Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Any Analysis On This?


  • Please log in to reply
22 replies to this topic

#1 hxm

hxm

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 01 April 2007 - 06:55 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:20:22 AM, on 4/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B073034-30B8-404C-8FA2-3FFB3E8BF32D} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A7EC4924-B707-437A-AE2F-F56F7B1E3B93} - C:\WINDOWS\System32\oumofrld.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Logon (winlog) - Unknown owner - C:\WINDOWS\winlog.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:52 PM

Posted 05 April 2007 - 04:32 AM

Hello hxm and welcome to the BC HijackThis forum. Yes, something is going on in there. Let's start out with the following.

Download SDFix and save it to your desktop.

Now reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All.
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum in your next post.

Let's also see what else might be present.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Desktop Components
      Reg - Disabled MS Config Items
      Reg - Policy Settings
      File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here along with the report from SDFix. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 hxm

hxm
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 05 April 2007 - 05:13 AM

ok sir, i'll report back soon...

#4 hxm

hxm
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 05 April 2007 - 07:09 AM

FROM REPORT.TXT (SDFIX)


SDFix: Version 1.76

Run by Administrator - Thu 04/05/2007 - 19:41:34.04

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\Admin\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
winlog

ImagePath:
"C:\WINDOWS\winlog.exe"

winlog Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\ERASEM~1.EXE - Deleted
C:\WINDOWS\system32\eraseme_00817.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\TFTP2168 - Deleted
C:\WINDOWS\system32\TFTP2412 - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Admin\Desktop\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Program Files\Alwil Software\Avast4\DATA\moved\krdfdxqc.exe.vir
C:\WINDOWS\system32\Tools\All.exe
C:\WINDOWS\system32\Tools\Change.exe
C:\WINDOWS\system32\Tools\CheckPath.exe
C:\WINDOWS\system32\Tools\Counter.exe
C:\WINDOWS\system32\Tools\DelFolders.exe
C:\WINDOWS\system32\Tools\DirectSetup.exe
C:\WINDOWS\system32\Tools\RegClean.exe
C:\WINDOWS\system32\Tools\Regexe.exe
C:\WINDOWS\system32\Tools\Restart.exe
C:\WINDOWS\system32\Tools\RunRegexe.exe
C:\WINDOWS\LastGood.Tmp\INF\InstMed.inf
C:\WINDOWS\LastGood.Tmp\INF\InstMed.PNF
C:\WINDOWS\LastGood.Tmp\INF\msxmlx.inf
C:\WINDOWS\LastGood.Tmp\INF\msxmlx.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem10.inf
C:\WINDOWS\LastGood.Tmp\INF\oem10.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem15.inf
C:\WINDOWS\LastGood.Tmp\INF\oem15.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem16.inf
C:\WINDOWS\LastGood.Tmp\INF\oem16.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem17.inf
C:\WINDOWS\LastGood.Tmp\INF\oem17.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem18.inf
C:\WINDOWS\LastGood.Tmp\INF\oem18.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem19.inf
C:\WINDOWS\LastGood.Tmp\INF\oem19.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem20.inf
C:\WINDOWS\LastGood.Tmp\INF\oem20.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem21.inf
C:\WINDOWS\LastGood.Tmp\INF\oem21.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem22.inf
C:\WINDOWS\LastGood.Tmp\INF\oem22.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem23.inf
C:\WINDOWS\LastGood.Tmp\INF\oem23.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem24.inf
C:\WINDOWS\LastGood.Tmp\INF\oem24.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem25.inf
C:\WINDOWS\LastGood.Tmp\INF\oem25.PNF
C:\WINDOWS\LastGood.Tmp\INF\VidCtrl2.inf
C:\WINDOWS\LastGood.Tmp\INF\VidCtrl2.PNF
C:\WINDOWS\LastGood.Tmp\INF\wmad.inf
C:\WINDOWS\LastGood.Tmp\INF\wmad.PNF

Finished


_______________________________________________________________

Sir regarding the winpfind.exe

Do i need to do that in safe mode?

Should i set the 4 basic scan options to all?

I did try this..

* Close ALL OTHER PROGRAMS.
* Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
* Under Additional Scans click the checkboxes in front of the following items to select them:
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - Policy Settings
File - Additional Folder Scans
* Now click the Run Scan button on the toolbar.
* Let it run unhindered until it finishes.
* When the scan is complete Notepad will open with the report file loaded in it.
* Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


But it doesn't respond, even at Safe mode... but when set all of the basic scans to all, it responded..

i've also tried to select all of the additional scans and Paste those fix, and run the RUN FIX...

it did'nt respond, compare to RUN SCAN with all the basic scan set to all


what will be the proper procedures sir?

#5 hxm

hxm
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 05 April 2007 - 07:11 AM

in case you need this...( run scan without checking the additional scans and setting the basic scans to all)

WinPFind3 logfile created on: 4/5/2007 8:32:43 PM
WinPFind3U by OldTimer - Version 1.0.33 Folder = C:\Documents and Settings\Admin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

255.48 Mb Total Physical Memory | 85.14 Mb Available Physical Memory | 33.33% Memory free
618.34 Mb Paging File | 388.93 Mb Available in Paging File | 62.90% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 11.62 Gb Free Space | 31.17% Space Free
D: Drive not present or media not loaded
Drive E: | 559.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: ADMIN-YQHFZXDZP
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - All]
smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 45568 bytes | Modified Date = 8/29/2002 3:41:28 AM | Attr = ]
csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4096 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.1557 (xpsp2_gdr.040517-1325) | Size = 483328 bytes | Modified Date = 5/26/2004 6:38:46 PM | Attr = ]
services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 101376 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 8/29/2002 3:41:26 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.1675 (xpsp2.050427-1558) | Size = 275456 bytes | Modified Date = 4/28/2005 12:33:54 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 156672 bytes | Modified Date = 8/29/2002 3:40:48 AM | Attr = ]
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 38912 bytes | Modified Date = 8/29/2002 3:40:50 AM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.1569 (xpsp2_gdr.040517-1325) | Size = 361984 bytes | Modified Date = 7/1/2004 3:08:18 PM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 49152 bytes | Modified Date = 8/29/2002 3:40:50 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 53248 bytes | Modified Date = 8/29/2002 3:40:50 AM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 99840 bytes | Modified Date = 8/29/2002 3:40:50 AM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 21504 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 19456 bytes | Modified Date = 8/29/2002 3:40:52 AM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.53 | Size = 226816 bytes | Modified Date = 3/5/2004 7:16:12 PM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 116224 bytes | Modified Date = 8/29/2002 3:41:12 AM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\irmon.dll [Irmon] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 78336 bytes | Modified Date = 8/29/2002 3:40:58 AM | Attr = ]
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 87040 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.1309 (xpsp2.031013-2110) | Size = 119808 bytes | Modified Date = 10/21/2003 4:06:42 PM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.1309 (xpsp2.031013-2110) | Size = 32256 bytes | Modified Date = 10/21/2003 4:06:42 PM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 154112 bytes | Modified Date = 8/29/2002 3:41:08 AM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.1106 | Size = 392704 bytes | Modified Date = 8/29/2002 3:41:08 AM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 82944 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 158720 bytes | Modified Date = 8/29/2002 3:41:10 AM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.1564 (xpsp2_gdr.040517-1325) | Size = 172544 bytes | Modified Date = 12/28/2005 10:09:26 AM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 20992 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 36352 bytes | Modified Date = 8/29/2002 3:41:12 AM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.1364 (xpsp2.040109-1800) | Size = 439808 bytes | Modified Date = 3/29/2004 6:48:36 PM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 116224 bytes | Modified Date = 8/29/2002 3:41:12 AM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 158720 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 233984 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 200192 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 200192 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 116224 bytes | Modified Date = 8/29/2002 3:41:12 AM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 81920 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [uploadmgr] -> File not found
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 165376 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 101376 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
-> %System32%\mspmspsv.dll [WmdmPmSp] -> Microsoft Corporation [Ver = 8.0.1.20 | Size = 47104 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\advapi32.dll [Wmi] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 558080 bytes | Modified Date = 8/29/2002 3:40:48 AM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3630.1106 (xpsp1.020828-1920) | Size = 9216 bytes | Modified Date = 8/29/2002 3:41:20 AM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 264704 bytes | Modified Date = 8/29/2002 3:41:20 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 44032 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 15872 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12288 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\regsvc.dll [RemoteRegistry] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 51712 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 43008 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 164864 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 61952 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1004032 bytes | Modified Date = 8/29/2002 3:41:24 AM | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 51200 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 41984 bytes | Modified Date = 8/29/2002 3:41:20 AM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 1/15/2007 10:18:24 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 10:28:52 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
cmdagent.exe -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 4/4/2007 8:57:58 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 127043 bytes | Modified Date = 10/29/2004 1:50:00 AM | Attr = ]
pv92tray.exe -> %System32%\PV92Tray.exe -> PCtel Inc. [Ver = 12, 300, 22, 0 | Size = 323584 bytes | Modified Date = 11/26/2003 6:11:42 AM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 10:28:58 AM | Attr = ]
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 2:51:48 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
cpf.exe -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 4/4/2007 8:57:58 AM | Attr = ]
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> Microsoft Corporation [Ver = 4.7.0041 | Size = 1511453 bytes | Modified Date = 8/29/2002 3:41:26 AM | Attr = ]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 11/11/2004 1:39:36 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
-> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 316416 bytes | Modified Date = 8/29/2002 3:41:18 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 10:27:52 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 10:28:32 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]
avast.setup -> %ProgramFiles%\Alwil Software\Avast4\setup\avast.set -> File not found

[Win32 Services - All]
(Alerter) Alerter [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 41984 bytes | Modified Date = 8/29/2002 3:41:20 AM | Attr = ]
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 1/15/2007 10:18:24 AM | Attr = ]
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 10:28:52 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 10:28:32 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 10:27:52 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Browser) Computer Browser [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(cisvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 5120 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(ClipSrv) ClipBook [Win32_Own | On_Demand | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 30720 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 4/4/2007 8:57:58 AM | Attr = ]
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4608 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 101376 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 123904 bytes | Modified Date = 8/29/2002 3:41:26 AM | Attr = ]
(Irmon) Infrared Monitor [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> File not found
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 4.4.3400 | Size = 32768 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.42 | Size = 6144 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 5/4/2005 3:45:36 PM | Attr = ]
(NetDDE) Network DDE [Win32_Shared | On_Demand | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.1567 (xpsp2_gdr.040517-1325) | Size = 107008 bytes | Modified Date = 6/16/2004 11:32:52 AM | Attr = ]
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | On_Demand | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.1567 (xpsp2_gdr.040517-1325) | Size = 107008 bytes | Modified Date = 6/16/2004 11:32:52 AM | Attr = ]
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 8/29/2002 3:41:26 AM | Attr = ]
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 8/29/2002 3:41:26 AM | Attr = ]
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 127043 bytes | Modified Date = 10/29/2004 1:50:00 AM | Attr = ]
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 101376 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 8/29/2002 3:41:26 AM | Attr = ]
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 8/29/2002 3:41:26 AM | Attr = ]
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 129024 bytes | Modified Date = 8/29/2002 3:41:28 AM | Attr = ]
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(RemoteRegistry) Remote Registry [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.1147 (xpsp2.021108-1929) | Size = 68608 bytes | Modified Date = 12/3/2002 7:50:10 PM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Modified Date = 8/29/2002 3:41:26 AM | Attr = ]
(SCardDrv) Smart Card Helper [Win32_Shared | Disabled | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 93184 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | Disabled | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 93184 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(SharedAccess) Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 51200 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 2:51:48 AM | Attr = ]
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4608 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 82944 bytes | Modified Date = 8/29/2002 3:41:28 AM | Attr = ]
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(TlntSvr) Telnet [Win32_Own | On_Demand | Stopped] -> %System32%\tlntsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 67584 bytes | Modified Date = 8/29/2002 3:41:28 AM | Attr = ]
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(uploadmgr) Upload Manager [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 16384 bytes | Modified Date = 8/29/2002 3:41:28 AM | Attr = ]
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 275456 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(WmdmPmSp) Portable Media Serial Number [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 117248 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]

