Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unresponsive Keyboard


  • Please log in to reply
25 replies to this topic

#1 mictamcody2000

mictamcody2000

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Location:Lansing, Michigan
  • Local time:03:20 AM

Posted 02 February 2007 - 03:17 PM

ok i was reading this

and i have the same problem my keyboard goes unresponsive when i push the volume buttons and i have no clue what atmfd.exe is but i have it

heres my hijackthis log:




Logfile of HijackThis v1.99.1
Scan saved at 3:15:17 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SensorsViewPro31\sviewpro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Yamicsoft\WinXP Manager\WinXP Manager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Mike\Desktop\tightvnc-1.2.9_x86\tightvnc-1.2.9_x86_viewer\vncviewer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yamicsoft\WinXP Manager\StartupManager.exe
C:\Documents and Settings\Mike\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartUp199] C:\WINDOWS\system32\atmfd.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SensorsViewPro31] C:\Program Files\SensorsViewPro31\sviewpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [StartUp199] C:\WINDOWS\system32\atmfd.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_compone...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139051276125
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://129.15.200.151/activex/AMC.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371290.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...907/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe



this is what i got from virus total also

should i be worried that 6 of those detected it and zonealarm detected it as malware also?

Edited by mictamcody2000, 02 February 2007 - 03:40 PM.


BC AdBot (Login to Remove)

 


m

#2 mictamcody2000

mictamcody2000
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Location:Lansing, Michigan
  • Local time:03:20 AM

Posted 03 February 2007 - 06:20 PM

also my computer freezes alot and does "short freezes" what is a short freeze? it doesnt do anything for about 30 seconds and then it does what ever i did during the 30 seconds after it starts working again lol

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 AM

Posted 10 February 2007 - 11:59 AM

Hello mictamcody2000 and welcome to the BC HijackThis forum. Let's do a little cleanup and get rid of that file.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [StartUp199] C:\WINDOWS\system32\atmfd.exe
O4 - HKCU\..\Run: [StartUp199] C:\WINDOWS\system32\atmfd.exe
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - <a href="http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe" target="_blank">http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe</a>

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\system32\atmfd.exe
Reboot normally and run at least 2 of the following on-line virus scans:Bitdefender <<<Add a check by 'Autoclean'.
eTrust <<<'Cure' whatever is found, then delete if unsuccessful
Housecall <<<Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan <<<Accept default settings
If there are any files that cannot be automatically disinfected or quarantined then you will need to delete them manually.

Ok. Now reboot and start HijackThis again. Perform a new scan and post the new log file back here and I will review it when it comes in.

Cheers.

OT

Edited by OldTimer, 10 February 2007 - 12:00 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 mictamcody2000

mictamcody2000
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Location:Lansing, Michigan
  • Local time:03:20 AM

Posted 25 February 2007 - 02:45 AM

When i Go to scan and it scans for like an hour or two then the browser closes itself.

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 AM

Posted 25 February 2007 - 09:00 AM

Hi mictamcody2000. Does that happen on all of them? If it just happened on one of the scanners then pick a different one and try that.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 mictamcody2000

mictamcody2000
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Location:Lansing, Michigan
  • Local time:03:20 AM

Posted 25 February 2007 - 03:43 PM

Yes, It happens on all of them.

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 AM

Posted 25 February 2007 - 04:16 PM

Alright. Let's try something else.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 mictamcody2000

mictamcody2000
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Location:Lansing, Michigan
  • Local time:03:20 AM

Posted 25 February 2007 - 04:39 PM

I Clicked on "All" For all of the scan options.

You Made it sound like it would take hours. It only took about 10 min.


[quote]WinPFind3 logfile created on: 2/25/2007 4:22:19 PM
WinPFind3U by OldTimer - Version 1.0.19 Folder = C:\Documents and Settings\Mike\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1309168 Kb Total Physical Memory | 643436 Kb Available Physical Memory | 49.15% Memory free
1946988 Kb Paging File | 749736 Kb Available in Paging File | 38.51% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97675168 Kb Total Space | 52514072 Kb Free Space | 53.76% Space Free
Drive D: | 555676 Kb Total Space | 0 Kb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - All]
smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 8:02:58 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:50 PM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:50 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> File not found
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 7:59:42 AM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 11:39:46 PM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 2:32:34 PM | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 7:28:28 AM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 1:29:46 PM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2908 (xpsp_sp2_gdr.060513-0343) | Size = 181248 bytes | Modified Date = 5/14/2006 3:44:08 AM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 11:27:56 AM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 9:47:16 PM | Attr = ]
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
stylexpservice.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 5/24/2006 1:31:08 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 185344 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 10:35:06 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 9/3/2006 2:04:08 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 8:02:58 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/1/2006 11:33:40 PM | Attr = ]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 65536 bytes | Modified Date = 2/17/2005 11:50:22 AM | Attr = ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Broadcom Corporation [Ver = 3.100.64.1 | Size = 847983 bytes | Modified Date = 2/17/2005 11:50:22 AM | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 6:53:32 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 6:36:34 PM | Attr = ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\w3ssl.dll [HTTPFilter] -> Microsoft Corporation [Ver = 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.21.1 | Size = 38912 bytes | Modified Date = 2/22/2005 6:32:14 PM | Attr = ]
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Modified Date = 6/19/2003 10:25:00 PM | Attr = ]
snmp.exe -> %System32%\snmp.exe -> Microsoft Corporation [Ver = 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303) | Size = 33280 bytes | Modified Date = 11/20/2006 3:42:46 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
-> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/19/2006 1:16:48 PM | Attr = ]
uphclean.exe -> %ProgramFiles%\UPHClean\uphclean.exe -> Microsoft Corporation [Ver = 1.6.30.0 | Size = 241725 bytes | Modified Date = 4/27/2005 1:59:24 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
wmpnetwk.exe -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 913408 bytes | Modified Date = 10/18/2006 8:05:24 PM | Attr = ]
zunenss.exe -> %ProgramFiles%\Zune\ZuneNss.exe -> Microsoft Corporation [Ver = 1.2.5511.0 (Zune.061212-1431) | Size = 971224 bytes | Modified Date = 12/12/2006 2:46:26 PM | Attr = ]
fxssvc.exe -> %System32%\fxssvc.exe -> Microsoft Corporation [Ver = 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 267776 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2/2/2005 7:12:22 AM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2/2/2005 7:11:12 AM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:20 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 1/20/2007 7:41:46 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 84640 bytes | Modified Date = 9/3/2006 2:04:26 AM | Attr = ]
bcmntray.exe -> %System32%\bcmntray.EXE -> Broadcom Corporation [Ver = 3.100.64.1 | Size = 1040384 bytes | Modified Date = 2/17/2005 11:50:20 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
yahoocentral.exe -> %ProgramFiles%\Yahoo!\YCentral\YahooCentral.exe -> Yahoo! Inc. [Ver = 2006, 2, 23, 1 | Size = 413208 bytes | Modified Date = 2/24/2006 12:59:28 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
wmiprvse.exe -> %System32%\wbem\wmiprvse.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 218112 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 3 | Size = 794624 bytes | Modified Date = 4/11/2005 5:21:02 PM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 1:11:42 AM | Attr = ]
ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 3/22/2005 11:05:00 PM | Attr = ]
hpqwmi.exe -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 3/4/2005 2:16:18 PM | Attr = R ]
msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ]
wmpnscfg.exe -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 204288 bytes | Modified Date = 10/18/2006 8:05:26 PM | Attr = ]
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:38 AM | Attr = ]
stylexp.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe -> [Ver = 0, 30, 19, 0 | Size = 1372160 bytes | Modified Date = 5/24/2006 1:31:40 PM | Attr = ]
hpobnz08.exe -> %ProgramFiles%\Hp\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 323646 bytes | Modified Date = 4/9/2003 4:41:38 PM | Attr = ]
hpotdd01.exe -> %ProgramFiles%\Hp\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 5:11:12 PM | Attr = ]
usnsvc.exe -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 97136 bytes | Modified Date = 1/19/2007 12:54:14 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> [Ver = | Size = 99832 bytes | Modified Date = 9/13/2006 1:17:28 PM | Attr = ]
redvex.exe -> %ProgramFiles%\Diablo II\RedVex21\RedVex.exe -> [Ver = | Size = 151552 bytes | Modified Date = 1/21/2007 4:29:04 AM | Attr = ]
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
dlm.exe -> %ProgramFiles%\IGN\Download Manager\DLM.exe -> IGN Entertainment [Ver = 2.3.4.105 | Size = 972432 bytes | Modified Date = 1/11/2007 4:07:52 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 12/20/2006 6:45:32 PM | Attr = ]
stealthbot v2.6r3.exe -> %ProgramFiles%\StealthBot\StealthBot v2.6R3.exe -> Stealth Networks [Ver = 2.06.0020 | Size = 1941512 bytes | Modified Date = 2/21/2007 10:26:12 PM | Attr = ]
hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 5 | Size = 98304 bytes | Modified Date = 12/22/2005 1:06:58 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.19.0 | Size = 311296 bytes | Modified Date = 2/23/2007 9:00:08 PM | Attr = ]

[Win32 Services - All]
(Alerter) Alerter [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 29896 bytes | Modified Date = 9/23/2005 7:28:32 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 8:02:58 PM | Attr = ]
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 6:36:34 PM | Attr = ]
(BITS) Background Intelligent Transfer Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Browser) Computer Browser [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 9/3/2006 2:04:08 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 9/3/2006 2:04:08 AM | Attr = ]
(CiSvc) Indexing Service [Win32_Shared | Disabled | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5632 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 66240 bytes | Modified Date = 9/23/2005 7:28:56 AM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 9/3/2006 2:04:08 AM | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.0.0.142 | Size = 48272 bytes | Modified Date = 9/3/2006 2:54:52 AM | Attr = ]
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Fax) Fax [Win32_Own | Auto | Stop_Pending] -> %System32%\fxssvc.exe -> Microsoft Corporation [Ver = 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 267776 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> Microsoft Corporation [Ver = 3.0.6920.0 (vista_rtm_wcp.061020-1904) | Size = 36864 bytes | Modified Date = 10/20/2006 9:21:24 PM | Attr = ]
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Running] -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 3/4/2005 2:16:18 PM | Attr = R ]
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150016 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 79496 bytes | Modified Date = 9/5/2006 8:22:26 PM | Attr = ]
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.21.1 | Size = 38912 bytes | Modified Date = 2/22/2005 6:32:14 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 9/2/2006 6:36:34 PM | Attr = ]
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(LPDSVC) TCP/IP Print Server [Win32_Shared | On_Demand | Stopped] -> %System32%\tcpsvcs.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 19456 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Modified Date = 6/19/2003 10:25:00 PM | Attr = ]
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 32768 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 6144 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 5/4/2005 2:45:36 PM | Attr = ]
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> Microsoft Corporation [Ver = 3.0.4506.30 (WAPRTM.004506-0030) | Size = 122880 bytes | Modified Date = 10/30/2006 3:34:02 AM | Attr = ]
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> Microsoft Corporation [Ver = 11.0.5525 | Size = 89136 bytes | Modified Date = 7/28/2003 11:28:22 AM | Attr = ]
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 8:31:02 PM | Attr = ]
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 4.0.0.655 | Size = 86016 bytes | Modified Date = 10/17/2006 1:17:40 PM | Attr = ]
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95744 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(SNMP) SNMP Service [Win32_Own | Auto | Running] -> %System32%\snmp.exe -> Microsoft Corporation [Ver = 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303) | Size = 33280 bytes | Modified Date = 11/20/2006 3:42:46 AM | Attr = ]
(SNMPTRAP) SNMP Trap Service [Win32_Own | On_Demand | Stopped] -> %System32%\snmptrap.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8704 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 6:53:32 PM | Attr = ]
(srservice) System Restore Service [Win32_Shared | Auto | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(StyleXPService) StyleXPService [Win32_Own | Auto | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 5/24/2006 1:31:08 PM | Attr = ]
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 12/20/2006 6:45:32 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/1/2006 11:33:40 PM | Attr = ]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89600 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(UPHClean) User Profile Hive Cleanup [Win32_Own | Auto | Running] -> %ProgramFiles%\UPHClean\uphclean.exe -> Microsoft Corporation [Ver = 1.6.30.0 | Size = 241725 bytes | Modified Date = 4/27/2005 1:59:24 PM | Attr = ]
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18432 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 97136 bytes | Modified Date = 1/19/2007 12:54:14 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 75568 bytes | Modified Date = 1/8/2007 2:29:38 PM | Attr = ]
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 289792 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(WinDefend) Windows Defender Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> Microsoft Corporation [Ver = 1.1.1347.0 | Size = 14032 bytes | Modified Date = 4/3/2006 5:12:14 PM | Attr = ]
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(wltrysvc) Broadcom Wireless LAN Tray Service [Win32_Own | Auto | Running] -> %System32%\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe -> File not found
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 126464 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 913408 bytes | Modified Date = 10/18/2006 8:05:24 PM | Attr = ]
(wscsvc) Security Center [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ZuneNetworkSvc) Zune Network Sharing Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Zune\ZuneNss.exe -> Microsoft Corporation [Ver = 1.2.5511.0 (Zune.061212-1431) | Size = 971224 bytes | Modified Date = 12/12/2006 2:46:26 PM | Attr = ]
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 5 | Size = 98304 bytes | Modified Date = 12/22/2005 1:06:58 AM | Attr = ]

[Driver Services - All]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 187776 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ACPIEC) Microsoft Embedded Controller Driver [Kernel | Boot | Running] -> %System32%\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.2180 | Size = 142464 bytes | Modified Date = 2/14/2006 7:22:26 PM | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 2/5/2006 4:40:42 PM | Attr = ]
(AFD) AFD [Kernel | System | Running] -> %System32%\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 138496 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 10:51:56 AM | Attr = ]
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %System32%\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.1.0 built by: dnsrv(wmbla) | Size = 39424 bytes | Modified Date = 8/11/2004 6:30:00 PM | Attr = ]
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\arp1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95360 bytes | Modified Date = 8/3/2004 7:59:44 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6561 | Size = 1273344 bytes | Modified Date = 8/3/2005 8:10:18 PM | Attr = ]
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 8/17/2001 3:59:44 AM | Attr = ]
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %System32%\drivers\bcm42rly.sys -> Broadcom Corporation [Ver = 3.90.19.0 (BROADCOM INTERNAL DRIVER) | Size = 17992 bytes | Modified Date = 12/17/2004 12:52:58 AM | Attr = ]
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.100.15.5 | Size = 604928 bytes | Modified Date = 10/12/2006 11:26:56 PM | Attr = ]
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
© C NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> System32\Drivers\C.sys -> File not found
(CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Running] -> %System32%\drivers\camc6aud.sys -> Conexant Systems Inc. [Ver = 6.14.10.0510 | Size = 37760 bytes | Modified Date = 3/15/2005 11:14:52 AM | Attr = ]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %System32%\drivers\camc6hal.sys -> Conexant Systems Inc. [Ver = 6.14.10.0510 | Size = 346496 bytes | Modified Date = 3/15/2005 11:14:52 AM | Attr = ]
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63744 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmBatt) Microsoft AC Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\CmBatt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14080 bytes | Modified Date = 8/3/2004 1:07:40 PM | Attr = ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Compbatt) Microsoft Composite Battery Driver [Kernel | Boot | Running] -> %System32%\drivers\compbatt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9344 bytes | Modified Date = 8/17/2001 3:58:00 AM | Attr = ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(CSNPD50) CSNPD50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\CSNPD50.sys -> Colasoft Co., Ltd. [Ver = 5.0.0.25 built by: WinDDK | Size = 18048 bytes | Modified Date = 4/28/2005 4:20:42 PM | Attr = ]
(CSTDIDRV) CSTDIDRV [Kernel | On_Demand | Stopped] -> %System32%\drivers\CSTDI50.sys -> Colasoft Co ., Ltd. [Ver = 5, 0, 1, 32 | Size = 24832 bytes | Modified Date = 4/28/2005 4:20:42 PM | Attr = ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36352 bytes | Modified Date = 8/3/2004 10:59:56 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\DMusic.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52864 bytes | Modified Date = 8/4/2004 1:07:40 AM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2944 bytes | Modified Date = 8/4/2004 1:07:58 AM | Attr = ]
(DrvFltIp) DrvFltIp [Kernel | On_Demand | Stopped] -> %ProgramFiles%\BulletProofSoft.com\AdvancedPersonalFirewall\DrvFltIp.sys -> File not found
(eabfiltr) eabfiltr [Kernel | System | Running] -> %System32%\drivers\eabfiltr.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.01.04 | Size = 7936 bytes | Modified Date = 5/5/2005 11:04:08 AM | Attr = ]
(eabusb) eabusb [Kernel | On_Demand | Stopped] -> %System32%\drivers\EabUsb.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.04 | Size = 5760 bytes | Modified Date = 5/5/2005 11:04:04 AM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Modified Date = 11/30/2006 4:00:00 AM | Attr = ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Modified Date = 11/30/2006 4:00:00 AM | Attr = ]
(Fastfat) Fastfat [File_System | Disabled | Stopped] -> %System32%\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27392 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\drivers\fltmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2978 (xpsp_sp2_gdr.060821-0039) | Size = 128896 bytes | Modified Date = 8/21/2006 4:14:58 AM | Attr = ]
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr = ]
(genmcmnUSB) USB Scroll Mouse Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\gflmouhid.sys -> [Ver = 6.09.01 | Size = 6656 bytes | Modified Date = 4/19/2004 3:01:00 PM | Attr = ]
(Gpc) Generic Packet Classifier [Ker

