CB  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> B2 ED 39 3F F1 7C 83 2B 2A 3C 89 B4 B0 F4 62 26  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> F8 6D C6 A5 56 A9 C7 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 22191 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 12/28/2007 10:59:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 12/28/2007 10:59:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\TOSHIBA\ivp\NetInt\Netint.exe -> %SystemDrive%\Toshiba\IVP\NetInt\netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine] -> TOSHIBA Corporation [Ver = 3.6.0.4 | Size = 472688 bytes | Modified Date = 1/25/2007 8:49:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\TOSHIBA\Ivp\ISM\pinger.exe -> %SystemDrive%\Toshiba\IVP\ISM\pinger.exe [C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] ->  [Ver =  | Size = 136816 bytes | Modified Date = 1/25/2007 8:47:50 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 12/28/2007 10:59:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -> %ProgramFiles%\Intuit\QuickBooks 2006\QBDBMgrN.exe [C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager] -> Intuit, Inc. [Ver = 8.0.3.5307 | Size = 126976 bytes | Modified Date = 10/20/2005 11:54:16 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6316.5000 | Size = 12844576 bytes | Modified Date = 5/21/2008 4:37:24 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.1.11 | Size = 20252968 bytes | Modified Date = 7/30/2008 10:47:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp.050725-1531) | Size = 398336 bytes | Modified Date = 7/26/2005 12:20:40 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp.050725-1531) | Size = 398336 bytes | Modified Date = 7/26/2005 12:20:40 AM | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

Rai53.sys -> %SystemRoot%\System32\drivers\Rai53.sys ->  [Ver =  | Size = 32256 bytes | Created Date = 9/2/2008 4:53:09 PM | Attr =	]

21a8D.mht -> %SystemRoot%\System32\21a8D.mht ->  [Ver =  | Size = 2335270 bytes | Created Date = 9/6/2008 5:39:19 PM | Attr =	]

809CC.sys -> %SystemRoot%\System32\809CC.sys ->  [Ver =  | Size = 54624 bytes | Created Date = 9/6/2008 5:56:57 PM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 152 bytes | Created Date = 9/6/2008 8:38:52 AM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 9/5/2008 10:27:13 PM | Attr =	]

tevmzere -> %AllUsersProfile%\Application Data\tevmzere ->  [Folder | Created Date = 9/3/2008 10:34:38 AM | Attr =	]

vwxotkpa -> %AllUsersProfile%\Application Data\vwxotkpa ->  [Folder | Created Date = 9/3/2008 10:47:41 PM | Attr =	]

Microsoft Excel 97-2003.ADR -> %AppData%\Microsoft Excel 97-2003.ADR ->  [Ver =  | Size = 38476 bytes | Created Date = 9/4/2008 3:04:26 PM | Attr =	]

Deployment -> %UserProfile%\Local Settings\Application Data\Deployment ->  [Folder | Created Date = 8/28/2008 7:34:56 PM | Attr =	]

Soccer Champs 2008.JPG -> %UserProfile%\My Documents\Soccer Champs 2008.JPG ->  [Ver =  | Size = 1467036 bytes | Created Date = 8/28/2008 5:49:36 AM | Attr =	]

Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 802 bytes | Created Date = 9/5/2008 10:34:03 PM | Attr =	]

Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk ->  [Ver =  | Size = 802 bytes | Created Date = 9/5/2008 10:34:04 PM | Attr =	]

aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe ->  [Ver =  | Size = 19153264 bytes | Created Date = 9/5/2008 10:20:16 PM | Attr =	]

Bx Employers.xls -> %UserProfile%\Desktop\Bx Employers.xls ->  [Ver =  | Size = 23552 bytes | Created Date = 8/21/2008 10:27:17 PM | Attr =	]

CREAM  LOTION.xls -> %UserProfile%\Desktop\CREAM  LOTION.xls ->  [Ver =  | Size = 19968 bytes | Created Date = 8/25/2008 6:14:39 PM | Attr =	]

Grand Opening PR.doc -> %UserProfile%\Desktop\Grand Opening PR.doc ->  [Ver =  | Size = 32256 bytes | Created Date = 9/5/2008 3:22:41 PM | Attr =	]

Grand Opening PR.docx -> %UserProfile%\Desktop\Grand Opening PR.docx ->  [Ver =  | Size = 14338 bytes | Created Date = 9/5/2008 3:28:02 PM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1743 bytes | Created Date = 9/7/2008 9:25:00 AM | Attr =	]

McafeeRootkitDetective -> %UserProfile%\Desktop\McafeeRootkitDetective ->  [Folder | Created Date = 9/6/2008 5:38:02 PM | Attr =	]

McafeeRootkitDetective(2) -> %UserProfile%\Desktop\McafeeRootkitDetective(2) ->  [Folder | Created Date = 9/7/2008 9:41:28 AM | Attr =	]

McafeeRootkitDetective(2).zip -> %UserProfile%\Desktop\McafeeRootkitDetective(2).zip ->  [Ver =  | Size = 1728150 bytes | Created Date = 9/7/2008 9:41:11 AM | Attr =	]

McafeeRootkitDetective.zip -> %UserProfile%\Desktop\McafeeRootkitDetective.zip ->  [Ver =  | Size = 1728150 bytes | Created Date = 9/6/2008 5:37:16 PM | Attr =	]

New Microsoft Office Word Document.docx -> %UserProfile%\Desktop\New Microsoft Office Word Document.docx ->  [Ver =  | Size = 0 bytes | Created Date = 9/4/2008 12:51:06 PM | Attr =	]

Open House Postcard.pdf -> %UserProfile%\Desktop\Open House Postcard.pdf ->  [Ver =  | Size = 667420 bytes | Created Date = 8/27/2008 6:54:41 AM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 9/7/2008 9:58:14 AM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 9/7/2008 9:57:59 AM | Attr =	]

Prof MD List.xls -> %UserProfile%\Desktop\Prof MD List.xls ->  [Ver =  | Size = 244224 bytes | Created Date = 9/4/2008 3:42:01 PM | Attr =	]

PTOS Pts 8-15-08.xlsx -> %UserProfile%\Desktop\PTOS Pts 8-15-08.xlsx ->  [Ver =  | Size = 211462 bytes | Created Date = 8/14/2008 9:42:26 PM | Attr =	]

S Gill 8-26-08.docx -> %UserProfile%\Desktop\S Gill 8-26-08.docx ->  [Ver =  | Size = 10771 bytes | Created Date = 8/26/2008 8:49:31 AM | Attr =	]

Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 942 bytes | Created Date = 9/5/2008 10:30:18 PM | Attr =	]

spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited									 [Ver = 1.6.0				| Size = 15083520 bytes | Created Date = 9/5/2008 10:19:06 PM | Attr =	]

stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 10.0.0.441 | Size = 2204679 bytes | Created Date = 9/6/2008 5:48:51 PM | Attr =	]

stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Created Date = 9/7/2008 8:05:36 AM | Attr =	]

System Backup - 9-5-08.bkf -> %UserProfile%\Desktop\System Backup - 9-5-08.bkf ->  [Ver =  | Size = 3818986491 bytes | Created Date = 9/5/2008 8:43:02 PM | Attr =	]