[Driver Services - All]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.892.0 | Size = 31560 bytes | Modified Date = 12/20/2006 4:51:58 PM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 179328 bytes | Modified Date = 8/29/2002 1:09:06 AM | Attr = ]
(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %System32%\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.1095 built by: xpsp1 | Size = 142208 bytes | Modified Date = 8/28/2002 11:16:38 PM | Attr = ]
(AFD) AFD Networking Support Environment [Kernel | Auto | Running] -> %System32%\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 131968 bytes | Modified Date = 8/29/2002 2:01:14 AM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.892.0 | Size = 94424 bytes | Modified Date = 12/20/2006 4:56:00 PM | Attr = ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.936.0 | Size = 23352 bytes | Modified Date = 1/15/2007 10:26:08 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.936.0 | Size = 43176 bytes | Modified Date = 1/15/2007 10:25:24 AM | Attr = ]
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 13568 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86912 bytes | Modified Date = 8/29/2002 1:27:50 AM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 57216 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 8/17/2001 6:59:44 AM | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 4096 bytes | Modified Date = 9/28/2006 7:13:34 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 9/5/2006 9:03:16 AM | Attr = ]
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(CCDECODE) Closed Caption Decoder [Kernel | On_Demand | Stopped] -> %System32%\drivers\ccdecode.sys -> Microsoft Corporation [Ver = 5.3.0000000.900 built by: DIRECTX | Size = 16384 bytes | Modified Date = 7/9/2004 5:26:38 AM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 59648 bytes | Modified Date = 8/29/2002 1:58:52 AM | Attr = ]
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 47488 bytes | Modified Date = 8/29/2002 1:27:56 AM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(CmdMon) Comodo Application Engine [Kernel | System | Running] -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Modified Date = 4/4/2007 8:58:00 AM | Attr = ]
(cmuda) C-Media WDM Audio Interface [Kernel | On_Demand | Running] -> %System32%\drivers\cmuda.sys -> C-Media Inc [Ver = 5.12.01.0039.3 (36) | Size = 755392 bytes | Modified Date = 11/6/2003 12:59:58 AM | Attr = ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 33792 bytes | Modified Date = 8/29/2002 1:27:58 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\DMusic.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 50048 bytes | Modified Date = 8/17/2001 2:59:58 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 2816 bytes | Modified Date = 8/29/2002 1:32:34 AM | Attr = ]
(Fastfat) Fastfat [File_System | Disabled | Stopped] -> %System32%\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 145152 bytes | Modified Date = 8/29/2002 2:12:46 AM | Attr = ]
(Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 26240 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 8/17/2001 5:13:08 AM | Attr = ]
(FETNDISB) VIA Rhine Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %System32%\drivers\fetnd5b.sys -> VIA Technologies, Inc. [Ver = 3.13.00.0348 | Size = 40960 bytes | Modified Date = 10/28/2002 11:20:30 PM | Attr = R ]
(Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %System32%\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 19712 bytes | Modified Date = 8/29/2002 1:27:44 AM | Attr = ]
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %System32%\drivers\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 33792 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(hidusb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> %System32%\drivers\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] -> -> File not found
(hwinterface) hwinterface [Kernel | System | Running] -> %System32%\drivers\hwinterface.sys -> Logix4u [Ver = 5.00.2195.1620 | Size = 3026 bytes | Modified Date = 2/3/2005 8:25:14 AM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\drivers\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 51072 bytes | Modified Date = 8/29/2002 2:06:38 AM | Attr = ]
(Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %System32%\drivers\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 39808 bytes | Modified Date = 8/29/2002 1:28:08 AM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(Inspect) Comodo Network Engine [Kernel | Boot | Running] -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 4/4/2007 8:58:00 AM | Attr = ]
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 19584 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %System32%\drivers\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 79488 bytes | Modified Date = 8/29/2002 1:36:14 AM | Attr = ]
(IPSec) IPSEC driver [Kernel | System | Running] -> %System32%\drivers\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 57984 bytes | Modified Date = 8/29/2002 2:07:22 AM | Attr = ]
(irda) IrDA Protocol [Kernel | Auto | Running] -> %System32%\drivers\irda.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 55296 bytes | Modified Date = 8/17/2001 2:51:36 PM | Attr = ]
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Running] -> %System32%\drivers\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 10496 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Running] -> %System32%\drivers\irsir.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18688 bytes | Modified Date = 8/17/2001 2:51:32 PM | Attr = ]
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\isapnp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Modified Date = 8/17/2001 2:58:02 PM | Attr = ]
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\drivers\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 23424 bytes | Modified Date = 8/29/2002 1:27:02 AM | Attr = ]
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Running] -> %System32%\drivers\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 159360 bytes | Modified Date = 8/29/2002 1:32:30 AM | Attr = ]
(KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 79744 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 8.4.6.1016 | Size = 22016 bytes | Modified Date = 1/31/2005 3:12:46 AM | Attr = R ]
(mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\mnmdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Modem) Modem [Kernel | On_Demand | Running] -> %System32%\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %System32%\drivers\MODEMCSA.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16128 bytes | Modified Date = 8/17/2001 2:57:38 PM | Attr = ]
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\drivers\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 22016 bytes | Modified Date = 8/29/2002 1:27:02 AM | Attr = ]
(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mouhid.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> %System32%\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 37504 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %System32%\drivers\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 172672 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\drivers\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.1143 (xpsp2.021108-1929) | Size = 392576 bytes | Modified Date = 11/18/2002 12:27:40 PM | Attr = ]
(Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18048 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mskssrv.sys -> Microsoft Corporation [Ver = 5.3.0000000.900 built by: DIRECTX | Size = 7424 bytes | Modified Date = 12/12/2002 1:14:32 AM | Attr = ]
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspclock.sys -> Microsoft Corporation [Ver = 5.3.0000000.900 built by: DIRECTX | Size = 5248 bytes | Modified Date = 12/12/2002 1:14:32 AM | Attr = ]
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspqm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4608 bytes | Modified Date = 8/23/2001 6:00:00 AM | Attr = ]
(MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [Kernel | On_Demand | Stopped] -> %System32%\drivers\mstee.sys -> Microsoft Corporation [Ver = 5.3.0000000.900 built by: DIRECTX | Size = 5504 bytes | Modified Date = 12/12/2002 1:14:32 AM | Attr = ]
(Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 104064 bytes | Modified Date = 8/29/2002 2:12:54 AM | Attr = ]
(NABTSFEC) NABTS/FEC VBI Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\nabtsfec.sys -> Microsoft Corporation [Ver = 5.3.0000000.900 built by: DIRECTX | Size = 83968 bytes | Modified Date = 7/9/2004 5:26:38 AM | Attr = ]
(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 167552 bytes | Modified Date = 8/29/2002 2:09:26 AM | Attr = ]
(NdisIP) Microsoft TV/Video Connection [Kernel | On_Demand | Stopped] -> %System32%\drivers\ndisip.sys -> Microsoft Corporation [Ver = 5.3.0000000.900 built by: DIRECTX | Size = 10112 bytes | Modified Date = 7/9/2004 5:26:38 AM | Attr = ]
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndistapi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 12288 bytes | Modified Date = 8/29/2002 1:35:42 AM | Attr = ]
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 87552 bytes | Modified Date = 8/29/2002 1:58:40 AM | Attr = ]
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\ndproxy.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %System32%\drivers\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 33152 bytes | Modified Date = 8/29/2002 1:35:46 AM | Attr = ]
(NetBT) NetBT [Kernel | System | Running] -> %System32%\drivers\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.1243 (xpsp2.030702-2125) | Size = 149248 bytes | Modified Date = 7/8/2003 5:48:54 PM | Attr = ]
(Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 29568 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Ntfs) Ntfs [File_System | Disabled | Running] -> %System32%\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 561920 bytes | Modified Date = 8/29/2002 2:13:40 AM | Attr = ]
(Null) Null [Kernel | System | Running] -> %System32%\drivers\null.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 2826944 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ]
(nv4) nv4 [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4.sys -> NVIDIA Corporation [Ver = 5.01.2001.1240 (ReleasedBinaries.010717-0141) | Size = 731648 bytes | Modified Date = 8/17/2001 5:50:26 AM | Attr = ]
(nvcap) nVidia WDM Video Capture (universal) [Kernel | Auto | Stopped] -> System32\DRIVERS\nvcap.sys -> File not found
(NVXBAR) nVidia WDM A/V Crossbar [Kernel | Auto | Stopped] -> System32\DRIVERS\NVxbar.sys -> File not found
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Parport) Parallel port driver [Kernel | On_Demand | Running] -> %System32%\drivers\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 76032 bytes | Modified Date = 8/29/2002 1:27:32 AM | Attr = ]
(PartMgr) Partition Manager [Kernel | Boot | Running] -> %System32%\drivers\partmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(ParVdm) ParVdm [Kernel | Auto | Running] -> %System32%\drivers\parvdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6784 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 62976 bytes | Modified Date = 8/29/2002 1:09:12 AM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found
(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %System32%\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 115712 bytes | Modified Date = 8/29/2002 1:09:12 AM | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PID_0928) Logitech QuickCam Express(PID_0928) [Kernel | On_Demand | Running] -> %System32%\drivers\LV561AV.SYS -> Logitech Inc. [Ver = 8.4.6.1016 | Size = 211712 bytes | Modified Date = 1/31/2005 3:20:04 AM | Attr = R ]
(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %System32%\drivers\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.1129 (xpsp2.020921-0842) | Size = 46208 bytes | Modified Date = 10/1/2002 6:52:30 PM | Attr = ]
(Processor) Processor Driver [Kernel | System | Running] -> %System32%\drivers\processr.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 30592 bytes | Modified Date = 8/29/2002 1:05:06 AM | Attr = ]
(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %System32%\drivers\psched.sys -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 66048 bytes | Modified Date = 8/29/2002 1:35:56 AM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(Ptserial) W2K Pctel Serial Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptserial.sys -> PCTEL, INC. [Ver = 12.0300.0024 | Size = 356159 bytes | Modified Date = 11/26/2003 6:11:16 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disab

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:52 PM

Posted 05 April 2007 - 03:52 PM

Hi hxm. No, I don't want the All options selected. Start the program and only select the items I listed above. Do not change any other settings.

The Additional Folders scan will be scanning a large amount of data. It could take 30 minutes or more depending on your system. Let the program run. You will see the current activity in the status bar at the bottom of the program window.

When the scan is finished post the log file back here. After you post, if the last line in the post is not < End of Report > then you will need to go back to the log and start at the last line displayed in the post and copy the rest of the log in a 2nd (or 3rd) post.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 hxm

hxm
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 05 April 2007 - 07:30 PM

ok sir, i'll do that...thanks

#8 hxm

hxm
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 05 April 2007 - 11:11 PM

the software doen't respond when i'm doing the run scan (with those 4 additional scan) unlike with doing run scan with All options selected...

the run scan stocks at scanning MSconfig... and the red LED of my PC doesn't
blinks....

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:52 PM

Posted 06 April 2007 - 04:49 AM

Hi hxm. Leave the option for Reg - Disabled MS Config Items unchecked then. That key might be damaged or corrupted and we can try and get that information out manually later. Set everything else as I specified above.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 hxm

hxm
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 06 April 2007 - 06:25 AM

copy sir(with hand salute)

#11 hxm

hxm
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 06 April 2007 - 07:06 AM

THIS IS AN UPDATES FOR HIJACKTHIS, SDFIX AND WINPFIND3U:

Logfile of HijackThis v1.99.1
Scan saved at 8:53:44 PM, on 4/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B073034-30B8-404C-8FA2-3FFB3E8BF32D} - (no file)
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A7EC4924-B707-437A-AE2F-F56F7B1E3B93} - C:\WINDOWS\System32\oumofrld.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4409A9B3-030F-4AFB-B214-9DA6C4FF0770}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



FOR SDFIX:


SDFix: Version 1.76

Run by Admin - Fri 04/06/2007 - 20:57:25.68

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\Admin\Desktop\SDFix

Safe Mode:
Checking Services:





Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"


Remaining Files:
---------------


Checking For Files with Hidden Attributes :

C:\Program Files\Alwil Software\Avast4\DATA\moved\krdfdxqc.exe.vir
C:\WINDOWS\system32\Tools\All.exe
C:\WINDOWS\system32\Tools\Change.exe
C:\WINDOWS\system32\Tools\CheckPath.exe
C:\WINDOWS\system32\Tools\Counter.exe
C:\WINDOWS\system32\Tools\DelFolders.exe
C:\WINDOWS\system32\Tools\DirectSetup.exe
C:\WINDOWS\system32\Tools\RegClean.exe
C:\WINDOWS\system32\Tools\Regexe.exe
C:\WINDOWS\system32\Tools\Restart.exe
C:\WINDOWS\system32\Tools\RunRegexe.exe

Finished


AND FOR WinPFind3u:

WinPFind3 logfile created on: 4/6/2007 8:41:50 PM
WinPFind3U by OldTimer - Version 1.0.33 Folder = C:\Documents and Settings\Admin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