#9 mictamcody2000

mictamcody2000
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Location:Lansing, Michigan
  • Local time:03:20 AM

Posted 25 February 2007 - 04:43 PM

Here is the second part:



[quote](sr) System Restore Filter Driver [File_System | Disabled | Stopped] -> %System32%\drivers\sr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73472 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(SRTSP) SRTSP [File_System | System | Running] -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.0.0.108 | Size = 243376 bytes | Modified Date = 8/22/2006 3:48:24 PM | Attr = ]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.0.0.108 | Size = 275120 bytes | Modified Date = 8/22/2006 3:48:24 PM | Attr = ]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.0.0.108 | Size = 24240 bytes | Modified Date = 8/22/2006 3:48:24 PM | Attr = ]
(Srv) Srv [File_System | On_Demand | Running] -> %System32%\drivers\srv.sys -> Microsoft Corporation [Ver = 5.1.2600.2974 (xpsp_sp2_gdr.060814-0101) | Size = 332928 bytes | Modified Date = 8/14/2006 5:34:42 AM | Attr = ]
(StyleXPHelper) StyleXPHelper [Kernel | System | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPHelper.exe -> Windows ® 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 10880 bytes | Modified Date = 10/31/2005 4:44:40 PM | Attr = ]
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %System32%\drivers\swenum.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4352 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\swmidi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 54272 bytes | Modified Date = 8/17/2001 4:00:52 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys -> Symantec Corporation [Ver = 7.0.0.170 | Size = 11968 bytes | Modified Date = 9/2/2006 2:34:34 PM | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.3.0.14 | Size = 115000 bytes | Modified Date = 12/27/2006 2:40:36 AM | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys -> Symantec Corporation [Ver = 7.0.0.170 | Size = 144832 bytes | Modified Date = 9/2/2006 2:34:42 PM | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 7.0.0.170 | Size = 39104 bytes | Modified Date = 9/2/2006 2:34:50 PM | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20060901.084\SymIDSCo.sys -> Symantec Corporation [Ver = 7.0.0.86 | Size = 176816 bytes | Modified Date = 8/28/2006 10:55:04 PM | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 7.0.0.170 | Size = 33216 bytes | Modified Date = 9/2/2006 2:34:46 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.0.0.170 | Size = 26432 bytes | Modified Date = 9/2/2006 2:34:56 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.0.0.170 | Size = 186048 bytes | Modified Date = 9/2/2006 2:35:00 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 191456 bytes | Modified Date = 2/2/2005 6:58:58 AM | Attr = ]
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %System32%\drivers\sysaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/4/2004 1:15:56 AM | Attr = ]
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %System32%\drivers\tcpip.sys -> Microsoft Corporation [Ver = 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254) | Size = 359808 bytes | Modified Date = 4/20/2006 6:51:50 AM | Attr = ]
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12040 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21896 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %System32%\drivers\termdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 40840 bytes | Modified Date = 8/3/2004 10:01:08 PM | Attr = ]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %System32%\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.2 | Size = 162432 bytes | Modified Date = 9/20/2005 10:30:56 AM | Attr = ]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 8/7/2006 5:16:00 AM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(TSP) TSP [Kernel | On_Demand | Stopped] -> %System32%\drivers\klif.sys -> File not found
(Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66176 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %System32%\drivers\update.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 209408 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbccgp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 31616 bytes | Modified Date = 8/3/2004 10:08:48 PM | Attr = ]
(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbehci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26624 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(usbhub) Microsoft USB Standard Hub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbhub.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57600 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(usbohci) Microsoft USB Open Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbohci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17024 bytes | Modified Date = 8/4/2004 1:08:38 AM | Attr = ]
(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbprint.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25856 bytes | Modified Date = 8/3/2004 10:01:26 PM | Attr = ]
(usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbscan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15104 bytes | Modified Date = 8/3/2004 10:58:46 PM | Attr = ]
(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\USBSTOR.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26496 bytes | Modified Date = 8/3/2004 11:08:48 PM | Attr = ]
(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbuhci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(VgaSave) VgaSave [Kernel | System | Running] -> %System32%\drivers\vga.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ViaIde) ViaIde [Kernel | Boot | Running] -> %System32%\drivers\viaide.sys -> Microsoft Corporation [Ver = 1.00.01.01 | Size = 5376 bytes | Modified Date = 8/3/2004 7:59:44 PM | Attr = ]
(VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52352 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wanarp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wdmaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 82944 bytes | Modified Date = 6/14/2006 4:00:46 AM | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.20.00 built by: WinDDK | Size = 703232 bytes | Modified Date = 3/22/2005 9:39:40 AM | Attr = ]
(WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | System | Running] -> %System32%\drivers\wmiacpi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8832 bytes | Modified Date = 8/3/2004 1:07:42 PM | Attr = ]
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | Disabled | Stopped] -> %System32%\drivers\ws2ifsl.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12032 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfPf.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 77568 bytes | Modified Date = 9/28/2006 6:55:50 PM | Attr = ]
(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfRd.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 82944 bytes | Modified Date = 9/28/2006 7:00:34 PM | Attr = ]

[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 3/22/2005 11:05:00 PM | Attr = ]
Broadcom Wireless Manager UI -> %System32%\bcmntray.EXE -> Broadcom Corporation [Ver = 3.100.64.1 | Size = 1040384 bytes | Modified Date = 2/17/2005 11:50:20 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 84640 bytes | Modified Date = 9/3/2006 2:04:26 AM | Attr = ]
Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe -> [Ver = | Size = 233534 bytes | Modified Date = 2/17/2005 4:01:20 PM | Attr = ]
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 20, 8, 1 | Size = 405504 bytes | Modified Date = 4/18/2006 9:32:00 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1149561633\ee\AOLSoftware.exe -> File not found
HP Software Update -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 1:11:42 AM | Attr = ]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 3 | Size = 794624 bytes | Modified Date = 4/11/2005 5:21:02 PM | Attr = ]
IMJPMIG8.1 -> %SystemRoot%\ime\imjp8_1\imjpmig.exe -> Microsoft Corporation [Ver = 8.1.4202.0 | Size = 208952 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
LSBWatcher -> %SystemDrive%\hp\drivers\hplsbwatcher\lsburnwatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10/14/2004 3:54:32 PM | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
OGAutoStart -> %System32%\taskmagr.exe -> File not found
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Modified Date = 9/5/2006 8:22:28 PM | Attr = ]
PHIME2002A -> %System32%\IME\TINTLGNT\TINTSETP.EXE -> Microsoft Corporation [Ver = 5.2.2801 | Size = 455168 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
PHIME2002ASync -> %System32%\IME\TINTLGNT\TINTSETP.EXE -> Microsoft Corporation [Ver = 5.2.2801 | Size = 455168 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
SensorsViewPro31 -> %ProgramFiles%\SensorsViewPro31\sviewpro.exe -> STV Software [Ver = 3.1.0.16 | Size = 2234880 bytes | Modified Date = 2/1/2007 6:47:08 AM | Attr = ]
Startup32512 -> %System32%\taskmagr.exe -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 1/20/2007 7:41:46 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2/2/2005 7:11:12 AM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2/2/2005 7:12:22 AM | Attr = ]
Windows Defender -> %ProgramFiles%\Windows Defender\MSASCui.exe -> Microsoft Corporation [Ver = 1.1.1347.0 | Size = 777424 bytes | Modified Date = 4/3/2006 5:12:24 PM | Attr = ]
YCentral -> %ProgramFiles%\Yahoo!\YCentral\YahooCentral.exe -> Yahoo! Inc. [Ver = 2006, 2, 23, 1 | Size = 413208 bytes | Modified Date = 2/24/2006 12:59:28 AM | Attr = ]
Zune Launcher -> %ProgramFiles%\Zune\ZuneLauncher.exe -> Microsoft Corporation [Ver = 1.2.5511.0 (Zune.061212-1431) | Size = 21464 bytes | Modified Date = 12/12/2006 2:45:50 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> %SystemDrive%\PROGRA~1\AIM\aim.exe -cnetwait.odl -> File not found
Aim6 -> %CommonProgramFiles%\AOL\Launch\AOLLaunch.exe -> File not found
ccleaner -> %ProgramFiles%\CCleaner\ccleaner.exe -> Piriform Ltd [Ver = 1.37.0456 | Size = 598920 bytes | Modified Date = 1/29/2007 11:34:06 AM | Attr = ]
ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
igndlm.exe -> %ProgramFiles%\IGN\Download Manager\DLM.exe -> IGN Entertainment [Ver = 2.3.4.105 | Size = 972432 bytes | Modified Date = 1/11/2007 4:07:52 PM | Attr = ]
MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:38 AM | Attr = ]
msnmsgr -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ]
SIDEBAR -> %SystemRoot%\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe -> Idea2 [Ver = 1, 03, 42, 0 | Size = 688128 bytes | Modified Date = 7/19/2003 9:17:58 AM | Attr = ]
STYLEXP -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe -> [Ver = 0, 30, 19, 0 | Size = 1372160 bytes | Modified Date = 5/24/2006 1:31:40 PM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.9 | Size = 307200 bytes | Modified Date = 10/24/2005 3:53:40 PM | Attr = ]
WMPNSCFG -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 204288 bytes | Modified Date = 10/18/2006 8:05:26 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 1:17:28 PM | Attr = ]
< Windows NT\\Load [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
???
? -> -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/24/2005 1:05:26 AM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\Hp\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 7:28:24 PM | Attr = ]
%AllUsersStartup%\hp psc 2000 Series.lnk -> %ProgramFiles%\Hp\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 323646 bytes | Modified Date = 4/9/2003 4:41:38 PM | Attr = ]
%AllUsersStartup%\hpoddt01.exe.lnk -> %ProgramFiles%\Hp\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 5:11:12 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Run -> -> File not found
< File Associations > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
exefile [open] -> "%1" %* ->
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 45568 bytes | Modified Date = 10/17/2006 11:56:10 AM | Attr = ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 9:52:56 PM | Attr = ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 9:52:56 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
InternetShortcut [print] -> rundll32.exe %System32%\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
{8b15971b-5355-4c82-8c07-7e181ea07608} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ->
{94de52c8-2d59-4f1b-883e-79663d2d9a8c} -> ->
{9B71D88C-C598-4935-C5D1-43AA4DB90836} -> C:\WINDOWS\system32\atmfd.exe s ->
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
>{DCF51E21-EE79-410F-9776-FCF0D9963ADF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
< WOW Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> %System32%\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
{7849596a-48ea-486e-8937-a2a3009f31a9} [HKLM] -> %System32%\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
{35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{e57ce738-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> %System32%\upnpui.dll [UPnPMonitor] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239616 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} [HKLM] -> %System32%\WPDShServiceObj.dll [WPDShServiceObj] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 133632 bytes | Modified Date = 10/18/2006 9:47:22 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> Microsoft Corporation [Ver = 1.1.1347.0 | Size = 81616 bytes | Modified Date = 4/3/2006 5:12:16 PM | Attr = ]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 86016 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
schannel.dll -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 290816 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\Userinit.exe -> %System32%\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
shell32 -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
Control_RunDLL -> -> File not found
"sysdm.cpl" -> %System32%\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 8/3/2005 8:04:18 PM | Attr = ]
crypt32chain -> %System32%\crypt32.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
cryptnet -> %System32%\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
ScCertProp -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Schedule -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
termsrv -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
WgaLogon -> %System32%\WgaLogon.dll -> Microsoft Corporation [Ver = 1.5.0540.0 | Size = 702768 bytes | Modified Date = 6/19/2006 3:20:42 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 0 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 223 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EditLevel -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCommonGroups -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\_NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartMenuLogoff -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MaxRecentDocs -> 15 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\\RestrictToList -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\GeneralTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\HomePage -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\History -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Colors -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Fonts -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Languages -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Accessibility -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\SecurityTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\SecChangeSettings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\SecAddSites -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ContentTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Ratings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Certificates -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Wallet -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Profiles -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ConnectionsTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Connwiz Admin Lock -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Connection Settings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ProgramsTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\CalendarContact -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ResetWebSettings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Check_If_Default -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Messaging -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\AdvancedTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Advanced -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feed Discovery\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feed Discovery\\Enabled -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feeds\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feeds\\DisableAddRemove -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feeds\\DisableFeedPane -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoFileNew -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoFileOpen -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserSaveAs -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserClose -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoViewSource -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoTheaterMode -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoFavorites -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoPopupManagement -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserOptions -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoHelpItemTipOfTheDay -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoHelpItemNetscapeHelp -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoHelpItemSendFeedback -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Security\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbar\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbar\WebBrowser\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > (1336 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
69.49.130.252 www.eepybird.com -> ->
82.94.237.219 wiki.python.org -> ->
216.213.19.27 www.bleepingcomputer.com -> ->
216.144.1.8 www.nthelp.com -> ->
208.97.163.111 www.criticalsecurity.net -> ->
216.152.67.223 forums.d2jsp.org -> ->
216.152.67.223 forums.d2jsp.org -> ->
69.17.116.124 www.rohitab.com -> ->
72.247.29.49 support.f-secure.com -> ->
147.202.84.254 www.windowsecurity.com -> ->
67.15.10.83 www.free2code.net -> ->
216.183.112.222 www.cheatcc.com -> ->
24.106.94.101 www.make-a-web-site.com -> ->
207.210.115.178 www.pagetutor.com -> ->
209.85.48.3 z6.invisionfree.com -> ->
66.230.200.100 en.wikipedia.org -> ->
207.46.244.190 v4.windowsupdate.microsoft.com -> ->
209.85.48.3 z6.invisionfree.com -> ->
216.178.32.49 www.myspace.com -> ->
161.109.100.105 www.networksecuritytech.com -> ->
72.32.70.167 www.sherv.net -> ->
209.190.85.251 rpgforums.byethost9.com -> ->
205.234.192.222 www.security-forums.com -> ->
72.32.70.167 www.sherv.net -> ->
207.126.123.20 inventors.about.com -> ->
66.230.204.174 www.consolecheatcodes.com -> ->
209.87.178.244 nct.symantecstore.com -> ->
64.207.135.66 www.tech-recipes.com -> ->
216.148.223.71 www.battle.net -> ->
67.19.175.66 www.mp3bleeps.com -> ->
72.36.167.51 utterlyboring.com -> ->
209.87.209.44 www.zonelabs.com -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://www.google.com/ie ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://www.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\NppBHO.dll [Reg Data - Value does not exist] -> Symantec Corporation [Ver = 2007.1.00.133 | Size = 93400 bytes | Modif