WSPT Hydroworx Therapy Pool.jpg -> %UserProfile%\Desktop\WSPT Hydroworx Therapy Pool.jpg ->  [Ver =  | Size = 1432392 bytes | Created Date = 9/5/2008 3:38:09 PM | Attr =	]

WSPT.QBW.ND -> %UserProfile%\Desktop\WSPT.QBW.ND ->  [Ver =  | Size = 360 bytes | Created Date = 9/5/2008 1:59:33 PM | Attr =	]

WSPT.QBW.TLG -> %UserProfile%\Desktop\WSPT.QBW.TLG ->  [Ver =  | Size = 327680 bytes | Created Date = 9/5/2008 1:59:23 PM | Attr = R  ]

~qbofx32 -> %UserProfile%\Desktop\~qbofx32 ->  [Ver =  | Size = 35621 bytes | Created Date = 9/5/2008 2:01:07 PM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 9/5/2008 10:26:41 PM | Attr =	]

iPod -> %ProgramFiles%\iPod ->  [Folder | Created Date = 8/14/2008 7:16:38 PM | Attr =	]

iTunes -> %ProgramFiles%\iTunes ->  [Folder | Created Date = 8/14/2008 7:16:24 PM | Attr =	]

Microsoft Common -> %ProgramFiles%\Microsoft Common ->  [Folder | Created Date = 9/2/2008 4:46:19 PM | Attr =	]

Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight ->  [Folder | Created Date = 8/9/2008 1:09:25 PM | Attr =	]

RealVNC -> %ProgramFiles%\RealVNC ->  [Folder | Created Date = 9/5/2008 4:38:52 PM | Attr =	]

Safari -> %ProgramFiles%\Safari ->  [Folder | Created Date = 8/14/2008 6:53:22 PM | Attr =	]

Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 9/5/2008 10:27:13 PM | Attr =	]

Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 9/7/2008 9:25:00 AM | Attr =	]



[Files/Folders - Modified Within 30 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1064226816 bytes | Modified Date = 9/6/2008 3:23:28 PM | Attr =  HS]

hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 262919 bytes | Modified Date = 9/5/2008 11:00:41 PM | Attr = R  ]

Rai53.sys -> %SystemRoot%\System32\drivers\Rai53.sys ->  [Ver =  | Size = 32256 bytes | Modified Date = 9/5/2008 7:08:39 AM | Attr =	]

21a8D.mht -> %SystemRoot%\System32\21a8D.mht ->  [Ver =  | Size = 2335270 bytes | Modified Date = 9/6/2008 5:39:19 PM | Attr =	]

809CC.sys -> %SystemRoot%\System32\809CC.sys ->  [Ver =  | Size = 54624 bytes | Modified Date = 9/6/2008 5:57:00 PM | Attr =	]

bdod.bin -> %SystemRoot%\System32\bdod.bin ->  [Ver =  | Size = 81984 bytes | Modified Date = 9/7/2008 10:02:23 AM | Attr =	]

7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 325112 bytes | Modified Date = 9/5/2008 7:50:36 PM | Attr =	]

pool.bin -> %SystemRoot%\System32\pool.bin ->  [Ver =  | Size = 256 bytes | Modified Date = 8/25/2008 4:32:53 PM | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

bdagent.INI -> %SystemRoot%\bdagent.INI ->  [Ver =  | Size = 121 bytes | Modified Date = 9/6/2008 3:10:16 PM | Attr =	]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 9/6/2008 3:23:35 PM | Attr =   S]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/14/2008 9:51:30 AM | Attr =	]

machine.ver -> %SystemRoot%\machine.ver ->  [Ver =  | Size = 2838 bytes | Modified Date = 8/12/2008 8:08:06 AM | Attr =	]

ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 9/4/2008 3:04:43 PM | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 796 bytes | Modified Date = 9/6/2008 3:03:04 AM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 152 bytes | Modified Date = 9/6/2008 8:38:52 AM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/6/2008 3:23:52 PM | Attr =  H ]

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 12/4/2007 3:58:33 PM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5522 bytes | Modified Date = 9/6/2008 3:24:54 PM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5522 bytes | Modified Date = 9/6/2008 3:24:54 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 12/4/2007 11:11:17 PM | Attr =	]

opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8424 bytes | Modified Date = 12/4/2007 11:01:24 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting ->  [Folder | Modified Date = 6/7/2007 7:27:35 PM | Attr =	]

GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\GridLayout.dat ->  [Ver =  | Size = 396332 bytes | Modified Date = 9/28/2006 9:15:06 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\2.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\2.0 ->  [Folder | Modified Date = 6/7/2007 7:27:25 PM | Attr =	]

pa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office Accounting\2.0\pa.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 9/5/2006 3:10:44 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc ->  [Folder | Modified Date = 9/6/2008 3:26:12 PM | Attr =	]

Perflib_Perfdata_83c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_83c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 9/6/2008 3:24:18 PM | Attr =	]

2 C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp -> 

C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\ -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp ->  [Folder | Modified Date = 9/7/2008 9:59:02 AM | Attr =	]

_is104A.exe -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\_is104A.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 455600 bytes | Modified Date = 1/20/2007 7:46:42 AM | Attr = R  ]

_is31D.exe -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\_is31D.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 455600 bytes | Modified Date = 1/19/2007 2:46:42 PM | Attr = R  ]

_is31E.exe -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\_is31E.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 455600 bytes | Modified Date = 1/19/2007 2:46:42 PM | Attr = R  ]

_is329.exe -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\_is329.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 5/24/2006 1:10:42 PM | Attr = R  ]

_is331.exe -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\_is331.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 455600 bytes | Modified Date = 1/19/2007 2:46:42 PM | Attr = R  ]

_is5D.exe -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\_is5D.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 455600 bytes | Modified Date = 1/19/2007 2:46:42 PM | Attr = R  ]

_isCDA.exe -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\_isCDA.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 455600 bytes | Modified Date = 1/20/2007 7:46:42 AM | Attr = R  ]

11 C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\*.tmp -> 

C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\ins1.tmp\ -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\ins1.tmp\ ->  [Folder | Modified Date = 12/28/2007 10:59:39 PM | Attr =	]

LDMClient.exe -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\ins1.tmp\LDMClient.exe -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 4244292 bytes | Modified Date = 1/23/2007 3:03:16 PM | Attr = R  ]

C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{525EFA3E-5FE0-4C23-BCDE-2653AB4B668E}\ -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{525EFA3E-5FE0-4C23-BCDE-2653AB4B668E} ->  [Folder | Modified Date = 12/27/2007 9:16:26 PM | Attr =	]

ISSetup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{525EFA3E-5FE0-4C23-BCDE-2653AB4B668E}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58849 | Size = 546582 bytes | Modified Date = 7/13/2007 9:48:06 PM | Attr = R  ]

_Setup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{525EFA3E-5FE0-4C23-BCDE-2653AB4B668E}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/17/2006 12:21:04 PM | Attr = R  ]

C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{9062D59D-14F1-4FD4-96F6-00D393D87F02}\ -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{9062D59D-14F1-4FD4-96F6-00D393D87F02} ->  [Folder | Modified Date = 12/11/2007 3:13:55 PM | Attr =	]

ISSetup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{9062D59D-14F1-4FD4-96F6-00D393D87F02}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 4/3/2007 7:48:52 AM | Attr = R  ]