255.48 Mb Total Physical Memory | 88.89 Mb Available Physical Memory | 34.79% Memory free
618.28 Mb Paging File | 343.56 Mb Available in Paging File | 55.57% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.33 Gb Free Space | 27.73% Space Free
D: Drive not present or media not loaded
Drive E: | 559.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: ADMIN-YQHFZXDZP
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 10:28:58 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 10:28:32 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 10:28:52 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 10:27:52 AM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 1/15/2007 10:18:24 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
cmdagent.exe -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 4/4/2007 8:57:58 AM | Attr = ]
cpf.exe -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 4/4/2007 8:57:58 AM | Attr = ]
getright.exe -> %ProgramFiles%\GetRight\getright.exe -> Headlight Software, Inc. [Ver = 6.2a | Size = 3781960 bytes | Modified Date = 3/12/2007 4:35:24 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 11/11/2004 1:39:36 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2/10/2006 11:15:28 PM | Attr = ]
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 2:51:48 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> [Ver = | Size = 90112 bytes | Modified Date = 12/8/2005 2:55:10 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 1/15/2007 10:18:24 AM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 10:28:52 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 10:28:32 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 10:27:52 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 4/4/2007 8:57:58 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 2:51:48 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 10:28:58 AM | Attr = ]
Cmaudio -> cmicnfg.CPL -> File not found
COMODO Firewall Pro -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 4/4/2007 8:57:58 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1622016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
PV92TRAY -> %System32%\PV92Tray.exe -> PCtel Inc. [Ver = 12, 300, 22, 0 | Size = 323584 bytes | Modified Date = 11/26/2003 6:11:42 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2/10/2006 11:15:28 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 11/11/2004 1:39:36 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe -> [Ver = | Size = 3096576 bytes | Modified Date = 12/8/2005 2:55:10 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ]
%AllUsersStartup%\GetRight - Tray Icon.lnk -> %ProgramFiles%\GetRight\getright.exe -> Headlight Software, Inc. [Ver = 6.2a | Size = 3781960 bytes | Modified Date = 3/12/2007 4:35:24 PM | Attr = ]
%AllUsersStartup%\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 11/11/2004 1:39:36 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 7:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [Yahoo! Companion BHO] -> Yahoo! Inc. [Ver = 2005, 4, 22, 1 | Size = 333464 bytes | Modified Date = 5/11/2005 1:18:18 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 9:38:22 PM | Attr = ]
{0B073034-30B8-404C-8FA2-3FFB3E8BF32D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKLM] -> %ProgramFiles%\GetRight\xx2gr.dll [GetRight IE Download Helper] -> Headlight Software, Inc. [Ver = 6.1a | Size = 247112 bytes | Modified Date = 1/4/2007 11:57:18 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
{57E218E6-5A80-4f0c-AB25-83598F25D7E9} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{A7EC4924-B707-437A-AE2F-F56F7B1E3B93} [HKLM] -> %System32%\oumofrld.dll [Reg Data - Value does not exist] -> [Ver = | Size = 132116 bytes | Modified Date = 11/11/2004 3:51:12 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 6, 30, 1 | Size = 316552 bytes | Modified Date = 12/27/2005 7:40:58 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 6, 30, 1 | Size = 316552 bytes | Modified Date = 12/27/2005 7:40:58 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 3:40:12 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 4, 22, 1 | Size = 333464 bytes | Modified Date = 5/11/2005 1:18:18 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 4, 22, 1 | Size = 333464 bytes | Modified Date = 5/11/2005 1:18:18 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Download with GetRight -> %ProgramFiles%\GetRight\GRdownload.htm -> [Ver = | Size = 994 bytes | Modified Date = 3/29/2006 3:35:14 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Open with GetRight Browser -> %ProgramFiles%\GetRight\GRBrowse.htm -> [Ver = | Size = 977 bytes | Modified Date = 3/29/2006 3:35:14 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{4409A9B3-030F-4AFB-B214-9DA6C4FF0770} -> 4.2.2.1,4.2.2.2 (VIA Rhine II Fast Ethernet Adapter) ->
{E4683583-EBF8-44E2-8352-951B11108C0F} -> () ->
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
bwfile-8876480 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 11/11/2004 1:39:36 AM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 3:40:12 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = ->
0 -> Source = file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg ->
0 -> SubscribedURL = file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg ->
1 -> [Key] ->
1 -> FriendlyName = My Current Home Page ->
1 -> Source = About:Home ->
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. -> ->


[Files/Folders - Created Within 30 days]
881cd18d99922412e9 -> %SystemDrive%\881cd18d99922412e9 -> [Folder | Created Date = 4/1/2007 7:52:50 AM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 4/6/2007 1:07:21 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267964416 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/1/2007 5:04:09 AM | Attr = ]
$NtUninstallKB894391$ -> %SystemRoot%\$NtUninstallKB894391$ -> [Folder | Created Date = 4/1/2007 8:04:31 AM | Attr = H ]
003978_.tmp -> %SystemRoot%\003978_.tmp -> [Ver = | Size = 19528 bytes | Created Date = 4/6/2007 6:34:15 PM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Created Date = 4/6/2007 9:10:50 AM | Attr = ]
peernet -> %SystemRoot%\peernet -> [Folder | Created Date = 4/6/2007 6:48:42 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 4/6/2007 7:06:33 PM | Attr = ]
provisioning -> %SystemRoot%\provisioning -> [Folder | Created Date = 4/6/2007 6:48:37 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/30/2007 10:45:32 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/30/2007 10:45:32 PM | Attr = H ]
twain_32.dll -> %SystemRoot%\twain_32.dll -> Twain Working Group [Ver = 1,7,1,0 | Size = 46592 bytes | Created Date = 4/6/2007 6:29:42 PM | Attr = ]
amstream.dll -> %System32%\amstream.dll -> [Ver = | Size = 64512 bytes | Created Date = 4/6/2007 6:29:37 PM | Attr = ]
ati2dvaa.dll -> %System32%\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 4/6/2007 6:31:02 PM | Attr = ]
ati2dvag.dll -> %System32%\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 202496 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati3d1ag.dll -> %System32%\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.13.10.3338 | Size = 844675 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati3d2ag.dll -> %System32%\ati3d2ag.dll -> ATI Technologies Inc. [Ver = 6.13.10.3338 | Size = 921475 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
ativdaxx.ax -> %System32%\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12831 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
ativmvxx.ax -> %System32%\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 31263 bytes | Created Date = 4/6/2007 6:30:58 PM | Attr = ]
atmfd.dll -> %System32%\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 225 | Size = 272768 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
atmlib.dll -> %System32%\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 225 | Size = 27136 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
compatui.dll -> %System32%\compatui.dll -> [Ver = 1, 0, 0, 1 | Size = 238592 bytes | Created Date = 4/6/2007 6:29:31 PM | Attr = ]
dcache.bin -> %System32%\dcache.bin -> [Ver = | Size = 1740 bytes | Created Date = 4/6/2007 6:29:26 PM | Attr = ]
defrag.exe -> %System32%\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 70656 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
devenum.dll -> %System32%\devenum.dll -> [Ver = | Size = 132608 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgfat.exe -> %System32%\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 76288 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgntfs.exe -> %System32%\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 99328 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgsnap.dll -> %System32%\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 35328 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgui.dll -> %System32%\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 113152 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dgnet.dll -> %System32%\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 103424 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dmadmin.exe -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Created Date = 4/6/2007 6:29:24 PM | Attr = ]
dmdskmgr.dll -> %System32%\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 184320 bytes | Created Date = 4/6/2007 6:29:24 PM | Attr = ]
dmremote.exe -> %System32%\dmremote.exe -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 14336 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dmserver.dll -> %System32%\dmserver.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 21504 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dmutil.dll -> %System32%\dmutil.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 50688 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dosx.exe -> %System32%\dosx.exe -> [Ver = | Size = 53840 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dxmasf.dll -> %System32%\dxmasf.dll -> [Ver = | Size = 498205 bytes | Created Date = 4/6/2007 6:29:17 PM | Attr = ]
encdec.dll -> %System32%\encdec.dll -> [Ver = | Size = 155648 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 489984 bytes | Created Date = 4/6/2007 6:27:56 PM | Attr = ]
iac25_32.ax -> %System32%\iac25_32.ax -> Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Created Date = 4/6/2007 6:32:40 PM | Attr = ]
iccvid.dll -> %System32%\iccvid.dll -> Radius Inc. [Ver = 1.10.0.6 | Size = 110592 bytes | Created Date = 4/6/2007 6:29:13 PM | Attr = ]
ieuinit.inf -> %System32%\ieuinit.inf -> [Ver = | Size = 19514 bytes | Created Date = 4/6/2007 6:29:12 PM | Attr = ]
instcat.sql -> %System32%\instcat.sql -> [Ver = | Size = 766934 bytes | Created Date = 4/6/2007 6:29:09 PM | Attr = ]
ir41_32.ax -> %System32%\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Created Date = 4/6/2007 6:32:40 PM | Attr = ]
ir41_qc.dll -> %System32%\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Created Date = 4/6/2007 6:32:40 PM | Attr = ]
ir41_qcx.dll -> %System32%\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
ir50_32.dll -> %System32%\ir50_32.dll -> Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
ir50_qc.dll -> %System32%\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
ir50_qcx.dll -> %System32%\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 4/6/2007 6:29:08 PM | Attr = ]
ivfsrc.ax -> %System32%\ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/4/2007 12:43:58 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/4/2007 12:43:58 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/4/2007 12:43:58 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/4/2007 12:43:58 PM | Attr = ]
l3codeca.acm -> %System32%\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Created Date = 4/6/2007 6:29:06 PM | Attr = ]
mciqtz32.dll -> %System32%\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 4/6/2007 6:29:04 PM | Attr = ]
mpeg2data.ax -> %System32%\mpeg2data.ax -> [Ver = | Size = 57856 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
mpg2splt.ax -> %System32%\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 4/6/2007 6:29:00 PM | Attr = ]
msdmo.dll -> %System32%\msdmo.dll -> [Ver = | Size = 13312 bytes | Created Date = 4/6/2007 6:28:58 PM | Attr = ]
msdvbnp.ax -> %System32%\msdvbnp.ax -> [Ver = | Size = 52224 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msdxm.ocx -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msdxmlc.dll -> %System32%\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 88566 bytes | Created Date = 4/6/2007 9:10:52 AM | Attr = ]
nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17056 bytes | Created Date = 4/6/2007 9:10:50 AM | Attr = ]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 208896 bytes | Created Date = 4/6/2007 9:09:55 AM | Attr = ]
odbcconf.rsp -> %System32%\odbcconf.rsp -> [Ver = | Size = 4294 bytes | Created Date = 4/6/2007 6:28:39 PM | Attr = ]
proctexe.ocx -> %System32%\proctexe.ocx -> Intel Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 75776 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
psisdecd.dll -> %System32%\psisdecd.dll -> [Ver = | Size = 354816 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
psisrndr.ax -> %System32%\psisrndr.ax -> [Ver = | Size = 30208 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
qcap.dll -> %System32%\qcap.dll -> [Ver = | Size = 257024 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qdv.dll -> %System32%\qdv.dll -> [Ver = | Size = 316928 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qdvd.dll -> %System32%\qdvd.dll -> [Ver = | Size = 470528 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qedit.dll -> %System32%\qedit.dll -> [Ver = | Size = 1798144 bytes | Created Date = 4/6/2007 6:28:33 PM | Attr = ]
qedwipes.dll -> %System32%\qedwipes.dll -> [Ver = | Size = 733184 bytes | Created Date = 4/6/2007 6:28:33 PM | Attr = ]
quartz.dll -> %System32%\quartz.dll -> [Ver = | Size = 1962496 bytes | Created Date = 4/6/2007 6:28:32 PM | Attr = ]
redir.exe -> %System32%\redir.exe -> [Ver = | Size = 3338 bytes | Created Date = 4/6/2007 6:28:30 PM | Attr = ]
regwizc.dll -> %System32%\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 387584 bytes | Created Date = 4/6/2007 6:28:30 PM | Attr = ]
sbe.dll -> %System32%\sbe.dll -> [Ver = | Size = 218112 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
SET1FD.tmp -> %System32%\SET1FD.tmp -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Created Date = 4/6/2007 6:37:01 PM | Attr = ]
SET349.tmp -> %System32%\SET349.tmp -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Created Date = 4/6/2007 6:38:30 PM | Attr = ]
SET3E1.tmp -> %System32%\SET3E1.tmp -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Created Date = 4/6/2007 6:39:04 PM | Attr = ]
slbcsp.dll -> %System32%\slbcsp.dll -> Schlumberger Technology Corporation [Ver = 5.1.2518.0 (main.010714-2114) | Size = 276480 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
slbiop.dll -> %System32%\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2518.0 (main.010714-2114) | Size = 89600 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
sl_anet.acm -> %System32%\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
t2embed.dll -> %System32%\t2embed.dll -> Microsoft Corp. [Ver = 0, 2, 0, 81 | Size = 198656 bytes | Created Date = 4/6/2007 6:28:15 PM | Attr = ]
tcpmon.ini -> %System32%\tcpmon.ini -> [Ver = | Size = 45672 bytes | Created Date = 4/6/2007 6:28:14 PM | Attr = ]
webfldrs.msi -> %System32%\webfldrs.msi -> [Ver = | Size = 1325568 bytes | Created Date = 4/6/2007 6:28:09 PM | Attr = ]
amstream.dll -> %System32%\dllcache\amstream.dll -> [Ver = | Size = 64512 bytes | Created Date = 4/6/2007 6:29:37 PM | Attr = ]
apphelp.sdb -> %System32%\dllcache\apphelp.sdb -> [Ver = | Size = 203454 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
ati2dvaa.dll -> %System32%\dllcache\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 4/6/2007 6:31:02 PM | Attr = ]
ati2dvag.dll -> %System32%\dllcache\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 202496 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati2mtaa.sys -> %System32%\dllcache\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati2mtag.sys -> %System32%\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 450176 bytes | Created Date = 4/6/2007 6:30:59 PM | Attr = ]
ati3d1ag.dll -> %System32%\dllcache\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.13.10.3338 | Size = 844675 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati3d2ag.dll -> %System32%\dllcache\ati3d2ag.dll -> ATI Technologies Inc. [Ver = 6.13.10.3338 | Size = 921475 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
atinbtxx.sys -> %System32%\dllcache\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56591 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
atinmdxx.sys -> %System32%\dllcache\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 4/6/2007 6:31:02 PM | Attr = ]
atinpdxx.sys -> %System32%\dllcache\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
atinraxx.sys -> %System32%\dllcache\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
atinrvxx.sys -> %System32%\dllcache\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinsnxx.sys -> %System32%\dllcache\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinttxx.sys -> %System32%\dllcache\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
atintuxx.sys -> %System32%\dllcache\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 4/6/2007 6:30:58 PM | Attr = ]
atinxbxx.sys -> %System32%\dllcache\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinxsxx.sys -> %System32%\dllcache\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ativdaxx.ax -> %System32%\dllcache\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12831 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
ativmvxx.ax -> %System32%\dllcache\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 31263 bytes | Created Date = 4/6/2007 6:30:58 PM | Attr = ]
atmfd.dll -> %System32%\dllcache\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 225 | Size = 272768 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
atmlib.dll -> %System32%\dllcache\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 225 | Size = 27136 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
compatui.dll -> %System32%\dllcache\compatui.dll -> [Ver = 1, 0, 0, 1 | Size = 238592 bytes | Created Date = 4/6/2007 6:29:31 PM | Attr = ]
defrag.exe -> %System32%\dllcache\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 70656 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
devenum.dll -> %System32%\dllcache\devenum.dll -> [Ver = | Size = 132608 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgfat.exe -> %System32%\dllcache\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 76288 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgntfs.exe -> %System32%\dllcache\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 99328 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgsnap.dll -> %System32%\dllcache\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 35328 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgui.dll -> %System32%\dllcache\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 113152 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dgnet.dll -> %System32%\dllcache\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 103424 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dmadmin.exe -> %System32%\dllcache\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Created Date = 4/6/2007 6:29:24 PM | Attr = ]
dmboot.sys -> %System32%\dllcache\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Created Date = 4/6/2007 6:27:47 PM | Attr = ]
dmdskmgr.dll -> %System32%\dllcache\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 184320 bytes | Created Date = 4/6/2007 6:29:24 PM | Attr = ]
dmio.sys -> %System32%\dllcache\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Created Date = 4/6/2007 6:27:47 PM | Attr = ]
dmremote.exe -> %System32%\dllcache\dmremote.exe -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 14336 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dmserver.dll -> %System32%\dllcache\dmserver.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 21504 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dmutil.dll -> %System32%\dllcache\dmutil.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 50688 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dosx.exe -> %System32%\dllcache\dosx.exe -> [Ver = | Size = 53840 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
drvmain.sdb -> %System32%\dllcache\drvmain.sdb -> [Ver = | Size = 8514 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
dxmasf.dll -> %System32%\dllcache\dxmasf.dll -> [Ver = | Size = 498205 bytes | Created Date = 4/6/2007 6:29:17 PM | Attr = ]
encdec.dll -> %System32%\dllcache\encdec.dll -> [Ver = | Size = 155648 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196666 bytes | Created Date = 4/6/2007 6:30:14 PM | Attr = ]
ims.cat -> %System32%\dllcache\ims.cat -> [Ver = | Size = 13608 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 4/6/2007 6:29:08 PM | Attr = ]
luna.mst -> %System32%\dllcache\luna.mst -> Microsoft [Ver = 1, 0, 0, 1 | Size = 4186256 bytes | Created Date = 4/6/2007 6:30:13 PM | Attr = ]
mciqtz32.dll -> %System32%\dllcache\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 4/6/2007 6:29:04 PM | Attr = ]
micross.ttf -> %System32%\dllcache\micross.ttf -> [Ver = | Size = 305724 bytes | Created Date = 4/6/2007 6:29:45 PM | Attr = ]
mpg2splt.ax -> %System32%\dllcache\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 4/6/2007 6:29:00 PM | Attr = ]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 4/6/2007 6:30:11 PM | Attr = ]
msdmo.dll -> %System32%\dllcache\msdmo.dll -> [Ver = | Size = 13312 bytes | Created Date = 4/6/2007 6:28:58 PM | Attr = ]
msdvbnp.ax -> %System32%\dllcache\msdvbnp.ax -> [Ver = | Size = 52224 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msdxm.ocx -> %System32%\dllcache\msdxm.ocx -> [Ver = | Size = 842268 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msdxmlc.dll -> %System32%\dllcache\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msimain.sdb -> %System32%\dllcache\msimain.sdb -> [Ver = | Size = 182198 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
msinfo.dll -> %System32%\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 348160 bytes | Created Date = 4/6/2007 6:30:07 PM | Attr = ]
odbcconf.rsp -> %System32%\dllcache\odbcconf.rsp -> [Ver = | Size = 4294 bytes | Created Date = 4/6/2007 6:28:39 PM | Attr = ]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 272896 bytes | Created Date = 4/6/2007 6:30:02 PM | Attr = ]
proctexe.ocx -> %System32%\dllcache\proctexe.ocx -> Intel Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 75776 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
psisdecd.dll -> %System32%\dllcache\psisdecd.dll -> [Ver = | Size = 354816 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
psisrndr.ax -> %System32%\dllcache\psisrndr.ax -> [Ver = | Size = 30208 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
qcap.dll -> %System32%\dllcache\qcap.dll -> [Ver = | Size = 257024 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qdv.dll -> %System32%\dllcache\qdv.dll -> [Ver = | Size = 316928 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qdvd.dll -> %System32%\dllcache\qdvd.dll -> [Ver = | Size = 470528 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qedit.dll -> %System32%\dllcache\qedit.dll -> [Ver = | Size = 1798144 bytes | Created Date = 4/6/2007 6:28:33 PM | Attr = ]
qedwipes.dll -> %System32%\dllcache\qedwipes.dll -> [Ver = | Size = 733184 bytes | Created Date = 4/6/2007 6:28:33 PM | Attr = ]
quartz.dll -> %System32%\dllcache\quartz.dll -> [Ver = | Size = 1962496 bytes | Created Date = 4/6/2007 6:28:32 PM | Attr = ]
redir.exe -> %System32%\dllcache\redir.exe -> [Ver = | Size = 3338 bytes | Created Date = 4/6/2007 6:28:30 PM | Attr = ]
regwizc.dll -> %System32%\dllcache\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 387584 bytes | Created Date = 4/6/2007 6:28:30 PM | Attr = ]
sbe.dll -> %System32%\dllcache\sbe.dll -> [Ver = | Size = 218112 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
secupd.dat -> %System32%\dllcache\secupd.dat -> [Ver = | Size = 4573 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
secupd.sig -> %System32%\dllcache\secupd.sig -> [Ver = | Size = 6788 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
slbcsp.dll -> %System32%\dllcache\slbcsp.dll -> Schlumberger Technology Corporation [Ver = 5.1.2518.0 (main.010714-2114) | Size = 276480 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
slbiop.dll -> %System32%\dllcache\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2518.0 (main.010714-2114) | Size = 89600 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
sniffpol.dll -> %System32%\dllcache\sniffpol.dll -> [Ver = 3, 2, 0, 25 | Size = 32256 bytes | Created Date = 4/6/2007 6:30:00 PM | Attr = ]
spra0405.dll -> %System32%\dllcache\spra0405.dll -> Spolecnost Microsoft [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 189440 bytes | Created Date = 4/6/2007 6:31:05 PM | Attr = ]
spra0419.dll -> %System32%\dllcache\spra0419.dll -> ?????????? ?????????? [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 193024 bytes | Created Date = 4/6/2007 6:31:05 PM | Attr = ]
sstub.dll -> %System32%\dllcache\sstub.dll -> [Ver = 3, 2, 0, 25 | Size = 30720 bytes | Created Date = 4/6/2007 6:29:59 PM | Attr = ]
sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1082436 bytes | Created Date = 4/6/2007 6:27:34 PM | Attr = ]
t2embed.dll -> %System32%\dllcache\t2embed.dll -> Microsoft Corp. [Ver = 0, 2, 0, 81 | Size = 198656 bytes | Created Date = 4/6/2007 6:28:15 PM | Attr = ]
tahoma.ttf -> %System32%\dllcache\tahoma.ttf -> [Ver = | Size = 379588 bytes | Created Date = 4/6/2007 6:29:45 PM | Attr = ]
tahomabd.ttf -> %System32%\dllcache\tahomabd.ttf -> [Ver = | Size = 352020 bytes | Created Date = 4/6/2007 6:29:45 PM | Attr = ]
tshoot.dll -> %System32%\dllcache\tshoot.dll -> [Ver = 3.2.0.27 | Size = 262656 bytes | Created Date = 4/6/2007 6:29:57 PM | Attr = ]
twain_32.dll -> %System32%\dllcache\twain_32.dll -> Twain Working Group [Ver = 1,7,1,0 | Size = 46592 bytes | Created Date = 4/6/2007 6:29:42 PM | Attr = ]
ati2mtaa.sys -> %System32%\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 450176 bytes | Created Date = 4/6/2007 6:30:59 PM | Attr = ]
atinbtxx.sys -> %System32%\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56591 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
atinmdxx.sys -> %System32%\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 4/6/2007 6:31:02 PM | Attr = ]
atinpdxx.sys -> %System32%\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
atinraxx.sys -> %System32%\drivers\atinraxx.sys -> ATI Technologies Inc.