#10 mictamcody2000

mictamcody2000
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Location:Lansing, Michigan
  • Local time:03:20 AM

Posted 25 February 2007 - 04:47 PM

Here is the Third Part:

[quote]{6b33163c-76a5-4b6c-bf21-45de9cd503a1} [HKLM] -> %System32%\netplwiz.dll [Shell Publishing Wizard Object] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} [HKLM] -> %System32%\ieframe.dll [IE Tracking Shell Menu] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{6CF48EF8-44CD-45d2-8832-A16EA016311B} [HKLM] -> %System32%\ieframe.dll [IE IShellFolderBand] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{7007ACC7-3202-11D1-AAD2-00805FC1270E} [HKLM] -> %System32%\netshell.dll [Network Connections] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1708032 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{7376D660-C583-11d0-A3A5-00C04FD706EC} [HKLM] -> %System32%\browseui.dll [TridentImageExtractor] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{73CFD649-CD48-4fd8-A272-2070EA56526B} [HKLM] -> %System32%\ieframe.dll [IE BandProxy] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{7444C717-39BF-11D1-8CD9-00C04FC29D45} [HKLM] -> %System32%\cryptext.dll [Crypto PKO Extension] -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53760 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{7444C719-39BF-11D1-8CD9-00C04FC29D45} [HKLM] -> %System32%\cryptext.dll [Crypto Sign Extension] -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53760 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files Menu] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{77597368-7b15-11d0-a0c2-080036af3f03} [HKLM] -> %System32%\printui.dll [Web Printer Shell Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 560640 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Tasks Folder Shell Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{7988B573-EC89-11cf-9C00-00AA00A14F56} [HKLM] -> %System32%\dskquoui.dll [Disk Quota UI] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 144384 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} [HKLM] -> %System32%\mmcshext.dll [MMC Icon Handler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7BA4C742-9E81-11CF-99D3-00AA004AE837} [HKLM] -> %System32%\browseui.dll [Microsoft BrowserBand] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{7BD29E00-76C1-11CF-9DD0-00A0C9034933} [HKLM] -> %System32%\ieframe.dll [Temporary Internet Files] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{7BD29E01-76C1-11CF-9DD0-00A0C9034933} [HKLM] -> %System32%\ieframe.dll [Temporary Internet Files] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} [HKLM] -> %System32%\webcheck.dll [Code Download Agent] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{7e653215-fa25-46bd-a339-34a2790f3cb7} [HKLM] -> %System32%\browseui.dll [Accessible] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} [HKLM] -> %System32%\webcheck.dll [WebCheck SyncMgr Handler] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{83bbcbf3-b28a-4919-a5aa-73027445d672} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{85BBD920-42A0-1069-A2E4-08002B30309D} [HKLM] -> %System32%\syncui.dll [Briefcase] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 191488 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{871C5380-42A0-1069-A2EA-08002B30309D} [HKLM] -> %System32%\ieframe.dll [Internet Name Space] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} [HKLM] -> %System32%\shmedia.dll [Audio Media Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} [HKLM] -> %System32%\shmedia.dll [Avi Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{883373C3-BF89-11D1-BE35-080036B11A03} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Shell Ext] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder SendTo Target] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{88C6C381-2E85-11D0-94DE-444553540000} [HKLM] -> %System32%\occache.dll [ActiveX Cache Folder] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 102400 bytes | Modified Date = 1/8/2007 7:04:08 PM | Attr = ]
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} [HKLM] -> %System32%\dsquery.dll [Directory Query UI] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{8DD448E6-C188-4aed-AF92-44956194EB1F} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Burn Audio CD Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 9:47:20 PM | Attr = ]
{8EE97210-FD1F-4B19-91DA-67914005F020} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace ML Edit Box Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{905667aa-acd6-11d2-8080-00805f6596d2} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{91EA3F8B-C99B-11d0-9815-00C04FD91972} [HKLM] -> %System32%\browseui.dll [Augmented Shell Folder] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{9461b922-3c5a-11d2-bf8b-00c04fb93661} [HKLM] -> %System32%\shdocvw.dll [Search Assistant OC] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/4/2006 1:12:56 AM | Attr = ]
{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} [HKLM] -> %System32%\ieframe.dll [IE MRU AutoComplete List] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{992CFFA0-F557-101A-88EC-00DD010CCC48} [HKLM] -> %System32%\netshell.dll [Network Connections] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1708032 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} [HKLM] -> %System32%\ieframe.dll [IE RSS Feeder Folder] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} [HKLM] -> %System32%\ieframe.dll [IE Microsoft Shell Folder AutoComplete List] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{9DB7A13C-F208-4981-8353-73CC61AE2783} [HKLM] -> %System32%\twext.dll [Previous Versions] -> Microsoft Corporation [Ver = 6.00.3800.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44032 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} [HKLM] -> %System32%\shimgvw.dll [Summary Info Thumbnail handler (DOCFILES)] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} [HKLM] -> %System32%\dsquery.dll [Shell properties for a DS object] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} [HKLM] -> %System32%\sendmail.dll [Sendmail service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55296 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} [HKLM] -> %System32%\sendmail.dll [Sendmail service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55296 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{A08C11D2-A228-11d0-825B-00AA005B4383} [HKLM] -> %System32%\browseui.dll [Address EditBox] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} [HKLM] -> %System32%\shdocvw.dll [IE4 Suite Splash Screen] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/4/2006 1:12:56 AM | Attr = ]
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} [HKLM] -> %System32%\shdocvw.dll [Microsoft Browser Architecture] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/4/2006 1:12:56 AM | Attr = ]
{A6FD9E45-6E44-43f9-8644-08598F5A74D9} [HKLM] -> %System32%\shmedia.dll [Midi Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{A9CF0EAE-901A-4739-A481-E35B73E47F6D} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Edit Box Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} [HKLM] -> %System32%\webcheck.dll [Subscription Mgr] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{acf35015-526e-4230-9596-becbe19f0ac9} [HKLM] -> %System32%\browseui.dll [Track Popup Bar] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{add36aa8-751a-4579-a266-d66f5202ccbb} [HKLM] -> %System32%\netplwiz.dll [Print Ordering via the Web] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{AF4F6510-F982-11d0-8595-00AA004CD6D8} [HKLM] -> %System32%\browseui.dll [Registry Tree Options Utility] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [HKLM] -> %System32%\cscui.dll [Offline Files Folder] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{B31C5FAE-961F-415b-BAF0-E697A5178B94} [HKLM] -> %System32%\ieframe.dll [IE Microsoft Multiple AutoComplete List Container] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} [HKLM] -> Reg Data - Key not found [Tauscan Menu] -> File not found
{B8323370-FF27-11D2-97B6-204C4F4F5020} [HKLM] -> %ProgramFiles%\SmartFTP Client 2.0\smarthook.dll [SmartFTP Shell Extension DLL] -> SmartFTP [Ver = 1.0.2.1 | Size = 73408 bytes | Modified Date = 10/11/2006 7:20:20 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} [HKLM] -> %System32%\ieframe.dll [Microsoft Browser Architecture] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{BD472F60-27FA-11cf-B8B4-444553540000} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder Right Drag Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{BD84B380-8CA2-1069-AB1D-08000948F534} [HKLM] -> %System32%\fontext.dll [Fonts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382976 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 1292872 bytes | Modified Date = 7/11/2003 1:15:48 AM | Attr = ]
{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} [HKLM] -> %System32%\ieframe.dll [IE Shell Rebar BandSite] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{c5a40261-cd64-4ccf-84cb-c394da41d590} [HKLM] -> %System32%\shmedia.dll [Video Thumbnail Extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} [HKLM] -> %System32%\netplwiz.dll [Web Publishing Wizard] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Play as Playlist Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 9:47:20 PM | Attr = ]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{CFCCC7A0-A282-11D1-9082-006008059382} [HKLM] -> %System32%\appwiz.cpl [Darwin App Publisher] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{D20EA4E1-3957-11d2-A40B-0C5020524152} [HKLM] -> %System32%\shdocvw.dll [Fonts] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/4/2006 1:12:56 AM | Attr = ]
{D20EA4E1-3957-11d2-A40B-0C5020524153} [HKLM] -> %System32%\shdocvw.dll [Administrative Tools] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/4/2006 1:12:56 AM | Attr = ]
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Scheduled Tasks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} [HKLM] -> %System32%\WpdShext.dll [Portable Devices Menu] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 2603008 bytes | Modified Date = 10/18/2006 9:47:22 PM | Attr = ]
{D8BD2030-6FC9-11D0-864F-00AA006809D9} [HKLM] -> %System32%\webcheck.dll [PostAgent] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [Multiscan] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} [HKLM] -> %System32%\icmui.dll [ICC Profile] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Tasks Folder Icon Handler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} [HKLM] -> %System32%\browseui.dll [User Assist] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{E211B736-43FD-11D1-9EFB-0000F8757FCD} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} [HKLM] -> %System32%\dfshim.dll [Shell Icon Handler for Application References] -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 83456 bytes | Modified Date = 9/23/2005 7:28:38 AM | Attr = ]
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} [HKLM] -> %System32%\webcheck.dll [WebCheckChannelAgent] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{E4B29F9D-D390-480b-92FD-7DDB47101D71} [HKLM] -> %System32%\shmedia.dll [Wav Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{e57ce731-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> %System32%\upnpui.dll [Universal Plug and Play Devices] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239616 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} [HKLM] -> %System32%\webcheck.dll [ConnectionAgent] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{E6EE9AAC-F76B-4947-8260-A9F136138E11} [HKLM] -> %System32%\ieframe.dll [IE Shell Band Site Menu] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} [HKLM] -> %System32%\ieframe.dll [Shell DocObject Viewer] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{e82a2d71-5b2f-43a0-97b8-81be15854de8} [HKLM] -> %System32%\dfshim.dll [ShellLink for Application References] -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 83456 bytes | Modified Date = 9/23/2005 7:28:38 AM | Attr = ]
{e84fda7c-1d6a-45f6-b725-cb260c236066} [HKLM] -> %System32%\shimgvw.dll [Shell Image Verbs] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} [HKLM] -> %System32%\webcheck.dll [TrayAgent] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{EAB841A0-9550-11cf-8C16-00805F1408F3} [HKLM] -> %System32%\shimgvw.dll [HTML Thumbnail Extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} [HKLM] -> %System32%\shimgvw.dll [Shell Image Property Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} [HKLM] -> %System32%\dfsshlex.dll [DfsShell] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell DeskBar] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell Rebar BandSite] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell Band Site Menu] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{ECF03A32-103D-11d2-854D-006008059367} [HKLM] -> %System32%\mydocs.dll [MyDocs Drop Target] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{ECF03A33-103D-11d2-854D-006008059367} [HKLM] -> %System32%\mydocs.dll [MyDocs Copy Hook] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} [HKLM] -> %System32%\browseui.dll [Global Folder Settings] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Favorites Band] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/4/2006 1:12:56 AM | Attr = ]
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/4/2006 1:12:56 AM | Attr = ]
{F0152790-D56E-4445-850E-4F3117DB740C} [HKLM] -> %System32%\remotepg.dll [Remote Sessions CPL Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{F020E586-5264-11d1-A532-0000F8757D7E} [HKLM] -> %System32%\dsquery.dll [Directory Start/Search Find] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Add to Playlist Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 9:47:20 PM | Attr = ]
{F2CF5485-4E02-4f68-819C-B92DE9277049} [HKLM] -> %System32%\ieframe.dll [&Links] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} [HKLM] -> %System32%\rshx32.dll [Printers Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{f39a0dc0-9cc8-11d0-a599-00c04fd64433} [HKLM] -> %System32%\cdfview.dll [Channel File] -> Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 151040 bytes | Modified Date = 6/23/2006 6:25:30 AM | Attr = ]
{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} [HKLM] -> %System32%\cdfview.dll [Channel Shortcut] -> Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 151040 bytes | Modified Date = 6/23/2006 6:25:30 AM | Attr = ]
{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} [HKLM] -> %System32%\cdfview.dll [Channel Handler Object] -> Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 151040 bytes | Modified Date = 6/23/2006 6:25:30 AM | Attr = ]
{f3da0dc0-9cc8-11d0-a599-00c04fd64437} [HKLM] -> %System32%\cdfview.dll [Channel Menu] -> Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 151040 bytes | Modified Date = 6/23/2006 6:25:30 AM | Attr = ]
{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} [HKLM] -> %System32%\cdfview.dll [Channel Properties] -> Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 151040 bytes | Modified Date = 6/23/2006 6:25:30 AM | Attr = ]
{F5175861-2688-11d0-9C5E-00AA00A45957} [HKLM] -> %System32%\webcheck.dll [Subscription Folder] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 232960 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{F61FFEC1-754F-11d0-80CA-00AA005B4383} [HKLM] -> %System32%\browseui.dll [BandProxy] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 12:12:50 PM | Attr = ]
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Shell extensions for sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} [HKLM] -> %System32%\ieframe.dll [IE Registry Tree Options Utility] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{f92e8c40-3d33-11d2-b1aa-080036a75b03} [HKLM] -> %System32%\deskperf.dll [Display TroubleShoot CPL Extension] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18432 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} [HKLM] -> %System32%\ieframe.dll [IE User Assist] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{FBF23B40-E3F0-101B-8488-00AA003E56F8} [HKLM] -> %System32%\ieframe.dll [InternetShortcut] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} [HKLM] -> %ProgramFiles%\MSN Messenger\fsshext.8.1.0178.00.dll [Messenger Sharing Folders] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 321392 bytes | Modified Date = 1/19/2007 12:54:52 PM | Attr = ]
{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} [HKLM] -> %System32%\ieframe.dll [IE Custom MRU AutoCompleted List] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
{FF393560-C2A7-11CF-BFF4-444553540000} [HKLM] -> %System32%\ieframe.dll [History] -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} [HKLM] -> %System32%\shell32.dll [Start Menu Pin] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
{85BBD920-42A0-1069-A2E4-08002B30309D} [HKLM] -> %System32%\syncui.dll [BriefcaseMenu] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 191488 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{09799AFB-AD67-11d1-ABCD-00C04FC30936} [HKLM] -> %System32%\shell32.dll [Open With] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
{A470F8CF-A1E8-4f65-8335-227475AA5C46} [HKLM] -> %System32%\shell32.dll [Open With EncryptionMenu] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 14.0.0.89 | Size = 173728 bytes | Modified Date = 9/7/2006 12:38:28 AM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [ZLAVShExt] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{7BA4C740-9E81-11CF-99D3-00AA004AE837} [HKLM] -> %System32%\shell32.dll [Send To] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} [HKLM] -> %ProgramFiles%\Microsoft DirectX SDK (December 2005)\Utilities\Bin\x86\TxView.dll [Convert] -> Microsoft Corporation [Ver = 9.10.455.0000 | Size = 47312 bytes | Modified Date = 12/5/2005 6:07:16 PM | Attr = ]
{A470F8CF-A1E8-4f65-8335-227475AA5C46} [HKLM] -> %System32%\shell32.dll [EncryptionMenu] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{D969A300-E7FF-11d0-A93B-00A0C90F2719} [HKLM] -> %System32%\shell32.dll [New] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{85BBD920-42A0-1069-A2E4-08002B30309D} [HKLM] -> %System32%\syncui.dll [BriefcaseMenu] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 191488 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 14.0.0.89 | Size = 173728 bytes | Modified Date = 9/7/2006 12:38:28 AM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [ZLAVShExt] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
{24F14F01-7B1C-11d1-838f-0000F80461CF} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
{24F14F02-7B1C-11d1-838f-0000F80461CF} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
{66742402-F9B9-11D1-A202-0000F81FEDEE} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2B845624-5C78-45B9-B7C8-428EBCDDFB4A} -> (1394 Net Adapter) ->
{8D6BE560-9FE6-4B90-9DBF-6E9A69120B21} -> (Broadcom 802.11b/g WLAN) ->
{E5D5A5BE-B1A1-4D55-A551-C4C6274B7C8B} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %System32%\winrnr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
about -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
cdl -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
dvd -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1428480 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
file -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
ftp -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
gopher -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
http -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
http\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 1:25:22 AM | Attr = ]
http\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 1:25:22 AM | Attr = ]
https -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
https\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 1:25:22 AM | Attr = ]
https\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 1:25:22 AM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
ipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 1:25:22 AM | Attr = ]
its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 137216 bytes | Modified Date = 5/26/2005 9:04:28 PM | Attr = ]
javascript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
livecall -> %ProgramFiles%\MSN Messenger\msgrapp.8.1.0178.00.dll -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 63344 bytes | Modified Date = 1/19/2007 12:53:24 PM | Attr = ]
local -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
mailto -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
mhtml -> %System32%\inetcomm.dll -> Microsoft Corporation [Ver = 6.00.2900.3028 (xpsp_sp2_gdr.061107-0012) | Size = 679424 bytes | Modified Date = 11/8/2006 12:06:14 AM | Attr = ]
mk -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
msdaipp -> Reg Data - Key not found -> File not found
msdaipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 1:25:22 AM | Attr = ]
msdaipp\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 1:25:22 AM | Attr = ]
ms-its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 137216 bytes | Modified Date = 5/26/2005 9:04:28 PM | Attr = ]
ms-itss -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\msitss.dll -> Microsoft Corporation [Ver = 5.40.1171.1 | Size = 221184 bytes | Modified Date = 6/20/2001 6:26:46 AM | Attr = ]
msnim -> %ProgramFiles%\MSN Messenger\msgrapp.8.1.0178.00.dll -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 63344 bytes | Modified Date = 1/19/2007 12:53:24 PM | Attr = ]
mso-offdap11 -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL -> Microsoft Corporation [Ver = 11.0.6555 | Size = 8071360 bytes | Modified Date = 4/25/2005 3:29:56 PM | Attr = ]
res -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
sysimage -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
tv -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1428480 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbscript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
wia -> %System32%\wiascr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75776 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
< Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\
application/octet-stream -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
application/x-complus -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
application/x-msdownload -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
Class Install Handler -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
deflate -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
gzip -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
lzdhtml -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 1149952 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
text/webviewhtml -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
text/xml -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -> Microsoft Corporation [Ver = 11.0.5510 | Size = 39488 bytes | Modified Date = 7/14/2003 9:45:12 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=58813 ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB ->
{14C1B87C-3342-445F-9B5E-365FF330A3AC} -> Hewlett-Packard Online Support Services - CodeBase = http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9...heckControl.cab ->
{1842B0EE-B597-11D4-8997-00104BD12D94} -> iCC Class - CodeBase = http://www.pcpitstop.com/internet/pcpConnCheck.cab ->
{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> TmHcmsX Control - CodeBase = http://www.trendsecure.com/service_compone...vex/TmHcmsX.CAB ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> - CodeBase = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab ->
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> FilePlanet Download Control Class - CodeBase = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab ->
{68BCE50A-DC9B-4519-A118-6FDA19DB450D} -> Info Class - CodeBase = http://www.blizzard.com/support/includes/cabs/si.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1139051276125 ->
{745395C8-D0E1-4227-8586-624CA9A10A8D} -> AxisMediaControl Class - CodeBase = http://129.15.200.151/activex/AMC.cab ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} -> WScanCtl Class - CodeBase = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab ->
{7F8C8173-AD80-4807-AA75-5672F22B4582} -> ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotion...anner371290.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{9D190AE6-C81E-4039-8061-978EBAD10073} -> F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> Update Class - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...9058.7532291667 ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
{EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} -> - CodeBase = http://lg.home.microsoft.com/search/lobby/searchsettings.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/...907/mcfscan.cab ->