_Setup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{9062D59D-14F1-4FD4-96F6-00D393D87F02}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/17/2006 12:21:04 PM | Attr = R  ]

C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{AAED6B82-DB9B-4C55-8181-95B6721AFC49}\ -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{AAED6B82-DB9B-4C55-8181-95B6721AFC49} ->  [Folder | Modified Date = 12/11/2007 4:44:16 PM | Attr =	]

ISSetup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{AAED6B82-DB9B-4C55-8181-95B6721AFC49}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58849 | Size = 492032 bytes | Modified Date = 1/19/2007 2:43:24 PM | Attr = R  ]

_Setup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{AAED6B82-DB9B-4C55-8181-95B6721AFC49}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/17/2006 11:21:04 AM | Attr = R  ]

C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{B546B4C1-ABF9-40B9-9BB2-DE8BD315749B}\ -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{B546B4C1-ABF9-40B9-9BB2-DE8BD315749B} ->  [Folder | Modified Date = 12/11/2007 3:08:19 PM | Attr =	]

ISSetup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{B546B4C1-ABF9-40B9-9BB2-DE8BD315749B}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58849 | Size = 492032 bytes | Modified Date = 1/19/2007 2:43:24 PM | Attr = R  ]

_Setup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{B546B4C1-ABF9-40B9-9BB2-DE8BD315749B}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/17/2006 11:21:04 AM | Attr = R  ]

C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{B6ECBC20-7EBC-4DD0-BC3D-D80F932861ED}\ -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{B6ECBC20-7EBC-4DD0-BC3D-D80F932861ED} ->  [Folder | Modified Date = 12/28/2007 10:58:32 PM | Attr =	]

ISSetup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{B6ECBC20-7EBC-4DD0-BC3D-D80F932861ED}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58849 | Size = 546582 bytes | Modified Date = 7/13/2007 9:48:06 PM | Attr = R  ]

_Setup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{B6ECBC20-7EBC-4DD0-BC3D-D80F932861ED}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/17/2006 12:21:04 PM | Attr = R  ]

C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{D2928522-69B7-441F-B775-12D2B9781983}\ -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{D2928522-69B7-441F-B775-12D2B9781983} ->  [Folder | Modified Date = 12/11/2007 3:17:51 PM | Attr =	]

ISSetup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{D2928522-69B7-441F-B775-12D2B9781983}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58849 | Size = 492032 bytes | Modified Date = 1/19/2007 2:43:24 PM | Attr = R  ]

_Setup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{D2928522-69B7-441F-B775-12D2B9781983}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/17/2006 11:21:04 AM | Attr = R  ]

C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{F4001F32-A93B-4BBF-8124-CE2C6B09E104}\ -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{F4001F32-A93B-4BBF-8124-CE2C6B09E104} ->  [Folder | Modified Date = 12/11/2007 3:20:55 PM | Attr =	]

ISSetup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{F4001F32-A93B-4BBF-8124-CE2C6B09E104}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.58849 | Size = 492032 bytes | Modified Date = 1/19/2007 2:43:24 PM | Attr = R  ]

_Setup.dll -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\{F4001F32-A93B-4BBF-8124-CE2C6B09E104}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 385968 bytes | Modified Date = 5/17/2006 11:21:04 AM | Attr = R  ]

C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\ -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp ->  [Folder | Modified Date = 9/7/2008 9:59:02 AM | Attr =	]

report.dat -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\report.dat ->  [Ver =  | Size = 16 bytes | Modified Date = 9/7/2008 9:58:56 AM | Attr =	]

11 C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Daniel Seidler\Local Settings\Temp\*.tmp -> 

C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 9/7/2008 10:02:56 AM | Attr =	]

report.dat -> C:\WINDOWS\Temp\report.dat ->  [Ver =  | Size = 16 bytes | Modified Date = 9/7/2008 10:02:57 AM | Attr =	]

2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Microsoft Excel 97-2003.ADR -> %AppData%\Microsoft Excel 97-2003.ADR ->  [Ver =  | Size = 38476 bytes | Modified Date = 9/4/2008 3:04:26 PM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3193580 bytes | Modified Date = 9/2/2008 9:34:16 PM | Attr =  H ]

desktop.ini -> %AllUsersProfile%\Documents\desktop.ini ->  [Ver =  | Size = 132 bytes | Modified Date = 8/26/2008 9:11:22 PM | Attr =  HS]

My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 574 bytes | Modified Date = 9/6/2008 9:50:31 AM | Attr =	]

Soccer Champs 2008.JPG -> %UserProfile%\My Documents\Soccer Champs 2008.JPG ->  [Ver =  | Size = 1467036 bytes | Modified Date = 8/28/2008 5:49:36 AM | Attr =	]

Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 802 bytes | Modified Date = 9/5/2008 10:34:03 PM | Attr =	]

Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk ->  [Ver =  | Size = 802 bytes | Modified Date = 9/5/2008 10:34:04 PM | Attr =	]

aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe ->  [Ver =  | Size = 19153264 bytes | Modified Date = 9/5/2008 10:23:40 PM | Attr =	]

Bx Employers.xls -> %UserProfile%\Desktop\Bx Employers.xls ->  [Ver =  | Size = 23552 bytes | Modified Date = 8/21/2008 10:27:17 PM | Attr =	]

CREAM  LOTION.xls -> %UserProfile%\Desktop\CREAM  LOTION.xls ->  [Ver =  | Size = 19968 bytes | Modified Date = 8/25/2008 6:14:43 PM | Attr =	]

Extension Directory.msg -> %UserProfile%\Desktop\Extension Directory.msg ->  [Ver =  | Size = 25600 bytes | Modified Date = 9/4/2008 2:02:54 PM | Attr =	]

Grand Opening PR.doc -> %UserProfile%\Desktop\Grand Opening PR.doc ->  [Ver =  | Size = 32256 bytes | Modified Date = 9/5/2008 3:25:34 PM | Attr =	]

Grand Opening PR.docx -> %UserProfile%\Desktop\Grand Opening PR.docx ->  [Ver =  | Size = 14338 bytes | Modified Date = 9/5/2008 3:28:03 PM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1743 bytes | Modified Date = 9/7/2008 9:25:00 AM | Attr =	]

McafeeRootkitDetective(2).zip -> %UserProfile%\Desktop\McafeeRootkitDetective(2).zip ->  [Ver =  | Size = 1728150 bytes | Modified Date = 9/7/2008 9:41:11 AM | Attr =	]

McafeeRootkitDetective.zip -> %UserProfile%\Desktop\McafeeRootkitDetective.zip ->  [Ver =  | Size = 1728150 bytes | Modified Date = 9/6/2008 5:37:26 PM | Attr =	]

New Microsoft Office Word Document.docx -> %UserProfile%\Desktop\New Microsoft Office Word Document.docx ->  [Ver =  | Size = 0 bytes | Modified Date = 9/4/2008 12:51:06 PM | Attr =	]

Open House Postcard.pdf -> %UserProfile%\Desktop\Open House Postcard.pdf ->  [Ver =  | Size = 667420 bytes | Modified Date = 8/27/2008 6:54:41 AM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 9/7/2008 9:58:01 AM | Attr =	]

Passwords.xlsx -> %UserProfile%\Desktop\Passwords.xlsx ->  [Ver =  | Size = 20992 bytes | Modified Date = 9/4/2008 10:11:27 PM | Attr =	]