#12 hxm

hxm
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 06 April 2007 - 07:10 AM

CONTINUATION

atinraxx.sys -> %System32%\dllcache\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
atinrvxx.sys -> %System32%\dllcache\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinsnxx.sys -> %System32%\dllcache\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinttxx.sys -> %System32%\dllcache\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
atintuxx.sys -> %System32%\dllcache\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 4/6/2007 6:30:58 PM | Attr = ]
atinxbxx.sys -> %System32%\dllcache\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinxsxx.sys -> %System32%\dllcache\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ativdaxx.ax -> %System32%\dllcache\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12831 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
ativmvxx.ax -> %System32%\dllcache\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 31263 bytes | Created Date = 4/6/2007 6:30:58 PM | Attr = ]
atmfd.dll -> %System32%\dllcache\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 225 | Size = 272768 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
atmlib.dll -> %System32%\dllcache\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 225 | Size = 27136 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
compatui.dll -> %System32%\dllcache\compatui.dll -> [Ver = 1, 0, 0, 1 | Size = 238592 bytes | Created Date = 4/6/2007 6:29:31 PM | Attr = ]
defrag.exe -> %System32%\dllcache\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 70656 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
devenum.dll -> %System32%\dllcache\devenum.dll -> [Ver = | Size = 132608 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgfat.exe -> %System32%\dllcache\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 76288 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgntfs.exe -> %System32%\dllcache\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 99328 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgsnap.dll -> %System32%\dllcache\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 35328 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgui.dll -> %System32%\dllcache\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 113152 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dgnet.dll -> %System32%\dllcache\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 103424 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dmadmin.exe -> %System32%\dllcache\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Created Date = 4/6/2007 6:29:24 PM | Attr = ]
dmboot.sys -> %System32%\dllcache\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Created Date = 4/6/2007 6:27:47 PM | Attr = ]
dmdskmgr.dll -> %System32%\dllcache\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 184320 bytes | Created Date = 4/6/2007 6:29:24 PM | Attr = ]
dmio.sys -> %System32%\dllcache\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Created Date = 4/6/2007 6:27:47 PM | Attr = ]
dmremote.exe -> %System32%\dllcache\dmremote.exe -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 14336 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dmserver.dll -> %System32%\dllcache\dmserver.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 21504 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dmutil.dll -> %System32%\dllcache\dmutil.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 50688 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dosx.exe -> %System32%\dllcache\dosx.exe -> [Ver = | Size = 53840 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
drvmain.sdb -> %System32%\dllcache\drvmain.sdb -> [Ver = | Size = 8514 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
dxmasf.dll -> %System32%\dllcache\dxmasf.dll -> [Ver = | Size = 498205 bytes | Created Date = 4/6/2007 6:29:17 PM | Attr = ]
encdec.dll -> %System32%\dllcache\encdec.dll -> [Ver = | Size = 155648 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196666 bytes | Created Date = 4/6/2007 6:30:14 PM | Attr = ]
ims.cat -> %System32%\dllcache\ims.cat -> [Ver = | Size = 13608 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 4/6/2007 6:29:08 PM | Attr = ]
luna.mst -> %System32%\dllcache\luna.mst -> Microsoft [Ver = 1, 0, 0, 1 | Size = 4186256 bytes | Created Date = 4/6/2007 6:30:13 PM | Attr = ]
mciqtz32.dll -> %System32%\dllcache\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 4/6/2007 6:29:04 PM | Attr = ]
micross.ttf -> %System32%\dllcache\micross.ttf -> [Ver = | Size = 305724 bytes | Created Date = 4/6/2007 6:29:45 PM | Attr = ]
mpg2splt.ax -> %System32%\dllcache\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 4/6/2007 6:29:00 PM | Attr = ]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 4/6/2007 6:30:11 PM | Attr = ]
msdmo.dll -> %System32%\dllcache\msdmo.dll -> [Ver = | Size = 13312 bytes | Created Date = 4/6/2007 6:28:58 PM | Attr = ]
msdvbnp.ax -> %System32%\dllcache\msdvbnp.ax -> [Ver = | Size = 52224 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msdxm.ocx -> %System32%\dllcache\msdxm.ocx -> [Ver = | Size = 842268 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msdxmlc.dll -> %System32%\dllcache\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msimain.sdb -> %System32%\dllcache\msimain.sdb -> [Ver = | Size = 182198 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
msinfo.dll -> %System32%\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 348160 bytes | Created Date = 4/6/2007 6:30:07 PM | Attr = ]
odbcconf.rsp -> %System32%\dllcache\odbcconf.rsp -> [Ver = | Size = 4294 bytes | Created Date = 4/6/2007 6:28:39 PM | Attr = ]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 272896 bytes | Created Date = 4/6/2007 6:30:02 PM | Attr = ]
proctexe.ocx -> %System32%\dllcache\proctexe.ocx -> Intel Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 75776 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
psisdecd.dll -> %System32%\dllcache\psisdecd.dll -> [Ver = | Size = 354816 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
psisrndr.ax -> %System32%\dllcache\psisrndr.ax -> [Ver = | Size = 30208 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
qcap.dll -> %System32%\dllcache\qcap.dll -> [Ver = | Size = 257024 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qdv.dll -> %System32%\dllcache\qdv.dll -> [Ver = | Size = 316928 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qdvd.dll -> %System32%\dllcache\qdvd.dll -> [Ver = | Size = 470528 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qedit.dll -> %System32%\dllcache\qedit.dll -> [Ver = | Size = 1798144 bytes | Created Date = 4/6/2007 6:28:33 PM | Attr = ]
qedwipes.dll -> %System32%\dllcache\qedwipes.dll -> [Ver = | Size = 733184 bytes | Created Date = 4/6/2007 6:28:33 PM | Attr = ]
quartz.dll -> %System32%\dllcache\quartz.dll -> [Ver = | Size = 1962496 bytes | Created Date = 4/6/2007 6:28:32 PM | Attr = ]
redir.exe -> %System32%\dllcache\redir.exe -> [Ver = | Size = 3338 bytes | Created Date = 4/6/2007 6:28:30 PM | Attr = ]
regwizc.dll -> %System32%\dllcache\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 387584 bytes | Created Date = 4/6/2007 6:28:30 PM | Attr = ]
sbe.dll -> %System32%\dllcache\sbe.dll -> [Ver = | Size = 218112 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
secupd.dat -> %System32%\dllcache\secupd.dat -> [Ver = | Size = 4573 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
secupd.sig -> %System32%\dllcache\secupd.sig -> [Ver = | Size = 6788 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
slbcsp.dll -> %System32%\dllcache\slbcsp.dll -> Schlumberger Technology Corporation [Ver = 5.1.2518.0 (main.010714-2114) | Size = 276480 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
slbiop.dll -> %System32%\dllcache\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2518.0 (main.010714-2114) | Size = 89600 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
sniffpol.dll -> %System32%\dllcache\sniffpol.dll -> [Ver = 3, 2, 0, 25 | Size = 32256 bytes | Created Date = 4/6/2007 6:30:00 PM | Attr = ]
spra0405.dll -> %System32%\dllcache\spra0405.dll -> Spolecnost Microsoft [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 189440 bytes | Created Date = 4/6/2007 6:31:05 PM | Attr = ]
spra0419.dll -> %System32%\dllcache\spra0419.dll -> ?????????? ?????????? [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 193024 bytes | Created Date = 4/6/2007 6:31:05 PM | Attr = ]
sstub.dll -> %System32%\dllcache\sstub.dll -> [Ver = 3, 2, 0, 25 | Size = 30720 bytes | Created Date = 4/6/2007 6:29:59 PM | Attr = ]
sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1082436 bytes | Created Date = 4/6/2007 6:27:34 PM | Attr = ]
t2embed.dll -> %System32%\dllcache\t2embed.dll -> Microsoft Corp. [Ver = 0, 2, 0, 81 | Size = 198656 bytes | Created Date = 4/6/2007 6:28:15 PM | Attr = ]
tahoma.ttf -> %System32%\dllcache\tahoma.ttf -> [Ver = | Size = 379588 bytes | Created Date = 4/6/2007 6:29:45 PM | Attr = ]
tahomabd.ttf -> %System32%\dllcache\tahomabd.ttf -> [Ver = | Size = 352020 bytes | Created Date = 4/6/2007 6:29:45 PM | Attr = ]
tshoot.dll -> %System32%\dllcache\tshoot.dll -> [Ver = 3.2.0.27 | Size = 262656 bytes | Created Date = 4/6/2007 6:29:57 PM | Attr = ]
twain_32.dll -> %System32%\dllcache\twain_32.dll -> Twain Working Group [Ver = 1,7,1,0 | Size = 46592 bytes | Created Date = 4/6/2007 6:29:42 PM | Attr = ]
ati2mtaa.sys -> %System32%\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 450176 bytes | Created Date = 4/6/2007 6:30:59 PM | Attr = ]
atinbtxx.sys -> %System32%\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56591 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
atinmdxx.sys -> %System32%\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 4/6/2007 6:31:02 PM | Attr = ]
atinpdxx.sys -> %System32%\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
atinraxx.sys -> %System32%\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
atinrvxx.sys -> %System32%\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinsnxx.sys -> %System32%\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinttxx.sys -> %System32%\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
atintuxx.sys -> %System32%\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 4/6/2007 6:30:58 PM | Attr = ]
atinxbxx.sys -> %System32%\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinxsxx.sys -> %System32%\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/31/2007 9:19:03 AM | Attr = ]
cmdmon.sys -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Created Date = 4/4/2007 7:57:59 AM | Attr = ]
dmboot.sys -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Created Date = 4/6/2007 6:27:47 PM | Attr = ]
dmio.sys -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Created Date = 4/6/2007 6:27:47 PM | Attr = ]
inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Created Date = 4/4/2007 7:57:59 AM | Attr = ]
Comodo -> %AllUsersAppData%\Comodo -> [Folder | Created Date = 4/4/2007 7:59:40 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 3/31/2007 9:20:05 AM | Attr = ]
Comodo -> %UserAppData%\Comodo -> [Folder | Created Date = 4/4/2007 7:59:45 AM | Attr = ]
Lavasoft -> %UserAppData%\Lavasoft -> [Folder | Created Date = 3/31/2007 10:21:05 AM | Attr = ]
Mozilla -> %LocalAppData%\Mozilla -> [Folder | Created Date = 4/3/2007 11:28:29 PM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 3/31/2007 9:19:05 AM | Attr = ]
COMODO Firewall Pro.lnk -> %AllUsersDesktop%\COMODO Firewall Pro.lnk -> [Ver = | Size = 1588 bytes | Created Date = 4/4/2007 7:58:11 AM | Attr = ]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 4/3/2007 11:40:41 PM | Attr = ]
banyo.bmp -> %UserDesktop%\banyo.bmp -> [Ver = | Size = 518454 bytes | Created Date = 4/4/2007 1:05:05 AM | Attr = ]
banyo2.bmp -> %UserDesktop%\banyo2.bmp -> [Ver = | Size = 518454 bytes | Created Date = 4/4/2007 1:05:30 AM | Attr = ]
bc550.pdf -> %UserDesktop%\bc550.pdf -> [Ver = | Size = 49444 bytes | Created Date = 4/6/2007 12:52:49 PM | Attr = ]
bf245.pdf -> %UserDesktop%\bf245.pdf -> [Ver = | Size = 187125 bytes | Created Date = 4/6/2007 12:54:47 PM | Attr = ]
contact number.doc -> %UserDesktop%\contact number.doc -> [Ver = | Size = 20480 bytes | Created Date = 4/4/2007 10:56:56 AM | Attr = ]
Image(04).jpg -> %UserDesktop%\Image(04).jpg -> [Ver = | Size = 102572 bytes | Created Date = 4/4/2007 1:03:05 AM | Attr = ]
Image(05).jpg -> %UserDesktop%\Image(05).jpg -> [Ver = | Size = 104148 bytes | Created Date = 4/4/2007 1:03:05 AM | Attr = ]
LimeWire PRO 4.9.23.lnk -> %UserDesktop%\LimeWire PRO 4.9.23.lnk -> [Ver = | Size = 1588 bytes | Created Date = 4/5/2007 1:44:11 PM | Attr = ]
mama -> %UserDesktop%\mama -> [Folder | Created Date = 3/31/2007 8:59:58 PM | Attr = ]
SDFix -> %UserDesktop%\SDFix -> [Folder | Created Date = 4/5/2007 6:40:55 PM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 3/31/2007 9:20:05 AM | Attr = ]
spybot.doc -> %UserDesktop%\spybot.doc -> [Ver = | Size = 20992 bytes | Created Date = 3/31/2007 8:30:01 AM | Attr = ]
spyware -> %UserDesktop%\spyware -> [Folder | Created Date = 3/31/2007 9:07:19 AM | Attr = ]
SpywareBlaster.lnk -> %UserDesktop%\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Created Date = 3/31/2007 11:10:48 PM | Attr = ]
videos -> %UserDesktop%\videos -> [Folder | Created Date = 3/31/2007 10:28:21 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 4/5/2007 6:55:39 PM | Attr = ]
GetRight - Tray Icon.lnk -> %AllUsersStartup%\GetRight - Tray Icon.lnk -> [Ver = | Size = 694 bytes | Created Date = 4/6/2007 1:07:21 PM | Attr = ]
Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 4/6/2007 1:07:03 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 4/4/2007 7:30:02 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
881cd18d99922412e9 -> %SystemDrive%\881cd18d99922412e9 -> [Folder | Modified Date = 4/1/2007 8:52:52 AM | Attr = ]
Converted Music -> %SystemDrive%\Converted Music -> [Folder | Modified Date = 4/4/2007 3:29:32 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 4/6/2007 5:01:20 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267964416 bytes | Modified Date = 4/6/2007 8:06:12 PM | Attr = HS]
NTDETECT.COM -> %SystemDrive%\NTDETECT.COM -> [Ver = | Size = 47580 bytes | Modified Date = 4/6/2007 7:52:14 PM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/6/2007 8:13:20 PM | Attr = R ]
SnakeScorpion8 -> %SystemDrive%\SnakeScorpion8 -> [Folder | Modified Date = 4/4/2007 2:02:04 AM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/6/2007 1:20:24 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/3/2007 9:43:54 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/1/2007 6:16:24 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/6/2007 8:15:12 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/1/2007 9:04:30 AM | Attr = H ]
$NtUninstallKB894391$ -> %SystemRoot%\$NtUninstallKB894391$ -> [Folder | Modified Date = 4/1/2007 9:04:34 AM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/6/2007 8:05:56 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/6/2007 8:06:20 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/6/2007 8:06:46 PM | Attr = ]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 4/6/2007 7:53:12 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/6/2007 8:05:58 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/6/2007 7:53:20 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 4/6/2007 7:53:22 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/6/2007 7:53:38 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/4/2007 1:43:28 PM | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 4/6/2007 7:52:00 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/6/2007 10:40:06 AM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/6/2007 7:53:38 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 4/3/2007 2:36:14 PM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Modified Date = 4/6/2007 10:12:22 AM | Attr = ]
peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 4/6/2007 7:52:00 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/6/2007 8:41:52 PM | Attr = ]
provisioning -> %SystemRoot%\provisioning -> [Folder | Modified Date = 4/6/2007 7:48:38 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/30/2007 11:45:34 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/5/2007 2:43:20 AM | Attr = H ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 4/6/2007 7:34:26 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 4/6/2007 7:55:52 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 4/6/2007 7:55:52 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 4/6/2007 8:09:42 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/6/2007 8:06:34 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/6/2007 8:17:40 PM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 4/6/2007 8:01:00 PM | Attr = R ]
Wininit.ini -> %SystemRoot%\Wininit.ini -> [Ver = | Size = 77 bytes | Modified Date = 4/6/2007 8:13:18 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/6/2007 7:50:04 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 4/6/2007 8:09:36 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/6/2007 8:06:34 PM | Attr = H ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 4/6/2007 8:07:48 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 4/6/2007 8:03:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/6/2007 8:09:40 PM | Attr = ]
Com -> %System32%\Com -> [Folder | Modified Date = 4/6/2007 7:58:18 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 4/5/2007 8:32:36 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/6/2007 8:00:44 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4/6/2007 8:00:46 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 200936 bytes | Modified Date = 4/6/2007 8:06:12 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 4/6/2007 7:52:12 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Modified Date = 3/14/2007 12:31:24 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Modified Date = 3/14/2007 2:04:46 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Modified Date = 3/14/2007 12:31:28 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Modified Date = 3/14/2007 2:04:46 AM | Attr = ]
npp -> %System32%\npp -> [Folder | Modified Date = 4/6/2007 8:00:48 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 4/6/2007 8:07:48 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 88566 bytes | Modified Date = 4/6/2007 8:08:42 PM | Attr = ]
oobe -> %System32%\oobe -> [Folder | Modified Date = 4/6/2007 8:00:48 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 40196 bytes | Modified Date = 4/3/2007 8:21:20 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 311934 bytes | Modified Date = 4/3/2007 8:21:20 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 4/3/2007 8:21:20 AM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 4/6/2007 10:10:34 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/6/2007 8:00:48 PM | Attr = ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 4/6/2007 8:00:50 PM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Modified Date = 4/6/2007 8:00:52 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 4/6/2007 8:06:10 PM | Attr = ]
wmpscheme.xml -> %System32%\wmpscheme.xml -> [Ver = | Size = 25065 bytes | Modified Date = 4/6/2007 8:08:02 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 4/4/2007 1:39:22 PM | Attr = ]
cmdmon.sys -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Modified Date = 4/4/2007 8:58:00 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/5/2007 7:41:50 PM | Attr = ]
inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 4/4/2007 8:58:00 AM | Attr = ]
Comodo -> %AllUsersAppData%\Comodo -> [Folder | Modified Date = 4/4/2007 8:59:42 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 4/4/2007 8:50:12 AM | Attr = ]
Comodo -> %UserAppData%\Comodo -> [Folder | Modified Date = 4/4/2007 8:59:50 AM | Attr = ]
Lavasoft -> %UserAppData%\Lavasoft -> [Folder | Modified Date = 3/31/2007 11:21:06 AM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 4/5/2007 4:05:30 PM | Attr = S]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 185856 bytes | Modified Date = 4/5/2007 2:40:22 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3712656 bytes | Modified Date = 4/6/2007 8:04:48 PM | Attr = H ]
Mozilla -> %LocalAppData%\Mozilla -> [Folder | Modified Date = 4/4/2007 12:28:30 AM | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 4/6/2007 7:51:32 PM | Attr = R ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 3/31/2007 10:19:06 AM | Attr = ]
COMODO Firewall Pro.lnk -> %AllUsersDesktop%\COMODO Firewall Pro.lnk -> [Ver = | Size = 1588 bytes | Modified Date = 4/4/2007 8:58:12 AM | Attr = ]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 4/4/2007 12:40:42 AM | Attr = ]
AUDIO -> %UserDesktop%\AUDIO -> [Folder | Modified Date = 4/1/2007 9:02:34 AM | Attr = ]
avast -> %UserDesktop%\avast -> [Folder | Modified Date = 4/1/2007 9:03:02 AM | Attr = ]
banyo.bmp -> %UserDesktop%\banyo.bmp -> [Ver = | Size = 518454 bytes | Modified Date = 4/4/2007 2:05:06 AM | Attr = ]
banyo2.bmp -> %UserDesktop%\banyo2.bmp -> [Ver = | Size = 518454 bytes | Modified Date = 4/4/2007 2:05:32 AM | Attr = ]
bc550.pdf -> %UserDesktop%\bc550.pdf -> [Ver = | Size = 49444 bytes | Modified Date = 4/6/2007 1:52:50 PM | Attr = ]
bf245.pdf -> %UserDesktop%\bf245.pdf -> [Ver = | Size = 187125 bytes | Modified Date = 4/6/2007 1:54:48 PM | Attr = ]
contact number.doc -> %UserDesktop%\contact number.doc -> [Ver = | Size = 20480 bytes | Modified Date = 4/4/2007 11:56:58 AM | Attr = ]
jam -> %UserDesktop%\jam -> [Folder | Modified Date = 4/5/2007 3:07:32 PM | Attr = ]
LimeWire PRO 4.9.23.lnk -> %UserDesktop%\LimeWire PRO 4.9.23.lnk -> [Ver = | Size = 1588 bytes | Modified Date = 4/5/2007 2:44:12 PM | Attr = ]
mama -> %UserDesktop%\mama -> [Folder | Modified Date = 4/6/2007 6:39:26 PM | Attr = ]
question -> %UserDesktop%\question -> [Folder | Modified Date = 3/31/2007 8:28:06 AM | Attr = ]
SDFix -> %UserDesktop%\SDFix -> [Folder | Modified Date = 4/5/2007 8:31:50 PM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 3/31/2007 10:20:06 AM | Attr = ]
spybot.doc -> %UserDesktop%\spybot.doc -> [Ver = | Size = 20992 bytes | Modified Date = 3/31/2007 9:30:02 AM | Attr = ]
spyware -> %UserDesktop%\spyware -> [Folder | Modified Date = 4/6/2007 6:39:04 PM | Attr = ]
SpywareBlaster.lnk -> %UserDesktop%\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Modified Date = 4/1/2007 12:10:50 AM | Attr = ]
videos -> %UserDesktop%\videos -> [Folder | Modified Date = 3/31/2007 11:29:18 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 4/5/2007 8:41:42 PM | Attr = ]
GetRight - Tray Icon.lnk -> %AllUsersStartup%\GetRight - Tray Icon.lnk -> [Ver = | Size = 694 bytes | Modified Date = 4/6/2007 2:07:22 PM | Attr = ]
Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 4/6/2007 2:07:04 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 3/31/2007 1:05:38 PM | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 4/6/2007 7:52:44 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 4/4/2007 8:30:04 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 936, 0 | Size = 689280 bytes | Modified Date = 1/15/2007 10:32:08 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 7/12/2005 7:04:22 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
UPX! , UPX0 , -> %UserDocuments%\NIS06910.exe -> [Ver = | Size = 45450744 bytes | Modified Date = 6/8/2006 11:05:22 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->
WSUD , -> %UserDesktop%\dist -> [Ver = | Size = 15172037 bytes | Modified Date = 11/4/2004 12:27:12 PM | Attr = ]