[Files - Created Within 90 days]
BackupRegistry(20070202).reg -> %SystemDrive%\BackupRegistry(20070202).reg -> [Ver = | Size = 100844734 bytes | Created Date = 2/2/2007 12:15:41 PM | Attr = ]
BOOT.BKK -> %SystemDrive%\BOOT.BKK -> [Ver = | Size = 211 bytes | Created Date = 2/4/2007 2:29:16 AM | Attr = HS]
TEST.XML -> %SystemDrive%\TEST.XML -> [Ver = | Size = 45 bytes | Created Date = 2/5/2007 2:58:07 PM | Attr = ]
1.bmp -> %UserDocuments%\1.bmp -> [Ver = | Size = 13972 bytes | Created Date = 2/5/2007 3:25:10 AM | Attr = ]
192.168.1.-5900.vnc -> %UserDocuments%\192.168.1.-5900.vnc -> [Ver = | Size = 509 bytes | Created Date = 1/25/2007 7:16:51 PM | Attr = ]
8.bmp -> %UserDocuments%\8.bmp -> [Ver = | Size = 228 bytes | Created Date = 2/5/2007 3:25:20 AM | Attr = ]
C_Shell[1].htm -> %UserDocuments%\C_Shell[1].htm -> [Ver = | Size = 20013 bytes | Created Date = 2/2/2007 3:48:04 AM | Attr = ]
d2hackmap_v2.10_lite.zip -> %UserDocuments%\d2hackmap_v2.10_lite.zip -> [Ver = | Size = 1262840 bytes | Created Date = 2/18/2007 7:27:37 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\d2hackmap_v2.10_lite.zip:Zone.Identifier ->
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 637 bytes | Created Date = 2/2/2007 8:01:38 PM | Attr = ]
TMCBP_MoD.zip -> %UserDocuments%\TMCBP_MoD.zip -> [Ver = | Size = 1163051 bytes | Created Date = 2/18/2007 7:12:21 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TMCBP_MoD.zip:Zone.Identifier ->
wireshark-setup-0.99.4.exe -> %UserDocuments%\wireshark-setup-0.99.4.exe -> [Ver = | Size = 15163750 bytes | Created Date = 1/27/2007 3:27:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\wireshark-setup-0.99.4.exe:Zone.Identifier ->
Download Manager.lnk -> %AllUsersDesktop%\Download Manager.lnk -> [Ver = | Size = 830 bytes | Created Date = 2/17/2007 2:19:58 AM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 2/8/2007 12:12:52 AM | Attr = ]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk -> [Ver = | Size = 1657 bytes | Created Date = 1/25/2007 1:16:46 AM | Attr = ]
Norton Internet Security.lnk -> %AllUsersDesktop%\Norton Internet Security.lnk -> [Ver = | Size = 1960 bytes | Created Date = 12/20/2006 6:49:12 PM | Attr = ]
SensorsView Pro 3.1.lnk -> %AllUsersDesktop%\SensorsView Pro 3.1.lnk -> [Ver = | Size = 793 bytes | Created Date = 2/2/2007 4:47:51 AM | Attr = ]
SmartFTP Client.lnk -> %AllUsersDesktop%\SmartFTP Client.lnk -> [Ver = | Size = 1844 bytes | Created Date = 2/5/2007 4:48:05 AM | Attr = ]
Windows Live Messenger.lnk -> %AllUsersDesktop%\Windows Live Messenger.lnk -> [Ver = | Size = 1791 bytes | Created Date = 2/13/2007 1:58:58 PM | Attr = ]
Wireshark.lnk -> %AllUsersDesktop%\Wireshark.lnk -> [Ver = | Size = 1473 bytes | Created Date = 1/27/2007 3:57:36 PM | Attr = ]
171907.zip -> %UserDesktop%\171907.zip -> [Ver = | Size = 972858 bytes | Created Date = 2/4/2007 8:56:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\171907.zip:Zone.Identifier ->
171980.zip -> %UserDesktop%\171980.zip -> [Ver = | Size = 609961 bytes | Created Date = 2/4/2007 1:37:01 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\171980.zip:Zone.Identifier ->
28670.zip -> %UserDesktop%\28670.zip -> [Ver = | Size = 1065115 bytes | Created Date = 2/4/2007 1:47:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\28670.zip:Zone.Identifier ->
AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Large.jpg -> %UserDesktop%\AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Large.jpg -> [Ver = | Size = 10823 bytes | Created Date = 12/21/2006 12:07:28 PM | Attr = HS]
AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Small.jpg -> %UserDesktop%\AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Small.jpg -> [Ver = | Size = 2504 bytes | Created Date = 12/21/2006 12:07:28 PM | Attr = HS]
AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Large.jpg -> %UserDesktop%\AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Large.jpg -> [Ver = | Size = 12488 bytes | Created Date = 12/21/2006 9:44:38 PM | Attr = HS]
AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Small.jpg -> %UserDesktop%\AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Small.jpg -> [Ver = | Size = 3165 bytes | Created Date = 12/21/2006 9:44:38 PM | Attr = HS]
AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Large.jpg -> %UserDesktop%\AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Large.jpg -> [Ver = | Size = 5079 bytes | Created Date = 12/21/2006 9:33:00 PM | Attr = HS]
AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Small.jpg -> %UserDesktop%\AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Small.jpg -> [Ver =

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 AM

Posted 25 February 2007 - 05:27 PM

Well, I wasn't really looking for All. I didn't need to see the MS entries.

Anyway, there must still be at least 1 more post to get to the end of the log.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 mictamcody2000

mictamcody2000
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Location:Lansing, Michigan
  • Local time:03:20 AM

Posted 26 February 2007 - 03:54 PM

Well i Just decided to redo it since i couldn't find the log. Nice to see another Michigander though lol

well here's the log:





[quote]WinPFind3 logfile created on: 2/26/2007 3:42:42 PM
WinPFind3U by OldTimer - Version 1.0.19 Folder = C:\Documents and Settings\Mike\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1309168 Kb Total Physical Memory | 491160 Kb Available Physical Memory | 37.52% Memory free
1946988 Kb Paging File | 541096 Kb Available in Paging File | 27.79% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97675168 Kb Total Space | 45813044 Kb Free Space | 46.90% Space Free
Drive D: | 555676 Kb Total Space | 0 Kb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 4.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 4.05 | Size = 2334208 bytes | Modified Date = 7/5/2000 4:30:02 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 6:36:34 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/1/2006 11:33:40 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 8:02:58 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 8:02:58 PM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 3/22/2005 11:05:00 PM | Attr = ]
bcmntray.exe -> %System32%\bcmntray.EXE -> Broadcom Corporation [Ver = 3.100.64.1 | Size = 1040384 bytes | Modified Date = 2/17/2005 11:50:20 AM | Attr = ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Broadcom Corporation [Ver = 3.100.64.1 | Size = 847983 bytes | Modified Date = 2/17/2005 11:50:22 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 84640 bytes | Modified Date = 9/3/2006 2:04:26 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 9/3/2006 2:04:08 AM | Attr = ]
dlm.exe -> %ProgramFiles%\IGN\Download Manager\DLM.exe -> IGN Entertainment [Ver = 2.3.4.105 | Size = 972432 bytes | Modified Date = 1/11/2007 4:07:52 PM | Attr = ]
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 20, 8, 1 | Size = 405504 bytes | Modified Date = 4/18/2006 9:32:00 AM | Attr = ]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 3 | Size = 794624 bytes | Modified Date = 4/11/2005 5:21:02 PM | Attr = ]
hpobnz08.exe -> %ProgramFiles%\Hp\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 323646 bytes | Modified Date = 4/9/2003 4:41:38 PM | Attr = ]
hpotdd01.exe -> %ProgramFiles%\Hp\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 5:11:12 PM | Attr = ]
hpqwmi.exe -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 3/4/2005 2:16:18 PM | Attr = R ]
hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 5 | Size = 98304 bytes | Modified Date = 12/22/2005 1:06:58 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 1:11:42 AM | Attr = ]
installer.exe -> %LocalSettings%\Temp\Blizzard Installer Bootstrap - 04a99abe\Installer.exe -> [Ver = 1, 0, 0, 1 | Size = 1064960 bytes | Modified Date = 2/26/2007 3:13:48 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 1/20/2007 7:41:46 PM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.21.1 | Size = 38912 bytes | Modified Date = 2/22/2005 6:32:14 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
sidebar.exe -> %SystemRoot%\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe -> Idea2 [Ver = 1, 03, 42, 0 | Size = 688128 bytes | Modified Date = 7/19/2003 9:17:58 AM | Attr = ]
stylexp.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe -> [Ver = 0, 30, 19, 0 | Size = 1372160 bytes | Modified Date = 5/24/2006 1:31:40 PM | Attr = ]
stylexpservice.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 5/24/2006 1:31:08 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 12/20/2006 6:45:32 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2/2/2005 7:11:12 AM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2/2/2005 7:12:22 AM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
vncviewer.exe -> %UserDesktop%\tightvnc-1.2.9_x86\tightvnc-1.2.9_x86_viewer\vncviewer.exe -> Constantin Kaplinsky [Ver = 1, 2, 9, 0 | Size = 274432 bytes | Modified Date = 1/28/2007 12:56:58 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.19.0 | Size = 310784 bytes | Modified Date = 2/25/2007 7:40:22 PM | Attr = ]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 65536 bytes | Modified Date = 2/17/2005 11:50:22 AM | Attr = ]
yahoocentral.exe -> %ProgramFiles%\Yahoo!\YCentral\YahooCentral.exe -> Yahoo! Inc. [Ver = 2006, 2, 23, 1 | Size = 413208 bytes | Modified Date = 2/24/2006 12:59:28 AM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> [Ver = | Size = 99832 bytes | Modified Date = 9/13/2006 1:17:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/3/2005 8:02:58 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 6:36:34 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 9/3/2006 2:04:08 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 9/3/2006 2:04:08 AM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 105632 bytes | Modified Date = 9/3/2006 2:04:08 AM | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.0.0.142 | Size = 48272 bytes | Modified Date = 9/3/2006 2:54:52 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Running] -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 3/4/2005 2:16:18 PM | Attr = R ]
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 5 | Size = 98304 bytes | Modified Date = 12/22/2005 1:06:58 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 79496 bytes | Modified Date = 9/5/2006 8:22:26 PM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.21.1 | Size = 38912 bytes | Modified Date = 2/22/2005 6:32:14 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 9/2/2006 6:36:34 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 8:31:02 PM | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 4.0.0.655 | Size = 86016 bytes | Modified Date = 10/17/2006 1:17:40 PM | Attr = ]
(StyleXPService) StyleXPService [Win32_Own | Auto | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 5/24/2006 1:31:08 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 12/20/2006 6:45:32 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/1/2006 11:33:40 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 75568 bytes | Modified Date = 1/8/2007 2:29:38 PM | Attr = ]
(wltrysvc) Broadcom Wireless LAN Tray Service [Win32_Own | Auto | Running] -> %System32%\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 3/22/2005 11:05:00 PM | Attr = ]
Broadcom Wireless Manager UI -> %System32%\bcmntray.EXE -> Broadcom Corporation [Ver = 3.100.64.1 | Size = 1040384 bytes | Modified Date = 2/17/2005 11:50:20 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.0.1.10 | Size = 84640 bytes | Modified Date = 9/3/2006 2:04:26 AM | Attr = ]
Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe -> [Ver = | Size = 233534 bytes | Modified Date = 2/17/2005 4:01:20 PM | Attr = ]
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 20, 8, 1 | Size = 405504 bytes | Modified Date = 4/18/2006 9:32:00 AM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1149561633\ee\AOLSoftware.exe -> File not found
HP Software Update -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 1:11:42 AM | Attr = ]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 3 | Size = 794624 bytes | Modified Date = 4/11/2005 5:21:02 PM | Attr = ]
IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
LSBWatcher -> %SystemDrive%\hp\drivers\hplsbwatcher\lsburnwatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10/14/2004 3:54:32 PM | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
OGAutoStart -> %System32%\taskmagr.exe -> File not found
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Modified Date = 9/5/2006 8:22:28 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
SensorsViewPro31 -> %ProgramFiles%\SensorsViewPro31\sviewpro.exe -> STV Software [Ver = 3.1.0.16 | Size = 2234880 bytes | Modified Date = 2/1/2007 6:47:08 AM | Attr = ]
Startup32512 -> %System32%\taskmagr.exe -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 1/20/2007 7:41:46 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2/2/2005 7:11:12 AM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2/2/2005 7:12:22 AM | Attr = ]
YCentral -> %ProgramFiles%\Yahoo!\YCentral\YahooCentral.exe -> Yahoo! Inc. [Ver = 2006, 2, 23, 1 | Size = 413208 bytes | Modified Date = 2/24/2006 12:59:28 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> %SystemDrive%\PROGRA~1\AIM\aim.exe -cnetwait.odl -> File not found
Aim6 -> %CommonProgramFiles%\AOL\Launch\AOLLaunch.exe -> File not found
ccleaner -> %ProgramFiles%\CCleaner\ccleaner.exe -> Piriform Ltd [Ver = 1.37.0456 | Size = 598920 bytes | Modified Date = 1/29/2007 11:34:06 AM | Attr = ]
igndlm.exe -> %ProgramFiles%\IGN\Download Manager\DLM.exe -> IGN Entertainment [Ver = 2.3.4.105 | Size = 972432 bytes | Modified Date = 1/11/2007 4:07:52 PM | Attr = ]
SIDEBAR -> %SystemRoot%\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe -> Idea2 [Ver = 1, 03, 42, 0 | Size = 688128 bytes | Modified Date = 7/19/2003 9:17:58 AM | Attr = ]
STYLEXP -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe -> [Ver = 0, 30, 19, 0 | Size = 1372160 bytes | Modified Date = 5/24/2006 1:31:40 PM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.9 | Size = 307200 bytes | Modified Date = 10/24/2005 3:53:40 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 1:17:28 PM | Attr = ]
< Windows NT\\Load [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
???
? -> -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/24/2005 1:05:26 AM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\Hp\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 7:28:24 PM | Attr = ]
%AllUsersStartup%\hp psc 2000 Series.lnk -> %ProgramFiles%\Hp\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 323646 bytes | Modified Date = 4/9/2003 4:41:38 PM | Attr = ]
%AllUsersStartup%\hpoddt01.exe.lnk -> %ProgramFiles%\Hp\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 5:11:12 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Run -> -> File not found
< File Associations > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
exefile [open] -> "%1" %* ->
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 45568 bytes | Modified Date = 10/17/2006 11:56:10 AM | Attr = ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 9:52:56 PM | Attr = ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 9:52:56 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 6054400 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
InternetShortcut [print] -> rundll32.exe %System32%\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 3580416 bytes | Modified Date = 1/12/2007 9:27:42 AM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 4:52:18 PM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 7.00.6000.16414 (vista_gdr.070108-1520) | Size = 623616 bytes | Modified Date = 1/8/2007 6:08:42 PM | Attr = ]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
{8b15971b-5355-4c82-8c07-7e181ea07608} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ->
{94de52c8-2d59-4f1b-883e-79663d2d9a8c} -> ->
{9B71D88C-C598-4935-C5D1-43AA4DB90836} -> C:\WINDOWS\system32\atmfd.exe s ->
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
>{DCF51E21-EE79-410F-9776-FCF0D9963ADF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
< WOW Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 0 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 223 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EditLevel -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCommonGroups -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\_NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartMenuLogoff -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MaxRecentDocs -> 15 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\\RestrictToList -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\GeneralTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\HomePage -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\History -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Colors -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Fonts -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Languages -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Accessibility -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\SecurityTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\SecChangeSettings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\SecAddSites -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ContentTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Ratings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Certificates -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Wallet -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Profiles -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ConnectionsTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Connwiz Admin Lock -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Connection Settings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ProgramsTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\CalendarContact -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ResetWebSettings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Check_If_Default -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Messaging -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\AdvancedTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Advanced -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feed Discovery\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feed Discovery\\Enabled -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feeds\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feeds\\DisableAddRemove -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Feeds\\DisableFeedPane -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoFileNew -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoFileOpen -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserSaveAs -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserClose -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoViewSource -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoTheaterMode -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoFavorites -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoPopupManagement -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserOptions -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoHelpItemTipOfTheDay -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoHelpItemNetscapeHelp -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoHelpItemSendFeedback -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Security\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbar\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbar\WebBrowser\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > (1336 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
69.49.130.252 www.eepybird.com -> ->
82.94.237.219 wiki.python.org -> ->
216.213.19.27 www.bleepingcomputer.com -> ->
216.144.1.8 www.nthelp.com -> ->
208.97.163.111 www.criticalsecurity.net -> ->
216.152.67.223 forums.d2jsp.org -> ->
216.152.67.223 forums.d2jsp.org -> ->
69.17.116.124 www.rohitab.com -> ->
72.247.29.49 support.f-secure.com -> ->
147.202.84.254 www.windowsecurity.com -> ->
67.15.10.83 www.free2code.net -> ->
216.183.112.222 www.cheatcc.com -> ->
24.106.94.101 www.make-a-web-site.com -> ->
207.210.115.178 www.pagetutor.com -> ->
209.85.48.3 z6.invisionfree.com -> ->
66.230.200.100 en.wikipedia.org -> ->
207.46.244.190 v4.windowsupdate.microsoft.com -> ->
209.85.48.3 z6.invisionfree.com -> ->
216.178.32.49 www.myspace.com -> ->
161.109.100.105 www.networksecuritytech.com -> ->
72.32.70.167 www.sherv.net -> ->
209.190.85.251 rpgforums.byethost9.com -> ->
205.234.192.222 www.security-forums.com -> ->
72.32.70.167 www.sherv.net -> ->
207.126.123.20 inventors.about.com -> ->
66.230.204.174 www.consolecheatcodes.com -> ->
209.87.178.244 nct.symantecstore.com -> ->
64.207.135.66 www.tech-recipes.com -> ->
216.148.223.71 www.battle.net -> ->
67.19.175.66 www.mp3bleeps.com -> ->
72.36.167.51 utterlyboring.com -> ->
209.87.209.44 www.zonelabs.com -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://www.google.com/ie ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://www.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\NppBHO.dll [Reg Data - Value does not exist] -> Symantec Corporation [Ver = 2007.1.00.133 | Size = 93400 bytes | Modified Date = 9/6/2006 12:18:24 AM | Attr = R ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 1/20/2007 7:42:14 PM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
[HKLM] -> Reg Data - Key not found [] -> File not found
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.00.133 | Size = 510152 bytes | Modified Date = 9/6/2006 12:18:36 AM | Attr = R ]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\Hp\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\Hp\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\Hp\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 4:26:28 AM | Attr = ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Value does not exist ->
{A75C6120-9B36-11d4-A3F0-009027427750} -> 8195 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8197 - Reg Data - Key not found ->
{e2e2dd38-d088-4134-82b7-f2ba38496583} -> 8200 - Reg Data - Key not found ->
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8196 - Yahoo! Messenger ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8201 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 132744 bytes | Modified Date = 1/20/2007 7:42:00 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 1/20/2007 7:42:14 PM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 1:17:28 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> %ProgramFiles%\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 5947484 bytes | Modified Date = 2/2/2005 7:03:38 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{51917337-5113-4EC2-9CB6-C6212D0EF3E9} [HKLM] -> Reg Data - Key not found [BPS Data Shredder Context Menu] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
{B6122A50-EAB5-11D3-9E7F-EBF4F0595714} [HKLM] -> Reg Data - Key not found [Tauscan Menu] -> File not found
{B8323370-FF27-11D2-97B6-204C4F4F5020} [HKLM] -> %ProgramFiles%\SmartFTP Client 2.0\smarthook.dll [SmartFTP Shell Extension DLL] -> SmartFTP [Ver = 1.0.2.1 | Size = 73408 bytes | Modified Date = 10/11/2006 7:20:20 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM

#13 mictamcody2000

mictamcody2000
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Location:Lansing, Michigan
  • Local time:03:20 AM

Posted 26 February 2007 - 04:04 PM

Heres The second part:

[quote]{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [Multiscan] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 14.0.0.89 | Size = 173728 bytes | Modified Date = 9/7/2006 12:38:28 AM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [ZLAVShExt] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 14.0.0.89 | Size = 173728 bytes | Modified Date = 9/7/2006 12:38:28 AM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [ZLAVShExt] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2B845624-5C78-45B9-B7C8-428EBCDDFB4A} -> (1394 Net Adapter) ->
{8D6BE560-9FE6-4B90-9DBF-6E9A69120B21} -> (Broadcom 802.11b/g WLAN) ->
{E5D5A5BE-B1A1-4D55-A551-C4C6274B7C8B} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=58813 ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB ->
{14C1B87C-3342-445F-9B5E-365FF330A3AC} -> Hewlett-Packard Online Support Services - CodeBase = http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9...heckControl.cab ->
{1842B0EE-B597-11D4-8997-00104BD12D94} -> iCC Class - CodeBase = http://www.pcpitstop.com/internet/pcpConnCheck.cab ->
{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> TmHcmsX Control - CodeBase = http://www.trendsecure.com/service_compone...vex/TmHcmsX.CAB ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> - CodeBase = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab ->
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> FilePlanet Download Control Class - CodeBase = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab ->
{68BCE50A-DC9B-4519-A118-6FDA19DB450D} -> Info Class - CodeBase = http://www.blizzard.com/support/includes/cabs/si.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1139051276125 ->
{745395C8-D0E1-4227-8586-624CA9A10A8D} -> AxisMediaControl Class - CodeBase = http://129.15.200.151/activex/AMC.cab ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} -> WScanCtl Class - CodeBase = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab ->
{7F8C8173-AD80-4807-AA75-5672F22B4582} -> ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotion...anner371290.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{9D190AE6-C81E-4039-8061-978EBAD10073} -> F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> Update Class - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...9058.7532291667 ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
{EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} -> - CodeBase = http://lg.home.microsoft.com/search/lobby/searchsettings.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/...907/mcfscan.cab ->