Prof MD List.xls -> %UserProfile%\Desktop\Prof MD List.xls ->  [Ver =  | Size = 244224 bytes | Modified Date = 9/4/2008 3:48:42 PM | Attr =	]

PTOS Pts 8-15-08.xlsx -> %UserProfile%\Desktop\PTOS Pts 8-15-08.xlsx ->  [Ver =  | Size = 211462 bytes | Modified Date = 8/18/2008 9:30:07 PM | Attr =	]

S Gill 8-26-08.docx -> %UserProfile%\Desktop\S Gill 8-26-08.docx ->  [Ver =  | Size = 10771 bytes | Modified Date = 8/26/2008 5:14:45 PM | Attr =	]

Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 942 bytes | Modified Date = 9/5/2008 10:30:19 PM | Attr =	]

spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited									 [Ver = 1.6.0				| Size = 15083520 bytes | Modified Date = 9/5/2008 10:20:45 PM | Attr =	]

stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 10.0.0.441 | Size = 2204679 bytes | Modified Date = 9/6/2008 5:49:01 PM | Attr =	]

stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 9/7/2008 8:05:36 AM | Attr =	]

System Backup - 9-5-08.bkf -> %UserProfile%\Desktop\System Backup - 9-5-08.bkf ->  [Ver =  | Size = 3818986491 bytes | Modified Date = 9/5/2008 10:45:39 PM | Attr =	]

WSPT.QBW -> %UserProfile%\Desktop\WSPT.QBW ->  [Ver =  | Size = 23269376 bytes | Modified Date = 9/6/2008 9:46:15 AM | Attr = R  ]

WSPT.QBW.ND -> %UserProfile%\Desktop\WSPT.QBW.ND ->  [Ver =  | Size = 360 bytes | Modified Date = 9/6/2008 9:46:16 AM | Attr =	]

WSPT.QBW.TLG -> %UserProfile%\Desktop\WSPT.QBW.TLG ->  [Ver =  | Size = 327680 bytes | Modified Date = 9/6/2008 9:46:15 AM | Attr = R  ]

~qbofx32 -> %UserProfile%\Desktop\~qbofx32 ->  [Ver =  | Size = 35621 bytes | Modified Date = 9/6/2008 9:44:41 AM | Attr =	]



[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]

Application Data -> C:\Documents and Settings\Administrator\Application Data ->  [Folder | Modified Date = 10/30/2007 2:15:17 AM | Attr = RH ]

Identities -> C:\Documents and Settings\Administrator\Application Data\Identities ->  [Folder | Modified Date = 5/29/2007 12:36:19 PM | Attr =	]

InstallShield -> C:\Documents and Settings\Administrator\Application Data\InstallShield ->  [Folder | Modified Date = 6/7/2007 6:02:41 PM | Attr =	]

Intel -> C:\Documents and Settings\Administrator\Application Data\Intel ->  [Folder | Modified Date = 10/30/2007 2:15:17 AM | Attr =	]

Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft ->  [Folder | Modified Date = 6/7/2007 7:43:02 PM | Attr =   S]

Sun -> C:\Documents and Settings\Administrator\Application Data\Sun ->  [Folder | Modified Date = 6/7/2007 6:57:42 PM | Attr =	]

toshiba -> C:\Documents and Settings\Administrator\Application Data\toshiba ->  [Folder | Modified Date = 6/7/2007 6:25:03 PM | Attr =	]

WinBatch -> C:\Documents and Settings\Administrator\Application Data\WinBatch ->  [Folder | Modified Date = 6/7/2007 3:34:25 PM | Attr =	]

Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 9/5/2008 10:33:06 PM | Attr = RH ]

{174892B1-CBE7-44F5-86FF-AB555EFD73A3} -> C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} ->  [Folder | Modified Date = 6/7/2007 7:33:12 PM | Attr =	]

Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 2/12/2008 11:56:12 AM | Attr =	]

Apple -> C:\Documents and Settings\All Users\Application Data\Apple ->  [Folder | Modified Date = 12/18/2007 9:45:08 PM | Attr =	]

Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer ->  [Folder | Modified Date = 12/18/2007 9:46:51 PM | Attr =	]

BitDefender -> C:\Documents and Settings\All Users\Application Data\BitDefender ->  [Folder | Modified Date = 12/4/2007 10:58:34 PM | Attr =	]

CanonBJ -> C:\Documents and Settings\All Users\Application Data\CanonBJ ->  [Folder | Modified Date = 12/28/2007 10:23:11 PM | Attr =  H ]

Google -> C:\Documents and Settings\All Users\Application Data\Google ->  [Folder | Modified Date = 6/7/2007 7:34:21 PM | Attr =	]

InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield ->  [Folder | Modified Date = 5/3/2008 3:37:53 PM | Attr =	]

Intel -> C:\Documents and Settings\All Users\Application Data\Intel ->  [Folder | Modified Date = 10/30/2007 2:14:52 AM | Attr =	]

Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit ->  [Folder | Modified Date = 12/8/2007 1:05:15 AM | Attr =	]

Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft ->  [Folder | Modified Date = 9/5/2008 10:37:47 PM | Attr =	]

LogiShrd -> C:\Documents and Settings\All Users\Application Data\LogiShrd ->  [Folder | Modified Date = 12/27/2007 9:13:17 PM | Attr =	]

Logitech -> C:\Documents and Settings\All Users\Application Data\Logitech ->  [Folder | Modified Date = 12/27/2007 9:14:30 PM | Attr =	]

McAfee -> C:\Documents and Settings\All Users\Application Data\McAfee ->  [Folder | Modified Date = 6/21/2007 2:37:03 PM | Attr =	]

Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 3/12/2008 6:59:16 PM | Attr =   S]

Microsoft Help -> C:\Documents and Settings\All Users\Application Data\Microsoft Help ->  [Folder | Modified Date = 9/6/2008 3:04:52 AM | Attr =	]

Mindjet -> C:\Documents and Settings\All Users\Application Data\Mindjet ->  [Folder | Modified Date = 5/23/2008 3:05:58 PM | Attr =	]

Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage ->  [Folder | Modified Date = 6/2/2008 6:33:59 PM | Attr =	]

Roxio -> C:\Documents and Settings\All Users\Application Data\Roxio ->  [Folder | Modified Date = 6/29/2008 8:16:55 PM | Attr =	]

Sonic -> C:\Documents and Settings\All Users\Application Data\Sonic ->  [Folder | Modified Date = 5/3/2008 3:37:21 PM | Attr =	]

Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 9/6/2008 5:21:34 PM | Attr =	]

Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec ->  [Folder | Modified Date = 12/4/2007 5:21:43 PM | Attr =	]

tevmzere -> C:\Documents and Settings\All Users\Application Data\tevmzere ->  [Folder | Modified Date = 9/6/2008 3:06:09 AM | Attr =	]

vwxotkpa -> C:\Documents and Settings\All Users\Application Data\vwxotkpa ->  [Folder | Modified Date = 9/6/2008 3:06:14 AM | Attr =	]

Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 6/7/2007 7:08:09 PM | Attr =	]

WLInstaller -> C:\Documents and Settings\All Users\Application Data\WLInstaller ->  [Folder | Modified Date = 3/12/2008 6:53:51 PM | Attr =	]