< End of report >

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:52 PM

Posted 06 April 2007 - 07:51 AM

Hi hxm. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Since you already have AVG Anti-Spyware installed let's update it.
  • Start AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {0B073034-30B8-404C-8FA2-3FFB3E8BF32D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {57E218E6-5A80-4f0c-AB25-83598F25D7E9} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YY -> {A7EC4924-B707-437A-AE2F-F56F7B1E3B93} [HKLM] -> %System32%\oumofrld.dll [Reg Data - Value does not exist]
[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
YN -> 0 -> [Key]
[Files/Folders - Created Within 30 days]
NY -> 881cd18d99922412e9 -> %SystemDrive%\881cd18d99922412e9
NY -> 003978_.tmp -> %SystemRoot%\003978_.tmp
[Empty Temp Folders]


The fix should only take a very short time You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot into Safe Mode as shown below. If not, then reboot manually into Safe Mode.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 hxm

hxm
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 06 April 2007 - 09:10 PM

AN UPDATE AFTER AVG ANTI-SPYWARE SCAN:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:48:34 AM 4/7/2007

+ Scan result:



C:\VundoFix Backups\ddcyx.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).


::Report end

AFTER THE RUN FIX:


[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B073034-30B8-404C-8FA2-3FFB3E8BF32D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57E218E6-5A80-4f0c-AB25-83598F25D7E9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7EC4924-B707-437A-AE2F-F56F7B1E3B93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EC4924-B707-437A-AE2F-F56F7B1E3B93} deleted successfully.
C:\WINDOWS\SYSTEM32\oumofrld.dll unregistered successfully.
C:\WINDOWS\SYSTEM32\oumofrld.dll moved successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
[Files/Folders - Created Within 30 days]
C:\881cd18d99922412e9\update moved successfully.
C:\881cd18d99922412e9\sp2qfe moved successfully.
C:\881cd18d99922412e9\sp2gdr moved successfully.
C:\881cd18d99922412e9\sp1qfe moved successfully.
C:\881cd18d99922412e9 moved successfully.
C:\WINDOWS\003978_.tmp moved successfully.
[Empty Temp Folders]
C:\DOCUME~1\Admin\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 04/07/2007 09:31:14

AFTER THE AVG ANTI-SPYWARE SCAN, UPDATED WINPFIND3U:

WinPFind3 logfile created on: 4/7/2007 10:50:15 AM
WinPFind3U by OldTimer - Version 1.0.33 Folder = C:\Documents and Settings\Admin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

255.48 Mb Total Physical Memory | 164.29 Mb Available Physical Memory | 64.30% Memory free
616.54 Mb Paging File | 522.43 Mb Available in Paging File | 84.74% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 11.40 Gb Free Space | 30.60% Space Free
D: Drive not present or media not loaded
Drive E: | 559.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: ADMIN-YQHFZXDZP
Current User Name: Admin
Logged in as Administrator.
Cannot determine boot mode.


[Processes - Non-Microsoft Only]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 1/15/2007 10:18:24 AM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 10:28:52 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 10:28:32 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 10:27:52 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 4/4/2007 8:57:58 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 2:51:48 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 10:28:58 AM | Attr = ]
Cmaudio -> cmicnfg.CPL -> File not found
COMODO Firewall Pro -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 4/4/2007 8:57:58 AM | Attr = ]
KernelFaultCheck -> -> File not found
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1622016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
PV92TRAY -> %System32%\PV92Tray.exe -> PCtel Inc. [Ver = 12, 300, 22, 0 | Size = 323584 bytes | Modified Date = 11/26/2003 6:11:42 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2/10/2006 11:15:28 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 11/11/2004 1:39:36 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe -> [Ver = | Size = 3096576 bytes | Modified Date = 12/8/2005 2:55:10 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ]
%AllUsersStartup%\GetRight - Tray Icon.lnk -> %ProgramFiles%\GetRight\getright.exe -> Headlight Software, Inc. [Ver = 6.2a | Size = 3781960 bytes | Modified Date = 3/12/2007 4:35:24 PM | Attr = ]
%AllUsersStartup%\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 11/11/2004 1:39:36 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 7:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [Yahoo! Companion BHO] -> Yahoo! Inc. [Ver = 2005, 4, 22, 1 | Size = 333464 bytes | Modified Date = 5/11/2005 1:18:18 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 9:38:22 PM | Attr = ]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKLM] -> %ProgramFiles%\GetRight\xx2gr.dll [GetRight IE Download Helper] -> Headlight Software, Inc. [Ver = 6.1a | Size = 247112 bytes | Modified Date = 1/4/2007 11:57:18 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{A7EC4924-B707-437A-AE2F-F56F7B1E3B93} [HKLM] -> %System32%\oumofrld.dll [Reg Data - Value does not exist] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 6, 30, 1 | Size = 316552 bytes | Modified Date = 12/27/2005 7:40:58 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 6, 30, 1 | Size = 316552 bytes | Modified Date = 12/27/2005 7:40:58 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 3:40:12 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 4, 22, 1 | Size = 333464 bytes | Modified Date = 5/11/2005 1:18:18 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 4, 22, 1 | Size = 333464 bytes | Modified Date = 5/11/2005 1:18:18 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Download with GetRight -> %ProgramFiles%\GetRight\GRdownload.htm -> [Ver = | Size = 994 bytes | Modified Date = 3/29/2006 3:35:14 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Open with GetRight Browser -> %ProgramFiles%\GetRight\GRBrowse.htm -> [Ver = | Size = 977 bytes | Modified Date = 3/29/2006 3:35:14 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{4409A9B3-030F-4AFB-B214-9DA6C4FF0770} -> 4.2.2.1,4.2.2.2 (VIA Rhine II Fast Ethernet Adapter) ->
{E4683583-EBF8-44E2-8352-951B11108C0F} -> () ->
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
bwfile-8876480 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 11/11/2004 1:39:36 AM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 3:40:12 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab ->









[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
1 -> [Key] ->
1 -> FriendlyName = My Current Home Page ->
1 -> Source = About:Home ->
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. -> ->