[Files - Created Within 90 days]
BackupRegistry(20070202).reg -> %SystemDrive%\BackupRegistry(20070202).reg -> [Ver = | Size = 100844734 bytes | Created Date = 2/2/2007 12:15:41 PM | Attr = ]
BOOT.BKK -> %SystemDrive%\BOOT.BKK -> [Ver = | Size = 211 bytes | Created Date = 2/4/2007 2:29:16 AM | Attr = HS]
TEST.XML -> %SystemDrive%\TEST.XML -> [Ver = | Size = 45 bytes | Created Date = 2/5/2007 2:58:07 PM | Attr = ]
1.bmp -> %UserDocuments%\1.bmp -> [Ver = | Size = 13972 bytes | Created Date = 2/5/2007 3:25:10 AM | Attr = ]
192.168.1.-5900.vnc -> %UserDocuments%\192.168.1.-5900.vnc -> [Ver = | Size = 509 bytes | Created Date = 1/25/2007 7:16:51 PM | Attr = ]
8.bmp -> %UserDocuments%\8.bmp -> [Ver = | Size = 228 bytes | Created Date = 2/5/2007 3:25:20 AM | Attr = ]
C_Shell[1].htm -> %UserDocuments%\C_Shell[1].htm -> [Ver = | Size = 20013 bytes | Created Date = 2/2/2007 3:48:04 AM | Attr = ]
d2hackmap_v2.10_lite.zip -> %UserDocuments%\d2hackmap_v2.10_lite.zip -> [Ver = | Size = 1262840 bytes | Created Date = 2/18/2007 7:27:37 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\d2hackmap_v2.10_lite.zip:Zone.Identifier ->
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 637 bytes | Created Date = 2/2/2007 8:01:38 PM | Attr = ]
TMCBP_MoD.zip -> %UserDocuments%\TMCBP_MoD.zip -> [Ver = | Size = 1163051 bytes | Created Date = 2/18/2007 7:12:21 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TMCBP_MoD.zip:Zone.Identifier ->
wireshark-setup-0.99.4.exe -> %UserDocuments%\wireshark-setup-0.99.4.exe -> [Ver = | Size = 15163750 bytes | Created Date = 1/27/2007 3:27:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\wireshark-setup-0.99.4.exe:Zone.Identifier ->
Download Manager.lnk -> %AllUsersDesktop%\Download Manager.lnk -> [Ver = | Size = 830 bytes | Created Date = 2/17/2007 2:19:58 AM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 2/8/2007 12:12:52 AM | Attr = ]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk -> [Ver = | Size = 1657 bytes | Created Date = 1/25/2007 1:16:46 AM | Attr = ]
Norton Internet Security.lnk -> %AllUsersDesktop%\Norton Internet Security.lnk -> [Ver = | Size = 1960 bytes | Created Date = 12/20/2006 6:49:12 PM | Attr = ]
SensorsView Pro 3.1.lnk -> %AllUsersDesktop%\SensorsView Pro 3.1.lnk -> [Ver = | Size = 793 bytes | Created Date = 2/2/2007 4:47:51 AM | Attr = ]
SmartFTP Client.lnk -> %AllUsersDesktop%\SmartFTP Client.lnk -> [Ver = | Size = 1844 bytes | Created Date = 2/5/2007 4:48:05 AM | Attr = ]
Windows Live Messenger.lnk -> %AllUsersDesktop%\Windows Live Messenger.lnk -> [Ver = | Size = 1791 bytes | Created Date = 2/13/2007 1:58:58 PM | Attr = ]
Wireshark.lnk -> %AllUsersDesktop%\Wireshark.lnk -> [Ver = | Size = 1473 bytes | Created Date = 1/27/2007 3:57:36 PM | Attr = ]
28670.zip -> %UserDesktop%\28670.zip -> [Ver = | Size = 1065115 bytes | Created Date = 2/4/2007 1:47:20 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\28670.zip:Zone.Identifier ->
AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Large.jpg -> %UserDesktop%\AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Large.jpg -> [Ver = | Size = 10823 bytes | Created Date = 12/21/2006 12:07:28 PM | Attr = HS]
AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Small.jpg -> %UserDesktop%\AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Small.jpg -> [Ver = | Size = 2504 bytes | Created Date = 12/21/2006 12:07:28 PM | Attr = HS]
AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Large.jpg -> %UserDesktop%\AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Large.jpg -> [Ver = | Size = 12488 bytes | Created Date = 12/21/2006 9:44:38 PM | Attr = HS]
AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Small.jpg -> %UserDesktop%\AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Small.jpg -> [Ver = | Size = 3165 bytes | Created Date = 12/21/2006 9:44:38 PM | Attr = HS]
AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Large.jpg -> %UserDesktop%\AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Large.jpg -> [Ver = | Size = 5079 bytes | Created Date = 12/21/2006 9:33:00 PM | Attr = HS]
AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Small.jpg -> %UserDesktop%\AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Small.jpg -> [Ver = | Size = 1569 bytes | Created Date = 12/21/2006 9:33:00 PM | Attr = HS]
AlbumArt_{77D1BA2E-C2E7-4709-8040-4D059792F45E}_Large.jpg -> %UserDesktop%\AlbumArt_{77D1BA2E-C2E7-4709-8040-4D059792F45E}_Large.jpg -> [Ver = | Size = 11848 bytes | Created Date = 12/21/2006 9:42:15 PM | Attr = HS]
AlbumArt_{77D1BA2E-C2E7-4709-8040-4D059792F45E}_Small.jpg -> %UserDesktop%\AlbumArt_{77D1BA2E-C2E7-4709-8040-4D059792F45E}_Small.jpg -> [Ver = | Size = 2909 bytes | Created Date = 12/21/2006 9:42:15 PM | Attr = HS]
AlbumArt_{7D652868-55B2-43A8-8B44-32C6457608D0}_Large.jpg -> %UserDesktop%\AlbumArt_{7D652868-55B2-43A8-8B44-32C6457608D0}_Large.jpg -> [Ver = | Size = 42443 bytes | Created Date = 12/21/2006 9:39:24 PM | Attr = HS]
AlbumArt_{7D652868-55B2-43A8-8B44-32C6457608D0}_Small.jpg -> %UserDesktop%\AlbumArt_{7D652868-55B2-43A8-8B44-32C6457608D0}_Small.jpg -> [Ver = | Size = 2343 bytes | Created Date = 12/21/2006 9:39:24 PM | Attr = HS]
AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Large.jpg -> %UserDesktop%\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Large.jpg -> [Ver = | Size = 10260 bytes | Created Date = 12/21/2006 9:24:49 PM | Attr = HS]
AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Small.jpg -> %UserDesktop%\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Small.jpg -> [Ver = | Size = 2403 bytes | Created Date = 12/21/2006 9:24:49 PM | Attr = HS]
AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Large.jpg -> %UserDesktop%\AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Large.jpg -> [Ver = | Size = 8839 bytes | Created Date = 12/21/2006 12:07:39 PM | Attr = HS]
AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Small.jpg -> %UserDesktop%\AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Small.jpg -> [Ver = | Size = 2611 bytes | Created Date = 12/21/2006 12:07:39 PM | Attr = HS]
AlbumArt_{E3E8E702-1562-4E8C-95D4-7F13B167E076}_Large.jpg -> %UserDesktop%\AlbumArt_{E3E8E702-1562-4E8C-95D4-7F13B167E076}_Large.jpg -> [Ver = | Size = 15597 bytes | Created Date = 12/21/2006 9:43:10 PM | Attr = HS]
AlbumArt_{E3E8E702-1562-4E8C-95D4-7F13B167E076}_Small.jpg -> %UserDesktop%\AlbumArt_{E3E8E702-1562-4E8C-95D4-7F13B167E076}_Small.jpg -> [Ver = | Size = 3359 bytes | Created Date = 12/21/2006 9:43:10 PM | Attr = HS]
AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Large.jpg -> %UserDesktop%\AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Large.jpg -> [Ver = | Size = 10073 bytes | Created Date = 12/21/2006 9:42:47 PM | Attr = HS]
AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Small.jpg -> %UserDesktop%\AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Small.jpg -> [Ver = | Size = 2618 bytes | Created Date = 12/21/2006 9:42:47 PM | Attr = HS]
Apply DameK UltraBlue.lnk -> %UserDesktop%\Apply DameK UltraBlue.lnk -> [Ver = | Size = 1744 bytes | Created Date = 2/5/2007 12:36:29 AM | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2/24/2007 8:58:21 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
Cain.lnk -> %UserDesktop%\Cain.lnk -> [Ver = | Size = 1541 bytes | Created Date = 1/26/2007 3:05:12 PM | Attr = ]
Dev-C++.lnk -> %UserDesktop%\Dev-C++.lnk -> [Ver = | Size = 568 bytes | Created Date = 1/28/2007 2:26:22 AM | Attr = ]
ipscan.exe -> %UserDesktop%\ipscan.exe -> Angryziber Software [Ver = 0, 0, 0, 0 | Size = 111104 bytes | Created Date = 2/12/2007 4:28:20 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ipscan.exe:Zone.Identifier ->
iTunesSetup.exe -> %UserDesktop%\iTunesSetup.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 36808256 bytes | Created Date = 2/7/2007 11:47:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iTunesSetup.exe:Zone.Identifier ->
JAP.lnk -> %UserDesktop%\JAP.lnk -> [Ver = | Size = 704 bytes | Created Date = 1/20/2007 7:12:04 PM | Attr = ]
mergemodules.msi -> %UserDesktop%\mergemodules.msi -> [Ver = | Size = 1851392 bytes | Created Date = 2/21/2007 4:37:19 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\mergemodules.msi:Zone.Identifier ->
Packet Sniffer - Colasoft Capsa 6.3 Enterprise Demo.lnk -> %UserDesktop%\Packet Sniffer - Colasoft Capsa 6.3 Enterprise Demo.lnk -> [Ver = | Size = 946 bytes | Created Date = 1/27/2007 3:41:29 PM | Attr = ]
Packet Sniffer - Colasoft Capsa 6.3 Professional Demo.lnk -> %UserDesktop%\Packet Sniffer - Colasoft Capsa 6.3 Professional Demo.lnk -> [Ver = | Size = 972 bytes | Created Date = 1/27/2007 3:41:29 PM | Attr = ]
putty.exe -> %UserDesktop%\putty.exe -> Simon Tatham [Ver = Release 0.59 | Size = 454656 bytes | Created Date = 1/26/2007 2:21:09 PM | Attr = ]
scbot.lnk -> %UserDesktop%\scbot.lnk -> [Ver = | Size = 716 bytes | Created Date = 12/10/2006 6:50:48 PM | Attr = ]
Shortcut to d2hackmap.lnk -> %UserDesktop%\Shortcut to d2hackmap.lnk -> [Ver = | Size = 995 bytes | Created Date = 2/18/2007 7:41:01 PM | Attr = ]
Shortcut to D2Loader-1.11b.lnk -> %UserDesktop%\Shortcut to D2Loader-1.11b.lnk -> [Ver = | Size = 852 bytes | Created Date = 2/10/2007 3:45:18 AM | Attr = ]
Shortcut to StealthBot.lnk -> %UserDesktop%\Shortcut to StealthBot.lnk -> [Ver = | Size = 580 bytes | Created Date = 2/12/2007 12:52:11 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 344820 bytes | Created Date = 2/25/2007 4:16:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
WinXP Manager.lnk -> %UserDesktop%\WinXP Manager.lnk -> [Ver = | Size = 2489 bytes | Created Date = 2/2/2007 5:00:56 AM | Attr = ]
Zune.lnk -> %UserDesktop%\Zune.lnk -> [Ver = | Size = 642 bytes | Created Date = 12/21/2006 11:48:24 AM | Attr = ]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1771 bytes | Created Date = 2/10/2007 9:14:46 PM | Attr = ]
HP Digital Imaging Monitor.lnk -> %AllUsersStartup%\HP Digital Imaging Monitor.lnk -> [Ver = | Size = 1808 bytes | Created Date = 2/10/2007 9:14:46 PM | Attr = ]
hp psc 2000 Series.lnk -> %AllUsersStartup%\hp psc 2000 Series.lnk -> [Ver = | Size = 806 bytes | Created Date = 2/10/2007 9:14:46 PM | Attr = ]
hpoddt01.exe.lnk -> %AllUsersStartup%\hpoddt01.exe.lnk -> [Ver = | Size = 689 bytes | Created Date = 2/10/2007 9:14:46 PM | Attr = ]
asquared.ini -> %SystemRoot%\asquared.ini -> [Ver = | Size = 106 bytes | Created Date = 12/1/2006 9:21:17 AM | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.0.3 | Size = 720896 bytes | Created Date = 2/5/2007 12:36:29 AM | Attr = ]
pfirewall.log.old -> %SystemRoot%\pfirewall.log.old -> [Ver = | Size = 4259845 bytes | Created Date = 1/17/2007 12:26:48 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 2/26/2007 3:21:10 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 2/26/2007 3:21:10 PM | Attr = H ]
taumon.INI -> %SystemRoot%\taumon.INI -> [Ver = | Size = 619 bytes | Created Date = 12/7/2006 2:58:25 PM | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 75512 bytes | Created Date = 2/12/2007 3:18:48 AM | Attr = ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 16 bytes | Created Date = 12/20/2006 9:23:16 PM | Attr = ]
CSCODER63U.dll -> %System32%\CSCODER63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 318 | Size = 20480 bytes | Created Date = 1/27/2007 3:41:25 PM | Attr = ]
CSCPPSTD63U.dll -> %System32%\CSCPPSTD63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 303 | Size = 110592 bytes | Created Date = 1/27/2007 3:41:25 PM | Attr = ]
CSFI37.dll -> %System32%\CSFI37.dll -> FreeImage [Ver = 3, 7, 0, 0 | Size = 1048576 bytes | Created Date = 1/27/2007 3:41:25 PM | Attr = ]
CSGEOIP63U.dll -> %System32%\CSGEOIP63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 272 | Size = 45056 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSIMAPI63U.dll -> %System32%\CSIMAPI63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 166 | Size = 118784 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSIPI63U.dll -> %System32%\CSIPI63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 176 | Size = 49152 bytes | Created Date = 1/27/2007 3:41:25 PM | Attr = ]
CSMFCSTD63U.dll -> %System32%\CSMFCSTD63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 222 | Size = 94208 bytes | Created Date = 1/27/2007 3:41:25 PM | Attr = ]
CSMFCUI63U.dll -> %System32%\CSMFCUI63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 273 | Size = 131072 bytes | Created Date = 1/27/2007 3:41:25 PM | Attr = ]
CSMUI63U.dll -> %System32%\CSMUI63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 188 | Size = 102400 bytes | Created Date = 1/27/2007 3:41:25 PM | Attr = ]
CSNDIS63.dll -> %System32%\CSNDIS63.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 66 | Size = 114688 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSNETCFG.dll -> %System32%\CSNETCFG.dll -> Windows ® 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 13069 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSNPL63.dll -> %System32%\CSNPL63.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 277 | Size = 57344 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSNPM63U.dll -> %System32%\CSNPM63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 335 | Size = 176128 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSNPS63U.dll -> %System32%\CSNPS63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 242 | Size = 290816 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSPCE63U.dll -> %System32%\CSPCE63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 426 | Size = 249856 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSPFF63U.dll -> %System32%\CSPFF63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 348 | Size = 77824 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSPFL63U.dll -> %System32%\CSPFL63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 363 | Size = 167936 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSTDIAPI63U.dll -> %System32%\CSTDIAPI63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 195 | Size = 94208 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSUPDATE11U.dll -> %System32%\CSUPDATE11U.dll -> Colasoft Co., Ltd. [Ver = 1, 1, 1, 497 | Size = 204800 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
CSXTP1031u.dll -> %System32%\CSXTP1031u.dll -> Codejock Software [Ver = 10, 3, 1, 0 | Size = 4231168 bytes | Created Date = 1/27/2007 3:41:25 PM | Attr = ]
CSXTUI22U.dll -> %System32%\CSXTUI22U.dll -> Colasoft Co., Ltd. [Ver = 2, 1, 1, 512 | Size = 147456 bytes | Created Date = 1/27/2007 3:41:25 PM | Attr = ]
EtherProto.dat -> %System32%\EtherProto.dat -> [Ver = | Size = 10279 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 1/20/2007 7:43:12 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Created Date = 1/20/2007 7:43:13 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 1/20/2007 7:43:12 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Created Date = 1/20/2007 7:43:13 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 2/12/2007 3:18:06 AM | Attr = ]
mbmiodrvr.sys -> %System32%\mbmiodrvr.sys -> cansoft@livewiredev.com [Ver = 1.0 built by: WinDDK | Size = 2944 bytes | Created Date = 2/2/2007 4:43:12 AM | Attr = ]
Netprof.dat -> %System32%\Netprof.dat -> [Ver = | Size = 1031862 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
Oeminfo.ini -> %System32%\Oeminfo.ini -> [Ver = | Size = 34 bytes | Created Date = 2/3/2007 11:58:22 PM | Attr = ]
Oemlogo.bmp -> %System32%\Oemlogo.bmp -> [Ver = | Size = 458302 bytes | Created Date = 2/3/2007 11:58:22 PM | Attr = ]
OUI.dat -> %System32%\OUI.dat -> [Ver = | Size = 331164 bytes | Created Date = 1/27/2007 3:41:26 PM | Attr = ]
plugin1.dat -> %System32%\plugin1.dat -> [Ver = | Size = 51733 bytes | Created Date = 2/8/2007 8:01:24 AM | Attr = ]
PowerToysLicense.rtf -> %System32%\PowerToysLicense.rtf -> [Ver = | Size = 160217 bytes | Created Date = 1/26/2007 12:28:50 PM | Attr = ]
sirenacm.dll -> %System32%\sirenacm.dll -> Microsoft Corp. [Ver = 8.1.0178.00 | Size = 51056 bytes | Created Date = 1/19/2007 12:53:04 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49253 bytes | Created Date = 2/12/2007 3:17:50 AM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 394160 bytes | Created Date = 2/12/2007 3:17:50 AM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 157424 bytes | Created Date = 2/12/2007 3:16:19 AM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 104176 bytes | Created Date = 2/12/2007 3:17:50 AM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 272112 bytes | Created Date = 2/12/2007 3:17:50 AM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 71408 bytes | Created Date = 2/12/2007 3:18:06 AM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 472816 bytes | Created Date = 2/12/2007 3:16:19 AM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 46832 bytes | Created Date = 2/12/2007 3:17:52 AM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 83696 bytes | Created Date = 2/12/2007 3:17:58 AM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 71408 bytes | Created Date = 2/12/2007 3:17:59 AM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 2/12/2007 3:17:51 AM | Attr = ]
apps.chm -> %System32%\dllcache\apps.chm -> [Ver = | Size = 79996 bytes | Created Date = 2/2/2007 7:29:04 PM | Attr = ]
103C_HP_NTBK_Pavilion ZV6100 (EC373UA#ABA)_YN_0Pavi_QCND5490593_E393291001_46_I3085_SHP_V42.3B_BF.1B_T051011_WXH2_L409_M1279_J100_7AMD_8Athlon 64_90.99_#050511_N10EC8139_(EC373UA#ABA)_XMOBILE_CN10_Z10024378_2F.1B.MRK -> %System32%\drivers\103C_HP_NTBK_Pavilion ZV6100 (EC373UA#ABA)_YN_0Pavi_QCND5490593_E393291001_46_I3085_SHP_V42.3B_BF.1B_T051011_WXH2_L409_M1279_J100_7AMD_8Athlon 64_90.99_#050511_N10EC8139_(EC373UA#ABA)_XMOBILE_CN10_Z10024378_2F.1B.MRK -> [Ver = | Size = 1672 bytes | Created Date = 2/25/2007 4:15:39 PM | Attr = RHS]
CSIMD50.sys -> %System32%\drivers\CSIMD50.sys -> Colasoft Co ., Ltd. [Ver = 5, 0, 1, 28 | Size = 21248 bytes | Created Date = 1/27/2007 3:41:27 PM | Attr = ]
CSNPD50.sys -> %System32%\drivers\CSNPD50.sys -> Colasoft Co., Ltd. [Ver = 5.0.0.25 built by: WinDDK | Size = 18048 bytes | Created Date = 1/27/2007 3:41:27 PM | Attr = ]
CSTDI40.sys -> %System32%\drivers\CSTDI40.sys -> Colasoft Co ., Ltd. [Ver = 5, 0, 1, 32 | Size = 41816 bytes | Created Date = 1/27/2007 3:41:28 PM | Attr = ]
CSTDI50.sys -> %System32%\drivers\CSTDI50.sys -> Colasoft Co ., Ltd. [Ver = 5, 0, 1, 32 | Size = 24832 bytes | Created Date = 1/27/2007 3:41:27 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 290336 bytes | Created Date = 1/24/2007 11:09:25 AM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 4220 bytes | Created Date = 1/24/2007 11:09:25 AM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 4384 bytes | Created Date = 1/24/2007 11:09:25 AM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1412 bytes | Created Date = 1/24/2007 11:09:25 AM | Attr = HS]
oreans32.sys -> %System32%\drivers\oreans32.sys -> [Ver = | Size = 33952 bytes | Created Date = 2/8/2007 8:01:22 AM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 1/19/2007 1:17:44 AM | Attr = ]