Application Data -> C:\Documents and Settings\Daniel Seidler\Application Data ->  [Folder | Modified Date = 9/4/2008 3:04:26 PM | Attr = RH ]

Adobe -> C:\Documents and Settings\Daniel Seidler\Application Data\Adobe ->  [Folder | Modified Date = 12/9/2007 10:18:58 PM | Attr =	]

Amazon -> C:\Documents and Settings\Daniel Seidler\Application Data\Amazon ->  [Folder | Modified Date = 12/28/2007 10:47:28 PM | Attr =	]

Apple Computer -> C:\Documents and Settings\Daniel Seidler\Application Data\Apple Computer ->  [Folder | Modified Date = 8/14/2008 9:43:13 PM | Attr =	]

BitDefender -> C:\Documents and Settings\Daniel Seidler\Application Data\BitDefender ->  [Folder | Modified Date = 12/4/2007 6:14:18 PM | Attr =	]

Blackberry Desktop -> C:\Documents and Settings\Daniel Seidler\Application Data\Blackberry Desktop ->  [Folder | Modified Date = 12/8/2007 1:15:24 PM | Attr =	]

Canon -> C:\Documents and Settings\Daniel Seidler\Application Data\Canon ->  [Folder | Modified Date = 2/12/2008 10:59:06 PM | Attr =	]

FingerAuth -> C:\Documents and Settings\Daniel Seidler\Application Data\FingerAuth ->  [Folder | Modified Date = 1/5/2008 9:18:57 AM | Attr =	]

Fujitsu -> C:\Documents and Settings\Daniel Seidler\Application Data\Fujitsu ->  [Folder | Modified Date = 12/13/2007 1:18:31 PM | Attr =	]

Google -> C:\Documents and Settings\Daniel Seidler\Application Data\Google ->  [Folder | Modified Date = 2/7/2008 3:49:46 PM | Attr =	]

Identities -> C:\Documents and Settings\Daniel Seidler\Application Data\Identities ->  [Folder | Modified Date = 5/29/2007 12:36:19 PM | Attr =	]

InstallShield -> C:\Documents and Settings\Daniel Seidler\Application Data\InstallShield ->  [Folder | Modified Date = 6/7/2007 6:02:41 PM | Attr =	]

Intel -> C:\Documents and Settings\Daniel Seidler\Application Data\Intel ->  [Folder | Modified Date = 10/30/2007 2:15:17 AM | Attr =	]

InterVideo -> C:\Documents and Settings\Daniel Seidler\Application Data\InterVideo ->  [Folder | Modified Date = 1/8/2008 3:13:05 PM | Attr =	]

Intuit -> C:\Documents and Settings\Daniel Seidler\Application Data\Intuit ->  [Folder | Modified Date = 1/28/2008 9:25:43 AM | Attr =	]

Leadertech -> C:\Documents and Settings\Daniel Seidler\Application Data\Leadertech ->  [Folder | Modified Date = 12/11/2007 3:01:50 PM | Attr =	]

Logitech -> C:\Documents and Settings\Daniel Seidler\Application Data\Logitech ->  [Folder | Modified Date = 12/27/2007 9:16:51 PM | Attr =	]

Macromedia -> C:\Documents and Settings\Daniel Seidler\Application Data\Macromedia ->  [Folder | Modified Date = 12/5/2007 9:04:04 PM | Attr =	]

Microsoft -> C:\Documents and Settings\Daniel Seidler\Application Data\Microsoft ->  [Folder | Modified Date = 3/12/2008 8:51:19 PM | Attr =   S]

Mozilla -> C:\Documents and Settings\Daniel Seidler\Application Data\Mozilla ->  [Folder | Modified Date = 9/1/2008 9:09:11 PM | Attr =	]

ntr -> C:\Documents and Settings\Daniel Seidler\Application Data\ntr ->  [Folder | Modified Date = 8/19/2008 7:58:57 AM | Attr =	]

Obsidium -> C:\Documents and Settings\Daniel Seidler\Application Data\Obsidium ->  [Folder | Modified Date = 1/5/2008 9:18:29 AM | Attr =	]

PFU -> C:\Documents and Settings\Daniel Seidler\Application Data\PFU ->  [Folder | Modified Date = 2/12/2008 10:59:01 PM | Attr =	]

Real -> C:\Documents and Settings\Daniel Seidler\Application Data\Real ->  [Folder | Modified Date = 1/27/2008 10:35:48 PM | Attr =	]

Research In Motion -> C:\Documents and Settings\Daniel Seidler\Application Data\Research In Motion ->  [Folder | Modified Date = 12/8/2007 1:13:49 PM | Attr =	]

Roxio -> C:\Documents and Settings\Daniel Seidler\Application Data\Roxio ->  [Folder | Modified Date = 7/17/2008 6:12:46 PM | Attr =	]

SonicWALL -> C:\Documents and Settings\Daniel Seidler\Application Data\SonicWALL ->  [Folder | Modified Date = 3/6/2008 3:30:53 PM | Attr =	]

Sun -> C:\Documents and Settings\Daniel Seidler\Application Data\Sun ->  [Folder | Modified Date = 6/7/2007 6:57:42 PM | Attr =	]

toshiba -> C:\Documents and Settings\Daniel Seidler\Application Data\toshiba ->  [Folder | Modified Date = 6/7/2007 6:25:03 PM | Attr =	]

WinBatch -> C:\Documents and Settings\Daniel Seidler\Application Data\WinBatch ->  [Folder | Modified Date = 6/7/2007 3:34:25 PM | Attr =	]

Windows Desktop Search -> C:\Documents and Settings\Daniel Seidler\Application Data\Windows Desktop Search ->  [Folder | Modified Date = 12/4/2007 9:59:06 PM | Attr =	]

Application Data -> C:\Documents and Settings\Default User\Application Data ->  [Folder | Modified Date = 10/30/2007 2:15:17 AM | Attr = RH ]

Identities -> C:\Documents and Settings\Default User\Application Data\Identities ->  [Folder | Modified Date = 5/29/2007 12:36:19 PM | Attr =	]

InstallShield -> C:\Documents and Settings\Default User\Application Data\InstallShield ->  [Folder | Modified Date = 6/7/2007 6:02:41 PM | Attr =	]

Intel -> C:\Documents and Settings\Default User\Application Data\Intel ->  [Folder | Modified Date = 10/30/2007 2:15:17 AM | Attr =	]

Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft ->  [Folder | Modified Date = 6/7/2007 7:43:02 PM | Attr =   S]

Sun -> C:\Documents and Settings\Default User\Application Data\Sun ->  [Folder | Modified Date = 6/7/2007 6:57:42 PM | Attr =	]

toshiba -> C:\Documents and Settings\Default User\Application Data\toshiba ->  [Folder | Modified Date = 6/7/2007 6:25:03 PM | Attr =	]

WinBatch -> C:\Documents and Settings\Default User\Application Data\WinBatch ->  [Folder | Modified Date = 6/7/2007 3:34:25 PM | Attr =	]

Application Data -> C:\Documents and Settings\LocalService\Application Data ->  [Folder | Modified Date = 9/3/2008 10:50:10 PM | Attr =	]

Intel -> C:\Documents and Settings\LocalService\Application Data\Intel ->  [Folder | Modified Date = 10/30/2007 2:15:18 AM | Attr =	]

Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft ->  [Folder | Modified Date = 7/28/2008 5:18:13 PM | Attr =   S]

Roxio -> C:\Documents and Settings\LocalService\Application Data\Roxio ->  [Folder | Modified Date = 5/3/2008 3:54:53 PM | Attr =	]

wsnpoem -> C:\Documents and Settings\LocalService\Application Data\wsnpoem ->  [Folder | Modified Date = 9/3/2008 10:50:10 PM | Attr =  HS]

Application Data -> C:\Documents and Settings\NetworkService\Application Data ->  [Folder | Modified Date = 9/3/2008 10:57:50 PM | Attr =	]

Intel -> C:\Documents and Settings\NetworkService\Application Data\Intel ->  [Folder | Modified Date = 10/30/2007 2:15:18 AM | Attr =	]

Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft ->  [Folder | Modified Date = 6/7/2007 7:25:17 PM | Attr =   S]

wsnpoem -> C:\Documents and Settings\NetworkService\Application Data\wsnpoem ->  [Folder | Modified Date = 9/3/2008 10:57:50 PM | Attr =  HS]

C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 4/21/2008 5:36:27 PM | Attr =   S]

AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 6/4/2008 8:50:03 AM | Attr =	]

desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = RH ]

SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/6/2008 3:23:52 PM | Attr =  H ]

[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]



[CatchMe Rootkit Scan by GMER]

< Windows folder & sub-folders >

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000138

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

< Document and Settings folder & sub folders >

scanning hidden files ...

IPC error: 2 The system cannot find the file specified.

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\1250 Waters\1250 Tiling\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\1250 Waters\OT\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\1250 Waters\Pics\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\1250 Waters\Pool\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\1250 Waters\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\BXTimes Ad\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\Employees\Ava\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\HMDF\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\Leadership Team\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\Logos\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\Peds Feet_files\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\Photos\Ferris Final\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\Photos\WSPT Proofs\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\PT Bios\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Desktop\WSPT\ADP\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\Favorites\Links\My TotalSource HRMS Login - ADP TotalSource.url:favicon 2238 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Music\Amazon MP3\Devendra Banhart\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Music\Amazon MP3\Iron & Wine\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Music\Amazon MP3\Wilco\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\2500SRA\IMG00126.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\2500SRA\IMG00127.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\2500SRA\IMG00129.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\2500SRA\IMG00130.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\2500SRA\IMG00131.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\2500SRA\IMG00132.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\2500SRA\IMG00134.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\2500SRA\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\June 2008\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00069.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00100.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00122.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00002.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00029.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00034.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00037.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00046.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00060.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00070.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00076.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00083.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00084.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00086.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00087.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00088.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00091.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00092.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00093.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00094.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00095.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00096.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00097.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00098.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00099.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00117.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00142.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00143.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00154.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00155.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00158.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00159.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00160.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00161.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00163.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00523.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00559.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00560.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\IMG00563.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Spring 2008\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Summer 2008\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Team NYC Comic Book\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\Winter 2008\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00144.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00016.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00053.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00061.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00062.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00063.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00065.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00066.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00101.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00102.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00103.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00104.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00106.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00107.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00108.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00109.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00111.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00112.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00113.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00114.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00115.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00116.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00124.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00125.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00135.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00136.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00137.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00140.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00141.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPT1250Waters\IMG00149.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPTPhotoShoot1\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\My Pictures\WSPTPhotoShootTour\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\PT Certificates\2007\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Daniel Seidler\My Documents\Thumbs.db:encryptable 0 bytes

scan completed successfully

hidden files: 122



< End of report >


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:57 PM

Posted 08 September 2008 - 03:58 AM

Hi do you have a log from Bit Defender showing the threats location?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 wspt4

wspt4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 08 September 2008 - 08:54 AM

BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 19:29:29 05/09/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1220657369_2_02.xml

Scan Paths:Path0000: C:\


Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes


Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 1727464
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
Archive plugins : 43
System plugins : 4
Unpack plugins : 7


Overall scan summaryScanned items : 226599
Infected items : 4
Suspicious items : 0
Resolved items : 2
Individual viruses found : 3
Scanned directories : 5088
Scanned boot sectors : 3
Scanned archives : 2086
Input-output errors : 68
Scan time : 00:05:27:53
Files per second : 11


Scanned processes summaryScanned : 95
Infected : 0


Scanned registry keys summaryScanned : 416
Infected : 0


Scanned cookies summaryScanned : 0
Infected : 0


Remaining issues:Object Name Threat Name Final Status
[System] Trojan.Inject.IA Disinfect Failed
[System] Trojan.Inject.IA Disinfect Failed


Resolved issues:Object Name Threat Name Final Status
[System]=]C:\WINDOWS\System32\svchost.exe (memory dump) Trojan.Agent.AAMX Deleted
[System] Trojan.Generic.313463 Deleted


Objects that were not scanned:Object Name Reason Final Status

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:57 PM

Posted 08 September 2008 - 07:45 PM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in one at a time)

C:\Windows\System32\drivers\Rai53.sys
C:\Windows\System32\21a8D.mht
C:\Windows\System32\809CC.sys

Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 wspt4

wspt4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 08 September 2008 - 10:44 PM

Scan taken on 09 Sep 2008 03:41:01 (GMT)
A-Squared Found nothing
AntiVir Found TR/Drop.Cutwail.AK
ArcaVir Found nothing
Avast Found Win32:Cutwail
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

#8 wspt4

wspt4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 08 September 2008 - 10:55 PM

Scan taken on 09 Sep 2008 03:41:01 (GMT)
Rai53

A-Squared Found nothing
AntiVir Found TR/Drop.Cutwail.AK
ArcaVir Found nothing
Avast Found Win32:Cutwail
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing





Scan taken on 09 Sep 2008 03:48:18 (GMT)
21a8d

A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing



Scan taken on 09 Sep 2008 03:51:03 (GMT)
809cc

A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:57 PM

Posted 09 September 2008 - 04:19 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
You can use the download for service pack 3.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 wspt4

wspt4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 09 September 2008 - 03:52 PM