[Files/Folders - Created Within 30 days]
Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 4/6/2007 1:07:21 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/1/2007 5:04:09 AM | Attr = ]
$NtUninstallKB894391$ -> %SystemRoot%\$NtUninstallKB894391$ -> [Folder | Created Date = 4/1/2007 8:04:31 AM | Attr = H ]
nview -> %SystemRoot%\nview -> [Folder | Created Date = 4/6/2007 9:10:50 AM | Attr = ]
peernet -> %SystemRoot%\peernet -> [Folder | Created Date = 4/6/2007 6:48:42 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 4/6/2007 7:06:33 PM | Attr = ]
provisioning -> %SystemRoot%\provisioning -> [Folder | Created Date = 4/6/2007 6:48:37 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/30/2007 10:45:32 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/30/2007 10:45:32 PM | Attr = H ]
twain_32.dll -> %SystemRoot%\twain_32.dll -> Twain Working Group [Ver = 1,7,1,0 | Size = 46592 bytes | Created Date = 4/6/2007 6:29:42 PM | Attr = ]
amstream.dll -> %System32%\amstream.dll -> [Ver = | Size = 64512 bytes | Created Date = 4/6/2007 6:29:37 PM | Attr = ]
ati2dvaa.dll -> %System32%\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 4/6/2007 6:31:02 PM | Attr = ]
ati2dvag.dll -> %System32%\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 202496 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati3d1ag.dll -> %System32%\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.13.10.3338 | Size = 844675 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati3d2ag.dll -> %System32%\ati3d2ag.dll -> ATI Technologies Inc. [Ver = 6.13.10.3338 | Size = 921475 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
ativdaxx.ax -> %System32%\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12831 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
ativmvxx.ax -> %System32%\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 31263 bytes | Created Date = 4/6/2007 6:30:58 PM | Attr = ]
atmfd.dll -> %System32%\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 225 | Size = 272768 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
atmlib.dll -> %System32%\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 225 | Size = 27136 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
compatui.dll -> %System32%\compatui.dll -> [Ver = 1, 0, 0, 1 | Size = 238592 bytes | Created Date = 4/6/2007 6:29:31 PM | Attr = ]
dcache.bin -> %System32%\dcache.bin -> [Ver = | Size = 1740 bytes | Created Date = 4/6/2007 6:29:26 PM | Attr = ]
defrag.exe -> %System32%\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 70656 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
devenum.dll -> %System32%\devenum.dll -> [Ver = | Size = 132608 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgfat.exe -> %System32%\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 76288 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgntfs.exe -> %System32%\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 99328 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgsnap.dll -> %System32%\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 35328 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgui.dll -> %System32%\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 113152 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dgnet.dll -> %System32%\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 103424 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dmadmin.exe -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Created Date = 4/6/2007 6:29:24 PM | Attr = ]
dmdskmgr.dll -> %System32%\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 184320 bytes | Created Date = 4/6/2007 6:29:24 PM | Attr = ]
dmremote.exe -> %System32%\dmremote.exe -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 14336 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dmserver.dll -> %System32%\dmserver.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 21504 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dmutil.dll -> %System32%\dmutil.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 50688 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dosx.exe -> %System32%\dosx.exe -> [Ver = | Size = 53840 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dxmasf.dll -> %System32%\dxmasf.dll -> [Ver = | Size = 498205 bytes | Created Date = 4/6/2007 6:29:17 PM | Attr = ]
encdec.dll -> %System32%\encdec.dll -> [Ver = | Size = 155648 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 489984 bytes | Created Date = 4/6/2007 6:27:56 PM | Attr = ]
iac25_32.ax -> %System32%\iac25_32.ax -> Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Created Date = 4/6/2007 6:32:40 PM | Attr = ]
iccvid.dll -> %System32%\iccvid.dll -> Radius Inc. [Ver = 1.10.0.6 | Size = 110592 bytes | Created Date = 4/6/2007 6:29:13 PM | Attr = ]
ieuinit.inf -> %System32%\ieuinit.inf -> [Ver = | Size = 19514 bytes | Created Date = 4/6/2007 6:29:12 PM | Attr = ]
instcat.sql -> %System32%\instcat.sql -> [Ver = | Size = 766934 bytes | Created Date = 4/6/2007 6:29:09 PM | Attr = ]
ir41_32.ax -> %System32%\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Created Date = 4/6/2007 6:32:40 PM | Attr = ]
ir41_qc.dll -> %System32%\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Created Date = 4/6/2007 6:32:40 PM | Attr = ]
ir41_qcx.dll -> %System32%\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
ir50_32.dll -> %System32%\ir50_32.dll -> Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
ir50_qc.dll -> %System32%\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
ir50_qcx.dll -> %System32%\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 4/6/2007 6:29:08 PM | Attr = ]
ivfsrc.ax -> %System32%\ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/4/2007 12:43:58 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/4/2007 12:43:58 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/4/2007 12:43:58 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/4/2007 12:43:58 PM | Attr = ]
l3codeca.acm -> %System32%\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Created Date = 4/6/2007 6:29:06 PM | Attr = ]
mciqtz32.dll -> %System32%\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 4/6/2007 6:29:04 PM | Attr = ]
mpeg2data.ax -> %System32%\mpeg2data.ax -> [Ver = | Size = 57856 bytes | Created Date = 4/6/2007 6:32:39 PM | Attr = ]
mpg2splt.ax -> %System32%\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 4/6/2007 6:29:00 PM | Attr = ]
msdmo.dll -> %System32%\msdmo.dll -> [Ver = | Size = 13312 bytes | Created Date = 4/6/2007 6:28:58 PM | Attr = ]
msdvbnp.ax -> %System32%\msdvbnp.ax -> [Ver = | Size = 52224 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msdxm.ocx -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msdxmlc.dll -> %System32%\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 88566 bytes | Created Date = 4/6/2007 9:10:52 AM | Attr = ]
nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17056 bytes | Created Date = 4/6/2007 9:10:50 AM | Attr = ]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 208896 bytes | Created Date = 4/6/2007 9:09:55 AM | Attr = ]
odbcconf.rsp -> %System32%\odbcconf.rsp -> [Ver = | Size = 4294 bytes | Created Date = 4/6/2007 6:28:39 PM | Attr = ]
proctexe.ocx -> %System32%\proctexe.ocx -> Intel Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 75776 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
psisdecd.dll -> %System32%\psisdecd.dll -> [Ver = | Size = 354816 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
psisrndr.ax -> %System32%\psisrndr.ax -> [Ver = | Size = 30208 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
qcap.dll -> %System32%\qcap.dll -> [Ver = | Size = 257024 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qdv.dll -> %System32%\qdv.dll -> [Ver = | Size = 316928 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qdvd.dll -> %System32%\qdvd.dll -> [Ver = | Size = 470528 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qedit.dll -> %System32%\qedit.dll -> [Ver = | Size = 1798144 bytes | Created Date = 4/6/2007 6:28:33 PM | Attr = ]
qedwipes.dll -> %System32%\qedwipes.dll -> [Ver = | Size = 733184 bytes | Created Date = 4/6/2007 6:28:33 PM | Attr = ]
quartz.dll -> %System32%\quartz.dll -> [Ver = | Size = 1962496 bytes | Created Date = 4/6/2007 6:28:32 PM | Attr = ]
redir.exe -> %System32%\redir.exe -> [Ver = | Size = 3338 bytes | Created Date = 4/6/2007 6:28:30 PM | Attr = ]
regwizc.dll -> %System32%\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 387584 bytes | Created Date = 4/6/2007 6:28:30 PM | Attr = ]
sbe.dll -> %System32%\sbe.dll -> [Ver = | Size = 218112 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
SET1FD.tmp -> %System32%\SET1FD.tmp -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Created Date = 4/6/2007 6:37:01 PM | Attr = ]
SET349.tmp -> %System32%\SET349.tmp -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Created Date = 4/6/2007 6:38:30 PM | Attr = ]
SET3E1.tmp -> %System32%\SET3E1.tmp -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Created Date = 4/6/2007 6:39:04 PM | Attr = ]
slbcsp.dll -> %System32%\slbcsp.dll -> Schlumberger Technology Corporation [Ver = 5.1.2518.0 (main.010714-2114) | Size = 276480 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
slbiop.dll -> %System32%\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2518.0 (main.010714-2114) | Size = 89600 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
sl_anet.acm -> %System32%\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
t2embed.dll -> %System32%\t2embed.dll -> Microsoft Corp. [Ver = 0, 2, 0, 81 | Size = 198656 bytes | Created Date = 4/6/2007 6:28:15 PM | Attr = ]
tcpmon.ini -> %System32%\tcpmon.ini -> [Ver = | Size = 45672 bytes | Created Date = 4/6/2007 6:28:14 PM | Attr = ]
webfldrs.msi -> %System32%\webfldrs.msi -> [Ver = | Size = 1325568 bytes | Created Date = 4/6/2007 6:28:09 PM | Attr = ]
amstream.dll -> %System32%\dllcache\amstream.dll -> [Ver = | Size = 64512 bytes | Created Date = 4/6/2007 6:29:37 PM | Attr = ]
apphelp.sdb -> %System32%\dllcache\apphelp.sdb -> [Ver = | Size = 203454 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
ati2dvaa.dll -> %System32%\dllcache\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 4/6/2007 6:31:02 PM | Attr = ]
ati2dvag.dll -> %System32%\dllcache\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 202496 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati2mtaa.sys -> %System32%\dllcache\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati2mtag.sys -> %System32%\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 450176 bytes | Created Date = 4/6/2007 6:30:59 PM | Attr = ]
ati3d1ag.dll -> %System32%\dllcache\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.13.10.3338 | Size = 844675 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati3d2ag.dll -> %System32%\dllcache\ati3d2ag.dll -> ATI Technologies Inc. [Ver = 6.13.10.3338 | Size = 921475 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
atinbtxx.sys -> %System32%\dllcache\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56591 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
atinmdxx.sys -> %System32%\dllcache\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 4/6/2007 6:31:02 PM | Attr = ]
atinpdxx.sys -> %System32%\dllcache\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
atinraxx.sys -> %System32%\dllcache\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
atinrvxx.sys -> %System32%\dllcache\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinsnxx.sys -> %System32%\dllcache\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinttxx.sys -> %System32%\dllcache\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
atintuxx.sys -> %System32%\dllcache\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 4/6/2007 6:30:58 PM | Attr = ]
atinxbxx.sys -> %System32%\dllcache\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinxsxx.sys -> %System32%\dllcache\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ativdaxx.ax -> %System32%\dllcache\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12831 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
ativmvxx.ax -> %System32%\dllcache\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 31263 bytes | Created Date = 4/6/2007 6:30:58 PM | Attr = ]
atmfd.dll -> %System32%\dllcache\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 225 | Size = 272768 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
atmlib.dll -> %System32%\dllcache\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 225 | Size = 27136 bytes | Created Date = 4/6/2007 6:29:36 PM | Attr = ]
compatui.dll -> %System32%\dllcache\compatui.dll -> [Ver = 1, 0, 0, 1 | Size = 238592 bytes | Created Date = 4/6/2007 6:29:31 PM | Attr = ]