[Files - Modified Within 90 days]
BackupRegistry(20070202).reg -> %SystemDrive%\BackupRegistry(20070202).reg -> [Ver = | Size = 100844734 bytes | Modified Date = 2/2/2007 12:16:04 PM | Attr = ]
BOOT.BKK -> %SystemDrive%\BOOT.BKK -> [Ver = | Size = 211 bytes | Modified Date = 2/3/2007 10:33:48 PM | Attr = HS]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 354 bytes | Modified Date = 2/18/2007 10:10:18 PM | Attr = HS]
hpfr5550.xml -> %SystemDrive%\hpfr5550.xml -> [Ver = | Size = 488 bytes | Modified Date = 2/1/2007 9:04:34 PM | Attr = ]
TEST.XML -> %SystemDrive%\TEST.XML -> [Ver = | Size = 45 bytes | Modified Date = 2/10/2007 3:53:30 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 35840 bytes | Modified Date = 2/8/2007 5:57:32 AM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 71704 bytes | Modified Date = 2/2/2007 5:01:22 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 2643528 bytes | Modified Date = 2/24/2007 9:58:02 PM | Attr = H ]
desktop.ini -> %AllUsersDocuments%\desktop.ini -> [Ver = | Size = 138 bytes | Modified Date = 1/17/2007 12:26:54 PM | Attr = HS]
1.bmp -> %UserDocuments%\1.bmp -> [Ver = | Size = 13972 bytes | Modified Date = 2/5/2007 3:25:12 AM | Attr = ]
192.168.1.-5900.vnc -> %UserDocuments%\192.168.1.-5900.vnc -> [Ver = | Size = 509 bytes | Modified Date = 1/25/2007 7:17:00 PM | Attr = ]
8.bmp -> %UserDocuments%\8.bmp -> [Ver = | Size = 228 bytes | Modified Date = 2/5/2007 3:25:22 AM | Attr = ]
C_Shell[1].htm -> %UserDocuments%\C_Shell[1].htm -> [Ver = | Size = 20013 bytes | Modified Date = 2/2/2007 3:32:06 AM | Attr = ]
d2hackmap_v2.10_lite.zip -> %UserDocuments%\d2hackmap_v2.10_lite.zip -> [Ver = | Size = 1262840 bytes | Modified Date = 2/18/2007 7:28:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\d2hackmap_v2.10_lite.zip:Zone.Identifier ->
desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 75 bytes | Modified Date = 2/2/2007 6:54:56 PM | Attr = HS]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 637 bytes | Modified Date = 2/26/2007 2:57:34 PM | Attr = ]
TMCBP_MoD.zip -> %UserDocuments%\TMCBP_MoD.zip -> [Ver = | Size = 1163051 bytes | Modified Date = 2/18/2007 7:13:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TMCBP_MoD.zip:Zone.Identifier ->
wireshark-setup-0.99.4.exe -> %UserDocuments%\wireshark-setup-0.99.4.exe -> [Ver = | Size = 15163750 bytes | Modified Date = 1/27/2007 3:27:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\wireshark-setup-0.99.4.exe:Zone.Identifier ->
Download Manager.lnk -> %AllUsersDesktop%\Download Manager.lnk -> [Ver = | Size = 830 bytes | Modified Date = 2/17/2007 2:20:00 AM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 2/11/2007 8:47:48 PM | Attr = ]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk -> [Ver = | Size = 1657 bytes | Modified Date = 1/25/2007 1:16:48 AM | Attr = ]
Norton Internet Security.lnk -> %AllUsersDesktop%\Norton Internet Security.lnk -> [Ver = | Size = 1960 bytes | Modified Date = 12/20/2006 6:49:14 PM | Attr = ]
SensorsView Pro 3.1.lnk -> %AllUsersDesktop%\SensorsView Pro 3.1.lnk -> [Ver = | Size = 793 bytes | Modified Date = 2/2/2007 4:47:52 AM | Attr = ]
SmartFTP Client.lnk -> %AllUsersDesktop%\SmartFTP Client.lnk -> [Ver = | Size = 1844 bytes | Modified Date = 2/5/2007 4:48:06 AM | Attr = ]
Windows Live Messenger.lnk -> %AllUsersDesktop%\Windows Live Messenger.lnk -> [Ver = | Size = 1791 bytes | Modified Date = 2/13/2007 1:59:00 PM | Attr = ]
Wireshark.lnk -> %AllUsersDesktop%\Wireshark.lnk -> [Ver = | Size = 1473 bytes | Modified Date = 1/27/2007 3:57:38 PM | Attr = ]
-x-50_cent_-_candy_shop.mp3 -> %UserDesktop%\-x-50_cent_-_candy_shop.mp3 -> [Ver = | Size = 5059488 bytes | Modified Date = 12/21/2006 9:46:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\-x-50_cent_-_candy_shop.mp3:Zone.Identifier ->
1-06 Lose Yourself.m4a -> %UserDesktop%\1-06 Lose Yourself.m4a -> [Ver = | Size = 5346272 bytes | Modified Date = 12/21/2006 9:15:50 PM | Attr = ]
15.mp3 -> %UserDesktop%\15.mp3 -> [Ver = | Size = 5858159 bytes | Modified Date = 12/21/2006 9:39:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\15.mp3:Zone.Identifier ->
200549115241215.mp3 -> %UserDesktop%\200549115241215.mp3 -> [Ver = | Size = 5769570 bytes | Modified Date = 12/21/2006 9:46:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\200549115241215.mp3:Zone.Identifier ->
28670.zip -> %UserDesktop%\28670.zip -> [Ver = | Size = 1065115 bytes | Modified Date = 2/4/2007 1:47:44 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\28670.zip:Zone.Identifier ->
385034.mp3 -> %UserDesktop%\385034.mp3 -> [Ver = | Size = 2594944 bytes | Modified Date = 12/21/2006 9:39:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\385034.mp3:Zone.Identifier ->
a18af.33a75.mp3 -> %UserDesktop%\a18af.33a75.mp3 -> [Ver = | Size = 6506506 bytes | Modified Date = 12/21/2006 9:46:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\a18af.33a75.mp3:Zone.Identifier ->
AlbumArtSmall.jpg -> %UserDesktop%\AlbumArtSmall.jpg -> [Ver = | Size = 2530 bytes | Modified Date = 2/5/2007 5:15:04 AM | Attr = HS]
AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Large.jpg -> %UserDesktop%\AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Large.jpg -> [Ver = | Size = 10823 bytes | Modified Date = 12/21/2006 12:07:22 PM | Attr = HS]
AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Small.jpg -> %UserDesktop%\AlbumArt_{141B1196-A3BE-4B35-AB72-6235D31BA50D}_Small.jpg -> [Ver = | Size = 2504 bytes | Modified Date = 12/21/2006 12:07:12 PM | Attr = HS]
AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Large.jpg -> %UserDesktop%\AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Large.jpg -> [Ver = | Size = 12488 bytes | Modified Date = 12/21/2006 9:44:38 PM | Attr = HS]
AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Small.jpg -> %UserDesktop%\AlbumArt_{20AB63B1-3D30-4425-960C-15B814F6D0CB}_Small.jpg -> [Ver = | Size = 3165 bytes | Modified Date = 12/21/2006 9:44:38 PM | Attr = HS]
AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Large.jpg -> %UserDesktop%\AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Large.jpg -> [Ver = | Size = 5079 bytes | Modified Date = 12/21/2006 9:05:40 PM | Attr = HS]
AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Small.jpg -> %UserDesktop%\AlbumArt_{38C5F683-6223-462A-8B9F-E120B85FA95C}_Small.jpg -> [Ver = | Size = 1569 bytes | Modified Date = 12/21/2006 9:04:40 PM | Attr = HS]
AlbumArt_{77D1BA2E-C2E7-4709-8040-4D059792F45E}_Large.jpg -> %UserDesktop%\AlbumArt_{77D1BA2E-C2E7-4709-8040-4D059792F45E}_Large.jpg -> [Ver = | Size = 11848 bytes | Modified Date = 12/21/2006 9:42:16 PM | Attr = HS]
AlbumArt_{77D1BA2E-C2E7-4709-8040-4D059792F45E}_Small.jpg -> %UserDesktop%\AlbumArt_{77D1BA2E-C2E7-4709-8040-4D059792F45E}_Small.jpg -> [Ver = | Size = 2909 bytes | Modified Date = 12/21/2006 9:42:14 PM | Attr = HS]
AlbumArt_{7D652868-55B2-43A8-8B44-32C6457608D0}_Large.jpg -> %UserDesktop%\AlbumArt_{7D652868-55B2-43A8-8B44-32C6457608D0}_Large.jpg -> [Ver = | Size = 42443 bytes | Modified Date = 12/21/2006 9:39:20 PM | Attr = HS]
AlbumArt_{7D652868-55B2-43A8-8B44-32C6457608D0}_Small.jpg -> %UserDesktop%\AlbumArt_{7D652868-55B2-43A8-8B44-32C6457608D0}_Small.jpg -> [Ver = | Size = 2343 bytes | Modified Date = 12/21/2006 9:39:14 PM | Attr = HS]
AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Large.jpg -> %UserDesktop%\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Large.jpg -> [Ver = | Size = 10260 bytes | Modified Date = 12/21/2006 9:21:46 PM | Attr = HS]
AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Small.jpg -> %UserDesktop%\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Small.jpg -> [Ver = | Size = 2403 bytes | Modified Date = 12/21/2006 9:20:02 PM | Attr = HS]
AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Large.jpg -> %UserDesktop%\AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Large.jpg -> [Ver = | Size = 8839 bytes | Modified Date = 12/21/2006 12:07:36 PM | Attr = HS]
AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Small.jpg -> %UserDesktop%\AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Small.jpg -> [Ver = | Size = 2611 bytes | Modified Date = 12/21/2006 12:07:24 PM | Attr = HS]
AlbumArt_{E3E8E702-1562-4E8C-95D4-7F13B167E076}_Large.jpg -> %UserDesktop%\AlbumArt_{E3E8E702-1562-4E8C-95D4-7F13B167E076}_Large.jpg -> [Ver = | Size = 15597 bytes | Modified Date = 12/21/2006 9:43:08 PM | Attr = HS]
AlbumArt_{E3E8E702-1562-4E8C-95D4-7F13B167E076}_Small.jpg -> %UserDesktop%\AlbumArt_{E3E8E702-1562-4E8C-95D4-7F13B167E076}_Small.jpg -> [Ver = | Size = 3359 bytes | Modified Date = 12/21/2006 9:43:04 PM | Attr = HS]
AlbumArt_{EBF9A281-2212-4F27-BA5D-93C804A7E816}_Large.jpg -> %UserDesktop%\AlbumArt_{EBF9A281-2212-4F27-BA5D-93C804A7E816}_Large.jpg -> [Ver = | Size = 10559 bytes | Modified Date = 2/5/2007 5:15:20 AM | Attr = HS]
AlbumArt_{EBF9A281-2212-4F27-BA5D-93C804A7E816}_Small.jpg -> %UserDesktop%\AlbumArt_{EBF9A281-2212-4F27-BA5D-93C804A7E816}_Small.jpg -> [Ver = | Size = 2530 bytes | Modified Date = 2/5/2007 5:15:04 AM | Attr = HS]
AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Large.jpg -> %UserDesktop%\AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Large.jpg -> [Ver = | Size = 10073 bytes | Modified Date = 12/21/2006 9:42:46 PM | Attr = HS]
AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Small.jpg -> %UserDesktop%\AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Small.jpg -> [Ver = | Size = 2618 bytes | Modified Date = 12/21/2006 9:42:44 PM | Attr = HS]
Apply DameK UltraBlue.lnk -> %UserDesktop%\Apply DameK UltraBlue.lnk -> [Ver = | Size = 1744 bytes | Modified Date = 2/5/2007 12:36:30 AM | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/24/2007 8:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
Black Eyed Peas -05- My Humps.mp3 -> %UserDesktop%\Black Eyed Peas -05- My Humps.mp3 -> [Ver = | Size = 5236614 bytes | Modified Date = 12/21/2006 1:09:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Black Eyed Peas -05- My Humps.mp3:Zone.Identifier ->
bubba_sparxxx_f_ying_yang_twins_miss_new_booty_instru.mp3 -> %UserDesktop%\bubba_sparxxx_f_ying_yang_twins_miss_new_booty_instru.mp3 -> [Ver = | Size = 6742552 bytes | Modified Date = 12/21/2006 9:47:00 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\bubba_sparxxx_f_ying_yang_twins_miss_new_booty_instru.mp3:Zone.Identifier ->
Cain.lnk -> %UserDesktop%\Cain.lnk -> [Ver = | Size = 1541 bytes | Modified Date = 1/26/2007 6:59:48 PM | Attr = ]
cancel shutdown.lnk -> %UserDesktop%\cancel shutdown.lnk -> [Ver = | Size = 1575 bytes | Modified Date = 1/29/2007 10:17:12 PM | Attr = ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1603 bytes | Modified Date = 2/2/2007 4:30:34 AM | Attr = ]
Command Prompt.lnk -> %UserDesktop%\Command Prompt.lnk -> [Ver = | Size = 1802 bytes | Modified Date = 1/21/2007 11:21:46 PM | Attr = ]
desktop.ini -> %UserDesktop%\desktop.ini -> [Ver = | Size = 369 bytes | Modified Date = 2/5/2007 5:15:40 AM | Attr = HS]
Dev-C++.lnk -> %UserDesktop%\Dev-C++.lnk -> [Ver = | Size = 568 bytes | Modified Date = 1/28/2007 2:26:24 AM | Attr = ]
Diablo II.lnk -> %UserDesktop%\Diablo II.lnk -> [Ver = | Size = 841 bytes | Modified Date = 2/10/2007 3:47:38 AM | Attr = ]
Eminem - When Im Gone.mp3 -> %UserDesktop%\Eminem - When Im Gone.mp3 -> [Ver = | Size = 6782592 bytes | Modified Date = 12/21/2006 9:47:00 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Eminem - When Im Gone.mp3:Zone.Identifier ->
eminem 16 mockingbird.mp3 -> %UserDesktop%\eminem 16 mockingbird.mp3 -> [Ver = | Size = 5408768 bytes | Modified Date = 12/21/2006 9:40:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\eminem 16 mockingbird.mp3:Zone.Identifier ->
eminem-cleaning_out_my_closet.mp3 -> %UserDesktop%\eminem-cleaning_out_my_closet.mp3 -> [Ver = | Size = 3583856 bytes | Modified Date = 12/21/2006 9:47:00 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\eminem-cleaning_out_my_closet.mp3:Zone.Identifier ->
eminem-the_real_slim_santa.mp3 -> %UserDesktop%\eminem-the_real_slim_santa.mp3 -> [Ver = | Size = 2848768 bytes | Modified Date = 12/21/2006 9:41:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\eminem-the_real_slim_santa.mp3:Zone.Identifier ->
eye of the tiger.mp3 -> %UserDesktop%\eye of the tiger.mp3 -> [Ver = | Size = 3907126 bytes | Modified Date = 12/21/2006 9:41:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\eye of the tiger.mp3:Zone.Identifier ->
Folder.jpg -> %UserDesktop%\Folder.jpg -> [Ver = | Size = 10559 bytes | Modified Date = 2/5/2007 5:15:20 AM | Attr = HS]
Green Day - Wake Me Up When September Ends.mp3 -> %UserDesktop%\Green Day - Wake Me Up When September Ends.mp3 -> [Ver = | Size = 7938539 bytes | Modified Date = 12/21/2006 1:09:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Green Day - Wake Me Up When September Ends.mp3:Zone.Identifier ->
ipscan.exe -> %UserDesktop%\ipscan.exe -> Angryziber Software [Ver = 0, 0, 0, 0 | Size = 111104 bytes | Modified Date = 2/12/2007 4:28:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ipscan.exe:Zone.Identifier ->
iTunesSetup.exe -> %UserDesktop%\iTunesSetup.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 36808256 bytes | Modified Date = 2/8/2007 12:09:50 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iTunesSetup.exe:Zone.Identifier ->
JAP.lnk -> %UserDesktop%\JAP.lnk -> [Ver = | Size = 704 bytes | Modified Date = 1/18/2007 11:34:30 PM | Attr = ]
mergemodules.msi -> %UserDesktop%\mergemodules.msi -> [Ver = | Size = 1851392 bytes | Modified Date = 2/21/2007 4:37:22 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\mergemodules.msi:Zone.Identifier ->
Packet Sniffer - Colasoft Capsa 6.3 Enterprise Demo.lnk -> %UserDesktop%\Packet Sniffer - Colasoft Capsa 6.3 Enterprise Demo.lnk -> [Ver = | Size = 946 bytes | Modified Date = 1/27/2007 3:41:30 PM | Attr = ]
Packet Sniffer - Colasoft Capsa 6.3 Professional Demo.lnk -> %UserDesktop%\Packet Sniffer - Colasoft Capsa 6.3 Professional Demo.lnk -> [Ver = | Size = 972 bytes | Modified Date = 1/27/2007 3:41:30 PM | Attr = ]
putty.exe -> %UserDesktop%\putty.exe -> Simon Tatham [Ver = Release 0.59 | Size = 454656 bytes | Modified Date = 1/26/2007 2:21:24 PM | Attr = ]
scbot.lnk -> %UserDesktop%\scbot.lnk -> [Ver = | Size = 716 bytes | Modified Date = 12/10/2006 6:50:50 PM | Attr = ]
Shortcut to d2hackmap.lnk -> %UserDesktop%\Shortcut to d2hackmap.lnk -> [Ver = | Size = 995 bytes | Modified Date = 2/18/2007 7:41:02 PM | Attr = ]
Shortcut to D2Loader-1.11b.lnk -> %UserDesktop%\Shortcut to D2Loader-1.11b.lnk -> [Ver = | Size = 852 bytes | Modified Date = 2/18/2007 6:14:12 PM | Attr = ]
Shortcut to StealthBot.lnk -> %UserDesktop%\Shortcut to StealthBot.lnk -> [Ver = | Size = 580 bytes | Modified Date = 2/12/2007 12:52:12 AM | Attr = ]
shutdown and restart.lnk -> %UserDesktop%\shutdown and restart.lnk -> [Ver = | Size = 1845 bytes | Modified Date = 2/3/2007 10:14:12 PM | Attr = ]
shutdown.lnk -> %UserDesktop%\shutdown.lnk -> [Ver = | Size = 1573 bytes | Modified Date = 1/28/2007 9:05:18 PM | Attr = ]
soul survivor.mp3 -> %UserDesktop%\soul survivor.mp3 -> [Ver = | Size = 4626853 bytes | Modified Date = 12/21/2006 9:41:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\soul survivor.mp3:Zone.Identifier ->
stan.mp3 -> %UserDesktop%\stan.mp3 -> [Ver = | Size = 2035079 bytes | Modified Date = 12/21/2006 9:41:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\stan.mp3:Zone.Identifier ->
vincepham+iminluvwitstripper.mp3 -> %UserDesktop%\vincepham+iminluvwitstripper.mp3 -> [Ver = | Size = 3831766 bytes | Modified Date = 12/21/2006 9:41:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\vincepham+iminluvwitstripper.mp3:Zone.Identifier ->
Windows Media Player.lnk -> %UserDesktop%\Windows Media Player.lnk -> [Ver = | Size = 796 bytes | Modified Date = 12/10/2006 1:34:48 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 344820 bytes | Modified Date = 2/26/2007 3:02:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
WinXP Manager.lnk -> %UserDesktop%\WinXP Manager.lnk -> [Ver = | Size = 2489 bytes | Modified Date = 2/18/2007 10:02:52 PM | Attr = ]
Young Jock - Its Going Down drty.mp3 -> %UserDesktop%\Young Jock - Its Going Down drty.mp3 -> [Ver = | Size = 4839552 bytes | Modified Date = 12/21/2006 9:47:02 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Young Jock - Its Going Down drty.mp3:Zone.Identifier ->
Zune.lnk -> %UserDesktop%\Zune.lnk -> [Ver = | Size = 642 bytes | Modified Date = 12/21/2006 1:08:02 PM | Attr = ]
asquared.ini -> %SystemRoot%\asquared.ini -> [Ver = | Size = 106 bytes | Modified Date = 12/1/2006 9:21:18 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/25/2007 5:30:48 PM | Attr = S]
hpmonZ.exe -> %SystemRoot%\hpmonZ.exe -> Hewlett-Packard Company [Ver = 1, 0, 0, 5 | Size = 40960 bytes | Modified Date = 12/7/2006 7:21:02 PM | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.0.3 | Size = 720896 bytes | Modified Date = 2/5/2007 12:35:56 AM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 2/2/2007 7:01:56 PM | Attr = ]
pfirewall.log.old -> %SystemRoot%\pfirewall.log.old -> [Ver = | Size = 4259845 bytes | Modified Date = 2/25/2007 7:39:02 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2/26/2007 3:21:12 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2/26/2007 3:21:12 PM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 256 bytes | Modified Date = 2/10/2007 9:15:00 PM | Attr = ]
taumon.INI -> %SystemRoot%\taumon.INI -> [Ver = | Size = 619 bytes | Modified Date = 12/7/2006 2:58:26 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 915 bytes | Modified Date = 2/16/2007 5:05:48 PM | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 75512 bytes | Modified Date = 1/8/2007 2:29:40 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 12/9/2006 5:31:00 AM | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 2/25/2007 5:38:20 PM | Attr = ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 16 bytes | Modified Date = 2/23/2007 8:00:06 PM | Attr = ]
CSMFCUI63U.dll -> %System32%\CSMFCUI63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 273 | Size = 131072 bytes | Modified Date = 12/4/2006 1:48:42 PM | Attr = ]
CSNPL63.dll -> %System32%\CSNPL63.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 277 | Size = 57344 bytes | Modified Date = 12/4/2006 1:01:00 PM | Attr = ]
CSNPS63U.dll -> %System32%\CSNPS63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 242 | Size = 290816 bytes | Modified Date = 12/4/2006 1:01:00 PM | Attr = ]
CSPCE63U.dll -> %System32%\CSPCE63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 426 | Size = 249856 bytes | Modified Date = 12/4/2006 1:01:04 PM | Attr = ]
CSPFF63U.dll -> %System32%\CSPFF63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 348 | Size = 77824 bytes | Modified Date = 12/4/2006 1:01:02 PM | Attr = ]
CSPFL63U.dll -> %System32%\CSPFL63U.dll -> Colasoft Co., Ltd. [Ver = 6, 3, 1, 363 | Size = 167936 bytes | Modified Date = 12/4/2006 1:01:02 PM | Attr = ]
CSUPDATE11U.dll -> %System32%\CSUPDATE11U.dll -> Colasoft Co., Ltd. [Ver = 1, 1, 1, 497 | Size = 204800 bytes | Modified Date = 12/6/2006 2:24:02 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 264616 bytes | Modified Date = 2/1/2007 12:57:04 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 12/28/2006 11:45:58 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 1/20/2007 7:41:28 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 1/20/2007 7:41:28 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 1/20/2007 7:41:32 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 1/20/2007 7:41:32 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Modified Date = 1/8/2007 2:28:40 PM | Attr = ]
mcs.rma -> %System32%\mcs.rma -> [Ver = | Size = 870128 bytes | Modified Date = 1/20/2007 3:43:36 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 12/9/2006 5:31:00 AM | Attr = ]
Oeminfo.ini -> %System32%\Oeminfo.ini -> [Ver = | Size = 34 bytes | Modified Date = 2/3/2007 11:58:24 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 12/28/2006 11:45:50 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 73830 bytes | Modified Date = 2/18/2007 7:06:00 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 444560 bytes | Modified Date = 2/18/2007 7:06:00 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 525222 bytes | Modified Date = 2/18/2007 7:06:00 PM | Attr = ]
plugin1.dat -> %System32%\plugin1.dat -> [Ver = | Size = 51733 bytes | Modified Date = 2/24/2007 3:40:16 PM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.3.0.15 | Size = 48776 bytes | Modified Date = 12/27/2006 2:40:36 AM | Attr = ]
sirenacm.dll -> %System32%\sirenacm.dll -> Microsoft Corp. [Ver = 8.1.0178.00 | Size = 51056 bytes | Modified Date = 1/19/2007 12:53:04 PM | Attr = ]
SysPr.prx -> %System32%\SysPr.prx -> [Ver = | Size = 11579596 bytes | Modified Date = 2/24/2007 9:57:48 PM | Attr = HS]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 12/28/2006 11:45:58 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49253 bytes | Modified Date = 2/12/2007 3:18:00 AM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 394160 bytes | Modified Date = 1/8/2007 2:29:54 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 157424 bytes | Modified Date = 1/8/2007 2:28:52 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 104176 bytes | Modified Date = 1/8/2007 2:28:52 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 272112 bytes | Modified Date = 1/8/2007 2:28:54 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 71408 bytes | Modified Date = 1/8/2007 2:28:54 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 472816 bytes | Modified Date = 1/8/2007 2:28:56 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 46832 bytes | Modified Date = 1/8/2007 2:28:58 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2/25/2007 5:31:54 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 83696 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 71408 bytes | Modified Date = 1/8/2007 2:29:00 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 2/9/2007 7:02:02 PM | Attr = H ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Modified Date = 1/8/2007 2:29:14 PM | Attr = ]
103C_HP_NTBK_Pavilion ZV6100 (EC373UA#ABA)_YN_0Pavi_QCND5490593_E393291001_46_I3085_SHP_V42.3B_BF.1B_T051011_WXH2_L409_M1279_J100_7AMD_8Athlon 64_90.99_#050511_N10EC8139_(EC373UA#ABA)_XMOBILE_CN10_Z10024378_2F.1B.MRK -> %System32%\drivers\103C_HP_NTBK_Pavilion ZV6100 (EC373UA#ABA)_YN_0Pavi_QCND5490593_E393291001_46_I3085_SHP_V42.3B_BF.1B_T051011_WXH2_L409_M1279_J100_7AMD_8Athlon 64_90.99_#050511_N10EC8139_(EC373UA#ABA)_XMOBILE_CN10_Z10024378_2F.1B.MRK -> [Ver = | Size = 1672 bytes | Modified Date = 2/25/2007 4:15:44 PM | Attr = RHS]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 290336 bytes | Modified Date = 1/24/2007 11:50:06 AM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 4220 bytes | Modified Date = 1/24/2007 11:28:44 AM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 4384 bytes | Modified Date = 1/24/2007 11:51:28 AM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 1412 bytes | Modified Date = 1/24/2007 11:28:44 AM | Attr = HS]
mcstrm.sys -> %System32%\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 1/20/2007 3:42:32 PM | Attr = ]
oreans32.sys -> %System32%\drivers\oreans32.sys -> [Ver = | Size = 33952 bytes | Modified Date = 2/8/2007 8:01:24 AM | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 8014 bytes | Modified Date = 12/27/2006 2:40:36 AM | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 806 bytes | Modified Date = 12/27/2006 2:40:36 AM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.3.0.14 | Size = 115000 bytes | Modified Date = 12/27/2006 2:40:36 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemDrive%\BackupRegistry(20070202).reg -> File size too big (100844734 bytes) ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\d2hackmap_v2.10_lite.zip:Zone.Identifier ->
@Alternate Data Stream - 88 bytes -> %UserDocuments%\deltemp.bat:SummaryInformation ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\deltemp.bat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\TMCBP_MoD.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\wireshark-setup-0.99.4.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\-x-50_cent_-_candy_shop.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\15.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\200549115241215.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\28670.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\385034.mp3:Zone.Identifier ->
@Alternate Data Str