ComboFix 08-09-05.12 - Daniel Seidler 2008-09-09 12:28:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.494 [GMT -4:00]
Running from: C:\Documents and Settings\Daniel Seidler\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\Rai53.sys
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\Program Files\Microsoft Common
C:\Program Files\Microsoft Common\wuauclt.exe
C:\WINDOWS\system32\bszip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RAI53
-------\Legacy_TCPSR
-------\Service_Rai53
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-09 10:10 . 2008-09-09 10:10 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-09-09 10:09 . 2008-09-09 10:15 <DIR> d-------- C:\WINDOWS\system32\DLA
2008-09-09 10:09 . 2006-07-21 11:21 99,176 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2008-09-09 10:09 . 2006-08-18 13:17 92,920 --a------ C:\WINDOWS\DLA.EXE
2008-09-09 10:09 . 2006-08-18 13:17 56,056 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2008-09-09 10:09 . 2006-08-11 11:05 51,768 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2008-09-09 10:09 . 2006-08-11 10:35 28,184 --a------ C:\WINDOWS\system32\drivers\DLARTL_M.SYS
2008-09-09 10:09 . 2006-08-11 10:35 12,920 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2008-09-08 23:05 . 2008-09-08 23:05 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-08 23:05 . 2008-09-08 23:05 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-08 23:05 . 2008-09-08 23:05 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-08 23:05 . 2008-09-08 23:05 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-08 23:00 . 2008-09-08 23:06 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-08 22:35 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-09-08 22:34 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-08 22:33 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-08 22:32 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-08 22:31 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-09-08 15:47 . 2008-09-08 15:47 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-08 15:47 . 2008-09-08 15:47 <DIR> d-------- C:\Documents and Settings\Daniel Seidler\Application Data\Windows Desktop Search
2008-09-07 09:25 . 2008-09-07 09:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-06 17:57 . 2004-08-04 08:00 708,096 --a------ C:\WINDOWS\system32\e5aD0.tmp
2008-09-06 17:56 . 2008-09-06 17:57 54,624 --a------ C:\WINDOWS\system32\809CC.sys
2008-09-06 17:39 . 2008-09-06 17:39 2,335,270 --a------ C:\WINDOWS\system32\21a8D.mht
2008-09-06 08:38 . 2008-09-09 10:12 319 --a------ C:\WINDOWS\wininit.ini
2008-09-05 22:33 . 2008-09-05 22:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-05 22:33 . 2008-09-05 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 22:27 . 2008-09-05 22:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-05 22:27 . 2008-09-06 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 22:26 . 2008-09-05 22:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 16:40 . 2008-09-05 16:40 167,936 --a------ C:\Temp\KRlyCLis.exe
2008-09-05 16:38 . 2008-09-05 16:38 <DIR> d-------- C:\Program Files\RealVNC
2008-09-03 22:47 . 2008-09-06 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vwxotkpa
2008-09-03 10:34 . 2008-09-06 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\tevmzere
2008-09-02 16:54 . 2008-08-31 16:22 196,791 --a------ C:\WINDOWS\system32\_scui.cpl
2008-09-02 16:46 . 2004-08-04 08:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-08-14 19:16 . 2008-08-14 19:17 <DIR> d-------- C:\Program Files\iTunes
2008-08-14 19:16 . 2008-08-14 19:16 <DIR> d-------- C:\Program Files\iPod
2008-08-14 18:53 . 2008-08-14 18:55 <DIR> d-------- C:\Program Files\Safari
2008-08-13 15:24 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 15:22 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-09 13:09 . 2008-08-09 13:09 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 15:22 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 14:12 --------- d-----w C:\Documents and Settings\Daniel Seidler\Application Data\InstallShield
2008-09-09 14:11 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-09-09 14:10 --------- d-----w C:\Program Files\Roxio
2008-09-09 13:00 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-09-08 19:47 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-19 11:58 --------- d-----w C:\Documents and Settings\Daniel Seidler\Application Data\ntr
2008-08-15 01:43 --------- d-----w C:\Documents and Settings\Daniel Seidler\Application Data\Apple Computer
2008-08-07 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 19:45 --------- d-----w C:\Program Files\Citrix
2008-07-23 21:42 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-17 22:12 --------- d-----w C:\Documents and Settings\Daniel Seidler\Application Data\Roxio
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2004-06-30 13:54 544 ------w C:\Program Files\dlbcEN.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.exe" [2005-06-28 126976]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"TosAutLk"="C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2006-11-20 110592]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-26 90112]
"TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-09 344144]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-09 159744]
"Kaseya Agent Service Helper"="C:\Program Files\Kaseya\Agent\KaUsrTsk.exe" [2008-03-07 229376]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-20 101144]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-20 125720]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-20 84760]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-13 311296]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-02 368640]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 40048]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"MMReminderService"="C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe" [2008-03-19 37144]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"TPSODDCtl"="TPSODDCtl.exe" [2007-04-24 C:\WINDOWS\system32\TPSODDCtl.exe]
"TPSMain"="TPSMain.exe" [2007-04-24 C:\WINDOWS\system32\TPSMain.exe]
"TOSDCR"="TOSDCR.EXE" [2005-12-13 C:\WINDOWS\system32\TOSDCR.exe]
"TFNF5"="TFNF5.exe" [2006-04-10 C:\WINDOWS\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
CardMinder Viewer.lnk - C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe [2007-12-11 36864]
Conversion to PDF with ScanSnap Organizer.lnk - C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2007-12-11 24576]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-28 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-10 784912]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-06 815104]
ScanSnap Manager.lnk - C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe [2007-12-11 1769472]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rai53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThpSrv]
C:\WINDOWS\system32\thpsrv [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--------- 2006-07-05 15:14 258048 C:\WINDOWS\system32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--------- 2004-03-24 01:40 196608 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--------- 2007-01-25 20:47 136816 c:\Toshiba\IVP\ISM\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--------- 2001-06-23 07:28 24576 C:\WINDOWS\system32\000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--------- 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--------- 2007-04-12 20:33 16132608 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2007-04-27 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2007-03-09 6528]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2007-09-27 101528]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 KaseyaAgent;Kaseya Agent;C:\Program Files\Kaseya\Agent\AgentMon.exe [2008-05-07 598016]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-02 86792]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2007-02-21 435072]
S3 809CC;809CC;C:\WINDOWS\system32\809CC.sys [2008-09-06 54624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9e10241-19d4-11dc-9f6c-000e7b131aa5}]
\Shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PfuSsSct.exe - C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
MSConfigStartUp-combofix - C:\WINDOWS\system32\CF31453.exe
MSConfigStartUp-buritos - buritos.exe
MSConfigStartUp-CFSServ - CFSServ.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Daniel Seidler\Application Data\Mozilla\Firefox\Profiles\b8052ncb.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - nytimes.com
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPXPEE.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 12:39:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\TME3\TMEEJME.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-09-09 12:48:58 - machine was rebooted [Daniel Seidler]
ComboFix-quarantined-files.txt 2008-09-09 16:47:48