defrag.exe -> %System32%\dllcache\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 70656 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
devenum.dll -> %System32%\dllcache\devenum.dll -> [Ver = | Size = 132608 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgfat.exe -> %System32%\dllcache\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 76288 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgntfs.exe -> %System32%\dllcache\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 99328 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgsnap.dll -> %System32%\dllcache\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 35328 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dfrgui.dll -> %System32%\dllcache\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 113152 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dgnet.dll -> %System32%\dllcache\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 103424 bytes | Created Date = 4/6/2007 6:29:25 PM | Attr = ]
dmadmin.exe -> %System32%\dllcache\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Created Date = 4/6/2007 6:29:24 PM | Attr = ]
dmboot.sys -> %System32%\dllcache\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Created Date = 4/6/2007 6:27:47 PM | Attr = ]
dmdskmgr.dll -> %System32%\dllcache\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 184320 bytes | Created Date = 4/6/2007 6:29:24 PM | Attr = ]
dmio.sys -> %System32%\dllcache\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Created Date = 4/6/2007 6:27:47 PM | Attr = ]
dmremote.exe -> %System32%\dllcache\dmremote.exe -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 14336 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dmserver.dll -> %System32%\dllcache\dmserver.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 21504 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dmutil.dll -> %System32%\dllcache\dmutil.dll -> Microsoft Corp. [Ver = 2600.0.503.0 | Size = 50688 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
dosx.exe -> %System32%\dllcache\dosx.exe -> [Ver = | Size = 53840 bytes | Created Date = 4/6/2007 6:29:23 PM | Attr = ]
drvmain.sdb -> %System32%\dllcache\drvmain.sdb -> [Ver = | Size = 8514 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
dxmasf.dll -> %System32%\dllcache\dxmasf.dll -> [Ver = | Size = 498205 bytes | Created Date = 4/6/2007 6:29:17 PM | Attr = ]
encdec.dll -> %System32%\dllcache\encdec.dll -> [Ver = | Size = 155648 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196666 bytes | Created Date = 4/6/2007 6:30:14 PM | Attr = ]
ims.cat -> %System32%\dllcache\ims.cat -> [Ver = | Size = 13608 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 4/6/2007 6:29:08 PM | Attr = ]
luna.mst -> %System32%\dllcache\luna.mst -> Microsoft [Ver = 1, 0, 0, 1 | Size = 4186256 bytes | Created Date = 4/6/2007 6:30:13 PM | Attr = ]
mciqtz32.dll -> %System32%\dllcache\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 4/6/2007 6:29:04 PM | Attr = ]
micross.ttf -> %System32%\dllcache\micross.ttf -> [Ver = | Size = 305724 bytes | Created Date = 4/6/2007 6:29:45 PM | Attr = ]
mpg2splt.ax -> %System32%\dllcache\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 4/6/2007 6:29:00 PM | Attr = ]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 4/6/2007 6:30:11 PM | Attr = ]
msdmo.dll -> %System32%\dllcache\msdmo.dll -> [Ver = | Size = 13312 bytes | Created Date = 4/6/2007 6:28:58 PM | Attr = ]
msdvbnp.ax -> %System32%\dllcache\msdvbnp.ax -> [Ver = | Size = 52224 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msdxm.ocx -> %System32%\dllcache\msdxm.ocx -> [Ver = | Size = 842268 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msdxmlc.dll -> %System32%\dllcache\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Created Date = 4/6/2007 6:28:57 PM | Attr = ]
msimain.sdb -> %System32%\dllcache\msimain.sdb -> [Ver = | Size = 182198 bytes | Created Date = 4/6/2007 6:27:33 PM | Attr = ]
msinfo.dll -> %System32%\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 348160 bytes | Created Date = 4/6/2007 6:30:07 PM | Attr = ]
odbcconf.rsp -> %System32%\dllcache\odbcconf.rsp -> [Ver = | Size = 4294 bytes | Created Date = 4/6/2007 6:28:39 PM | Attr = ]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 272896 bytes | Created Date = 4/6/2007 6:30:02 PM | Attr = ]
proctexe.ocx -> %System32%\dllcache\proctexe.ocx -> Intel Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 75776 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
psisdecd.dll -> %System32%\dllcache\psisdecd.dll -> [Ver = | Size = 354816 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
psisrndr.ax -> %System32%\dllcache\psisrndr.ax -> [Ver = | Size = 30208 bytes | Created Date = 4/6/2007 6:28:35 PM | Attr = ]
qcap.dll -> %System32%\dllcache\qcap.dll -> [Ver = | Size = 257024 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qdv.dll -> %System32%\dllcache\qdv.dll -> [Ver = | Size = 316928 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qdvd.dll -> %System32%\dllcache\qdvd.dll -> [Ver = | Size = 470528 bytes | Created Date = 4/6/2007 6:28:34 PM | Attr = ]
qedit.dll -> %System32%\dllcache\qedit.dll -> [Ver = | Size = 1798144 bytes | Created Date = 4/6/2007 6:28:33 PM | Attr = ]
qedwipes.dll -> %System32%\dllcache\qedwipes.dll -> [Ver = | Size = 733184 bytes | Created Date = 4/6/2007 6:28:33 PM | Attr = ]
quartz.dll -> %System32%\dllcache\quartz.dll -> [Ver = | Size = 1962496 bytes | Created Date = 4/6/2007 6:28:32 PM | Attr = ]
redir.exe -> %System32%\dllcache\redir.exe -> [Ver = | Size = 3338 bytes | Created Date = 4/6/2007 6:28:30 PM | Attr = ]
regwizc.dll -> %System32%\dllcache\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 387584 bytes | Created Date = 4/6/2007 6:28:30 PM | Attr = ]
sbe.dll -> %System32%\dllcache\sbe.dll -> [Ver = | Size = 218112 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
secupd.dat -> %System32%\dllcache\secupd.dat -> [Ver = | Size = 4573 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
secupd.sig -> %System32%\dllcache\secupd.sig -> [Ver = | Size = 6788 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
slbcsp.dll -> %System32%\dllcache\slbcsp.dll -> Schlumberger Technology Corporation [Ver = 5.1.2518.0 (main.010714-2114) | Size = 276480 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
slbiop.dll -> %System32%\dllcache\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2518.0 (main.010714-2114) | Size = 89600 bytes | Created Date = 4/6/2007 6:28:20 PM | Attr = ]
sniffpol.dll -> %System32%\dllcache\sniffpol.dll -> [Ver = 3, 2, 0, 25 | Size = 32256 bytes | Created Date = 4/6/2007 6:30:00 PM | Attr = ]
spra0405.dll -> %System32%\dllcache\spra0405.dll -> Spolecnost Microsoft [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 189440 bytes | Created Date = 4/6/2007 6:31:05 PM | Attr = ]
spra0419.dll -> %System32%\dllcache\spra0419.dll -> ?????????? ?????????? [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 193024 bytes | Created Date = 4/6/2007 6:31:05 PM | Attr = ]
sstub.dll -> %System32%\dllcache\sstub.dll -> [Ver = 3, 2, 0, 25 | Size = 30720 bytes | Created Date = 4/6/2007 6:29:59 PM | Attr = ]
sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1082436 bytes | Created Date = 4/6/2007 6:27:34 PM | Attr = ]
t2embed.dll -> %System32%\dllcache\t2embed.dll -> Microsoft Corp. [Ver = 0, 2, 0, 81 | Size = 198656 bytes | Created Date = 4/6/2007 6:28:15 PM | Attr = ]
tahoma.ttf -> %System32%\dllcache\tahoma.ttf -> [Ver = | Size = 379588 bytes | Created Date = 4/6/2007 6:29:45 PM | Attr = ]
tahomabd.ttf -> %System32%\dllcache\tahomabd.ttf -> [Ver = | Size = 352020 bytes | Created Date = 4/6/2007 6:29:45 PM | Attr = ]
tshoot.dll -> %System32%\dllcache\tshoot.dll -> [Ver = 3.2.0.27 | Size = 262656 bytes | Created Date = 4/6/2007 6:29:57 PM | Attr = ]
twain_32.dll -> %System32%\dllcache\twain_32.dll -> Twain Working Group [Ver = 1,7,1,0 | Size = 46592 bytes | Created Date = 4/6/2007 6:29:42 PM | Attr = ]
ati2mtaa.sys -> %System32%\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 450176 bytes | Created Date = 4/6/2007 6:30:59 PM | Attr = ]
atinbtxx.sys -> %System32%\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56591 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
atinmdxx.sys -> %System32%\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 4/6/2007 6:31:02 PM | Attr = ]
atinpdxx.sys -> %System32%\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
atinraxx.sys -> %System32%\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 4/6/2007 6:31:01 PM | Attr = ]
atinrvxx.sys -> %System32%\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinsnxx.sys -> %System32%\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinttxx.sys -> %System32%\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 4/6/2007 6:31:03 PM | Attr = ]
atintuxx.sys -> %System32%\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 4/6/2007 6:30:58 PM | Attr = ]
atinxbxx.sys -> %System32%\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 4/6/2007 6:30:57 PM | Attr = ]
atinxsxx.sys -> %System32%\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 4/6/2007 6:31:00 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/31/2007 9:19:03 AM | Attr = ]
cmdmon.sys -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Created Date = 4/4/2007 7:57:59 AM | Attr = ]
dmboot.sys -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Created Date = 4/6/2007 6:27:47 PM | Attr = ]
dmio.sys -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Created Date = 4/6/2007 6:27:47 PM | Attr = ]
inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Created Date = 4/4/2007 7:57:59 AM | Attr = ]
Comodo -> %AllUsersAppData%\Comodo -> [Folder | Created Date = 4/4/2007 7:59:40 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 3/31/2007 9:20:05 AM | Attr = ]
Comodo -> %UserAppData%\Comodo -> [Folder | Created Date = 4/4/2007 7:59:45 AM | Attr = ]
Lavasoft -> %UserAppData%\Lavasoft -> [Folder | Created Date = 3/31/2007 10:21:05 AM | Attr = ]
Mozilla -> %LocalAppData%\Mozilla -> [Folder | Created Date = 4/3/2007 11:28:29 PM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 3/31/2007 9:19:05 AM | Attr = ]
COMODO Firewall Pro.lnk -> %AllUsersDesktop%\COMODO Firewall Pro.lnk -> [Ver = | Size = 1588 bytes | Created Date = 4/4/2007 7:58:11 AM | Attr = ]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 4/3/2007 11:40:41 PM | Attr = ]
banyo.bmp -> %UserDesktop%\banyo.bmp -> [Ver = | Size = 518454 bytes | Created Date = 4/4/2007 1:05:05 AM | Attr = ]
banyo2.bmp -> %UserDesktop%\banyo2.bmp -> [Ver = | Size = 518454 bytes | Created Date = 4/4/2007 1:05:30 AM | Attr = ]
bc550.pdf -> %UserDesktop%\bc550.pdf -> [Ver = | Size = 49444 bytes | Created Date = 4/6/2007 12:52:49 PM | Attr = ]
bf245.pdf -> %UserDesktop%\bf245.pdf -> [Ver = | Size = 187125 bytes | Created Date = 4/6/2007 12:54:47 PM | Attr = ]
contact number.doc -> %UserDesktop%\contact number.doc -> [Ver = | Size = 20480 bytes | Created Date = 4/4/2007 10:56:56 AM | Attr = ]
Image(04).jpg -> %UserDesktop%\Image(04).jpg -> [Ver = | Size = 102572 bytes | Created Date = 4/4/2007 1:03:05 AM | Attr = ]
Image(05).jpg -> %UserDesktop%\Image(05).jpg -> [Ver = | Size = 104148 bytes | Created Date = 4/4/2007 1:03:05 AM | Attr = ]
LimeWire PRO 4.9.23.lnk -> %UserDesktop%\LimeWire PRO 4.9.23.lnk -> [Ver = | Size = 1588 bytes | Created Date = 4/5/2007 1:44:11 PM | Attr = ]
mama -> %UserDesktop%\mama -> [Folder | Created Date = 3/31/2007 8:59:58 PM | Attr = ]
SDFix -> %UserDesktop%\SDFix -> [Folder | Created Date = 4/5/2007 6:40:55 PM | Attr = ]
solution.doc -> %UserDesktop%\solution.doc -> [Ver = | Size = 26624 bytes | Created Date = 4/6/2007 9:52:11 PM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 3/31/2007 9:20:05 AM | Attr = ]
spybot.doc -> %UserDesktop%\spybot.doc -> [Ver = | Size = 20992 bytes | Created Date = 3/31/2007 8:30:01 AM | Attr = ]
spyware -> %UserDesktop%\spyware -> [Folder | Created Date = 3/31/2007 9:07:19 AM | Attr = ]
SpywareBlaster.lnk -> %UserDesktop%\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Created Date = 3/31/2007 11:10:48 PM | Attr = ]
videos -> %UserDesktop%\videos -> [Folder | Created Date = 3/31/2007 10:28:21 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 4/5/2007 6:55:39 PM | Attr = ]
GetRight - Tray Icon.lnk -> %AllUsersStartup%\GetRight - Tray Icon.lnk -> [Ver = | Size = 694 bytes | Created Date = 4/6/2007 1:07:21 PM | Attr = ]
Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 4/6/2007 1:07:03 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 4/4/2007 7:30:02 AM | Attr = ]