#14 mictamcody2000

mictamcody2000
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Location:Lansing, Michigan
  • Local time:03:20 AM

Posted 26 February 2007 - 04:06 PM

Here's the last part:

@Alternate Data Stream - 26 bytes -> %UserDesktop%\72 - Chamillionaire - Ridin ft. Krayzie Bone.mp3:Zone.Identifier ->
FSG! , -> %UserDesktop%\72 - Chamillionaire - Ridin ft. Krayzie Bone.mp3 -> [Ver = | Size = 3973163 bytes | Modified Date = 10/19/2006 5:02:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\a18af.33a75.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\a845a.1539c.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/24/2007 8:58:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Black Eyed Peas -05- My Humps.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\bubba_sparxxx_f_ying_yang_twins_miss_new_booty_instru.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Eminem - When Im Gone.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\eminem 16 mockingbird.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\eminem-cleaning_out_my_closet.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\eminem-the_real_slim_santa.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\eye of the tiger.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\fack.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Green Day - Wake Me Up When September Ends.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\in.the.end.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ipscan.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\ipscan.exe -> Angryziber Software [Ver = 0, 0, 0, 0 | Size = 111104 bytes | Modified Date = 2/12/2007 4:28:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iTunesSetup.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\mergemodules.msi:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Ne Yo - So Sick.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Nickelback - HYRM.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Numb_Encore_Clean.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\prelisten.m3u:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SnapYaFingers.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\soul survivor.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\stan.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\vincepham+iminluvwitstripper.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Young Jock - Its Going Down drty.mp3:Zone.Identifier ->
Thawte Consulting , -> %SystemRoot%\HPBroker.dll -> [Ver = 1, 0, 0, 18 | Size = 91848 bytes | Modified Date = 11/17/2006 11:34:40 AM | Attr = ]
UPX! , UPX0 , -> %System32%\akrip32.dll -> [Ver = | Size = 32256 bytes | Modified Date = 5/3/2002 1:33:40 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\itiimg3.dll -> InterActual Technologies, Inc. [Ver = 4.0.2 | Size = 285472 bytes | Modified Date = 6/20/2005 5:11:20 PM | Attr = ]
WSUD , -> %System32%\SysPr.prx -> [Ver = | Size = 11579596 bytes | Modified Date = 2/24/2007 9:57:48 PM | Attr = HS]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedBkp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.0.108.0 | Size = 423784 bytes | Modified Date = 5/11/2004 10:56:54 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 11/19/2003 2:59:36 PM | Attr = ]

< End of report >



#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 AM

Posted 26 February 2007 - 07:16 PM

Hi mictamcody2000. I do not see any signs of viruses or malware in the log. There is a little cleanup we can do to remove some entries that are invalid so let's do that while you are here.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> OGAutoStart -> %System32%\taskmagr.exe
YN -> Startup32512 -> %System32%\taskmagr.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> AIM -> %SystemDrive%\PROGRA~1\AIM\aim.exe -cnetwait.odl
YN -> Aim6 -> %CommonProgramFiles%\AOL\Launch\AOLLaunch.exe
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> [HKLM] -> Reg Data - Key not found []
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
[ Extra Registry Entries ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here and I will check it for accuracy.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users