Pre-Run: 1,754,599,424 bytes free
Post-Run: 1,848,803,328 bytes free

299 --- E O F --- 2008-09-09 10:42:52




ComboFix 08-09-05.12 - Daniel Seidler 2008-09-09 12:28:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.494 [GMT -4:00]
Running from: C:\Documents and Settings\Daniel Seidler\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\Rai53.sys
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\Program Files\Microsoft Common
C:\Program Files\Microsoft Common\wuauclt.exe
C:\WINDOWS\system32\bszip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RAI53
-------\Legacy_TCPSR
-------\Service_Rai53
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-09 10:10 . 2008-09-09 10:10 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-09-09 10:09 . 2008-09-09 10:15 <DIR> d-------- C:\WINDOWS\system32\DLA
2008-09-09 10:09 . 2006-07-21 11:21 99,176 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2008-09-09 10:09 . 2006-08-18 13:17 92,920 --a------ C:\WINDOWS\DLA.EXE
2008-09-09 10:09 . 2006-08-18 13:17 56,056 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2008-09-09 10:09 . 2006-08-11 11:05 51,768 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2008-09-09 10:09 . 2006-08-11 10:35 28,184 --a------ C:\WINDOWS\system32\drivers\DLARTL_M.SYS
2008-09-09 10:09 . 2006-08-11 10:35 12,920 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2008-09-08 23:05 . 2008-09-08 23:05 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-08 23:05 . 2008-09-08 23:05 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-08 23:05 . 2008-09-08 23:05 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-08 23:05 . 2008-09-08 23:05 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-08 23:00 . 2008-09-08 23:06 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-08 22:35 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-09-08 22:34 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-08 22:33 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-08 22:32 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-08 22:31 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-09-08 15:47 . 2008-09-08 15:47 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-08 15:47 . 2008-09-08 15:47 <DIR> d-------- C:\Documents and Settings\Daniel Seidler\Application Data\Windows Desktop Search
2008-09-07 09:25 . 2008-09-07 09:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-06 17:57 . 2004-08-04 08:00 708,096 --a------ C:\WINDOWS\system32\e5aD0.tmp
2008-09-06 17:56 . 2008-09-06 17:57 54,624 --a------ C:\WINDOWS\system32\809CC.sys
2008-09-06 17:39 . 2008-09-06 17:39 2,335,270 --a------ C:\WINDOWS\system32\21a8D.mht
2008-09-06 08:38 . 2008-09-09 10:12 319 --a------ C:\WINDOWS\wininit.ini
2008-09-05 22:33 . 2008-09-05 22:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-05 22:33 . 2008-09-05 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 22:27 . 2008-09-05 22:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-05 22:27 . 2008-09-06 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 22:26 . 2008-09-05 22:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 16:40 . 2008-09-05 16:40 167,936 --a------ C:\Temp\KRlyCLis.exe
2008-09-05 16:38 . 2008-09-05 16:38 <DIR> d-------- C:\Program Files\RealVNC
2008-09-03 22:47 . 2008-09-06 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vwxotkpa
2008-09-03 10:34 . 2008-09-06 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\tevmzere
2008-09-02 16:54 . 2008-08-31 16:22 196,791 --a------ C:\WINDOWS\system32\_scui.cpl
2008-09-02 16:46 . 2004-08-04 08:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-08-14 19:16 . 2008-08-14 19:17 <DIR> d-------- C:\Program Files\iTunes
2008-08-14 19:16 . 2008-08-14 19:16 <DIR> d-------- C:\Program Files\iPod
2008-08-14 18:53 . 2008-08-14 18:55 <DIR> d-------- C:\Program Files\Safari
2008-08-13 15:24 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 15:22 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-09 13:09 . 2008-08-09 13:09 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 15:22 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 14:12 --------- d-----w C:\Documents and Settings\Daniel Seidler\Application Data\InstallShield
2008-09-09 14:11 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-09-09 14:10 --------- d-----w C:\Program Files\Roxio
2008-09-09 13:00 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-09-08 19:47 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-19 11:58 --------- d-----w C:\Documents and Settings\Daniel Seidler\Application Data\ntr
2008-08-15 01:43 --------- d-----w C:\Documents and Settings\Daniel Seidler\Application Data\Apple Computer
2008-08-07 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 19:45 --------- d-----w C:\Program Files\Citrix
2008-07-23 21:42 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-17 22:12 --------- d-----w C:\Documents and Settings\Daniel Seidler\Application Data\Roxio
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2004-06-30 13:54 544 ------w C:\Program Files\dlbcEN.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.exe" [2005-06-28 126976]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"TosAutLk"="C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2006-11-20 110592]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-26 90112]
"TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-09 344144]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-09 159744]
"Kaseya Agent Service Helper"="C:\Program Files\Kaseya\Agent\KaUsrTsk.exe" [2008-03-07 229376]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-20 101144]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-20 125720]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-20 84760]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-13 311296]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-02 368640]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 40048]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"MMReminderService"="C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe" [2008-03-19 37144]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"TPSODDCtl"="TPSODDCtl.exe" [2007-04-24 C:\WINDOWS\system32\TPSODDCtl.exe]
"TPSMain"="TPSMain.exe" [2007-04-24 C:\WINDOWS\system32\TPSMain.exe]
"TOSDCR"="TOSDCR.EXE" [2005-12-13 C:\WINDOWS\system32\TOSDCR.exe]
"TFNF5"="TFNF5.exe" [2006-04-10 C:\WINDOWS\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
CardMinder Viewer.lnk - C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe [2007-12-11 36864]
Conversion to PDF with ScanSnap Organizer.lnk - C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2007-12-11 24576]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-28 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-10 784912]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-06 815104]
ScanSnap Manager.lnk - C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe [2007-12-11 1769472]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rai53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThpSrv]
C:\WINDOWS\system32\thpsrv [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--------- 2006-07-05 15:14 258048 C:\WINDOWS\system32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--------- 2004-03-24 01:40 196608 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--------- 2007-01-25 20:47 136816 c:\Toshiba\IVP\ISM\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--------- 2001-06-23 07:28 24576 C:\WINDOWS\system32\000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--------- 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--------- 2007-04-12 20:33 16132608 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2007-04-27 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2007-03-09 6528]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2007-09-27 101528]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 KaseyaAgent;Kaseya Agent;C:\Program Files\Kaseya\Agent\AgentMon.exe [2008-05-07 598016]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-02 86792]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2007-02-21 435072]
S3 809CC;809CC;C:\WINDOWS\system32\809CC.sys [2008-09-06 54624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9e10241-19d4-11dc-9f6c-000e7b131aa5}]
\Shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PfuSsSct.exe - C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
MSConfigStartUp-combofix - C:\WINDOWS\system32\CF31453.exe
MSConfigStartUp-buritos - buritos.exe
MSConfigStartUp-CFSServ - CFSServ.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Daniel Seidler\Application Data\Mozilla\Firefox\Profiles\b8052ncb.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - nytimes.com
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPXPEE.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 12:39:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\TME3\TMEEJME.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-09-09 12:48:58 - machine was rebooted [Daniel Seidler]
ComboFix-quarantined-files.txt 2008-09-09 16:47:48

Pre-Run: 1,754,599,424 bytes free
Post-Run: 1,848,803,328 bytes free

299 --- E O F --- 2008-09-09 10:42:52

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:57 PM

Posted 09 September 2008 - 08:50 PM

Open notepad and copy/paste the text in the codebox below into it:

http://www.bleepingcomputer.com/forums/t/167943/infected-with-trojaninjectia/?p=939673

Suspect::
C:\WINDOWS\system32\e5aD0.tmp
C:\WINDOWS\system32\809CC.sys
C:\WINDOWS\system32\21a8D.mht

Folder::
C:\Documents and Settings\All Users\Application Data\vwxotkpa
C:\Documents and Settings\All Users\Application Data\tevmzere

File::
C:\WINDOWS\system32\_scui.cpl

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rai53.sys]


Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 wspt4

wspt4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 09 September 2008 - 09:32 PM

I performed the previous ComboFix procedure and sumbitted the log file.
Thanks.

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:57 PM

Posted 10 September 2008 - 03:58 AM

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 wspt4

wspt4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 10 September 2008 - 08:19 AM

I did the MBAM download and scan.
The first time I ran it and walked away for an hour.
When I returned my system had restarted, so I went back to the software and checked the LOG tab - it was blank. So, I ran another MBAM scan - the log is below.



Malwarebytes' Anti-Malware 1.28
Database version: 1136
Windows 5.1.2600 Service Pack 3

9/10/2008 9:15:02 AM
mbam-log-2008-09-10 (09-15-02).txt

Scan type: Quick Scan
Objects scanned: 55382
Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:57 PM

Posted 10 September 2008 - 09:36 AM

Looks good how are things running and have there been anymore popups?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users