[Files/Folders - Modified Within 30 days]
Converted Music -> %SystemDrive%\Converted Music -> [Folder | Modified Date = 4/4/2007 3:29:32 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 4/6/2007 5:01:20 PM | Attr = ]
NTDETECT.COM -> %SystemDrive%\NTDETECT.COM -> [Ver = | Size = 47580 bytes | Modified Date = 4/6/2007 7:52:14 PM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/6/2007 8:13:20 PM | Attr = R ]
SnakeScorpion8 -> %SystemDrive%\SnakeScorpion8 -> [Folder | Modified Date = 4/4/2007 2:02:04 AM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/7/2007 9:35:30 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/3/2007 9:43:54 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/7/2007 10:48:32 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/7/2007 9:40:42 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/1/2007 9:04:30 AM | Attr = H ]
$NtUninstallKB894391$ -> %SystemRoot%\$NtUninstallKB894391$ -> [Folder | Modified Date = 4/1/2007 9:04:34 AM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/6/2007 8:05:56 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/7/2007 9:40:40 AM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/7/2007 9:20:40 AM | Attr = ]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 4/6/2007 7:53:12 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/6/2007 8:05:58 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/6/2007 7:53:20 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 4/6/2007 7:53:22 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/6/2007 7:53:38 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/4/2007 1:43:28 PM | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 4/6/2007 7:52:00 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/7/2007 9:40:42 AM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/6/2007 7:53:38 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 4/3/2007 2:36:14 PM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Modified Date = 4/6/2007 10:12:22 AM | Attr = ]
peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 4/6/2007 7:52:00 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/7/2007 9:28:40 AM | Attr = ]
provisioning -> %SystemRoot%\provisioning -> [Folder | Modified Date = 4/6/2007 7:48:38 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/30/2007 11:45:34 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/5/2007 2:43:20 AM | Attr = H ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 4/6/2007 7:40:28 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 4/6/2007 7:55:52 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 4/6/2007 7:55:52 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 4/7/2007 9:31:12 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/6/2007 8:06:34 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/7/2007 9:25:48 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 4/6/2007 8:01:00 PM | Attr = R ]
Wininit.ini -> %SystemRoot%\Wininit.ini -> [Ver = | Size = 77 bytes | Modified Date = 4/6/2007 8:13:18 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/6/2007 7:50:04 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 4/6/2007 8:09:36 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/7/2007 9:36:26 AM | Attr = H ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 4/6/2007 8:07:48 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 4/6/2007 8:03:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/6/2007 8:11:40 PM | Attr = ]
Com -> %System32%\Com -> [Folder | Modifi

#15 hxm

hxm
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 06 April 2007 - 09:12 PM

Com -> %System32%\Com -> [Folder | Modified Date = 4/6/2007 7:58:18 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 4/5/2007 8:32:36 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/6/2007 8:00:44 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4/6/2007 8:00:46 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 200936 bytes | Modified Date = 4/6/2007 8:06:12 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 4/6/2007 7:52:12 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Modified Date = 3/14/2007 12:31:24 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Modified Date = 3/14/2007 2:04:46 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Modified Date = 3/14/2007 12:31:28 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Modified Date = 3/14/2007 2:04:46 AM | Attr = ]
npp -> %System32%\npp -> [Folder | Modified Date = 4/6/2007 8:00:48 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 4/6/2007 8:07:48 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 88566 bytes | Modified Date = 4/7/2007 9:20:24 AM | Attr = ]
oobe -> %System32%\oobe -> [Folder | Modified Date = 4/6/2007 8:00:48 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 40196 bytes | Modified Date = 4/3/2007 8:21:20 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 311934 bytes | Modified Date = 4/3/2007 8:21:20 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 4/3/2007 8:21:20 AM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 4/6/2007 7:34:08 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/7/2007 9:35:30 AM | Attr = ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 4/6/2007 8:00:50 PM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Modified Date = 4/6/2007 8:00:52 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 4/6/2007 8:06:10 PM | Attr = ]
wmpscheme.xml -> %System32%\wmpscheme.xml -> [Ver = | Size = 25065 bytes | Modified Date = 4/6/2007 8:08:02 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 4/4/2007 1:39:22 PM | Attr = ]
cmdmon.sys -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Modified Date = 4/4/2007 8:58:00 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/6/2007 8:57:42 PM | Attr = ]
inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 4/4/2007 8:58:00 AM | Attr = ]
Comodo -> %AllUsersAppData%\Comodo -> [Folder | Modified Date = 4/4/2007 8:59:42 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 4/4/2007 8:50:12 AM | Attr = ]
Comodo -> %UserAppData%\Comodo -> [Folder | Modified Date = 4/4/2007 8:59:50 AM | Attr = ]
Lavasoft -> %UserAppData%\Lavasoft -> [Folder | Modified Date = 3/31/2007 11:21:06 AM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 4/5/2007 4:05:30 PM | Attr = S]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 185856 bytes | Modified Date = 4/5/2007 2:40:22 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4311482 bytes | Modified Date = 4/7/2007 9:35:48 AM | Attr = H ]
Mozilla -> %LocalAppData%\Mozilla -> [Folder | Modified Date = 4/4/2007 12:28:30 AM | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 4/6/2007 7:51:32 PM | Attr = R ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 3/31/2007 10:19:06 AM | Attr = ]
COMODO Firewall Pro.lnk -> %AllUsersDesktop%\COMODO Firewall Pro.lnk -> [Ver = | Size = 1588 bytes | Modified Date = 4/4/2007 8:58:12 AM | Attr = ]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 4/4/2007 12:40:42 AM | Attr = ]
AUDIO -> %UserDesktop%\AUDIO -> [Folder | Modified Date = 4/1/2007 9:02:34 AM | Attr = ]
avast -> %UserDesktop%\avast -> [Folder | Modified Date = 4/1/2007 9:03:02 AM | Attr = ]
banyo.bmp -> %UserDesktop%\banyo.bmp -> [Ver = | Size = 518454 bytes | Modified Date = 4/4/2007 2:05:06 AM | Attr = ]
banyo2.bmp -> %UserDesktop%\banyo2.bmp -> [Ver = | Size = 518454 bytes | Modified Date = 4/4/2007 2:05:32 AM | Attr = ]
bc550.pdf -> %UserDesktop%\bc550.pdf -> [Ver = | Size = 49444 bytes | Modified Date = 4/6/2007 1:52:50 PM | Attr = ]
bf245.pdf -> %UserDesktop%\bf245.pdf -> [Ver = | Size = 187125 bytes | Modified Date = 4/6/2007 1:54:48 PM | Attr = ]
contact number.doc -> %UserDesktop%\contact number.doc -> [Ver = | Size = 20480 bytes | Modified Date = 4/4/2007 11:56:58 AM | Attr = ]
jam -> %UserDesktop%\jam -> [Folder | Modified Date = 4/5/2007 3:07:32 PM | Attr = ]
LimeWire PRO 4.9.23.lnk -> %UserDesktop%\LimeWire PRO 4.9.23.lnk -> [Ver = | Size = 1588 bytes | Modified Date = 4/5/2007 2:44:12 PM | Attr = ]
mama -> %UserDesktop%\mama -> [Folder | Modified Date = 4/6/2007 6:39:26 PM | Attr = ]
question -> %UserDesktop%\question -> [Folder | Modified Date = 3/31/2007 8:28:06 AM | Attr = ]
SDFix -> %UserDesktop%\SDFix -> [Folder | Modified Date = 4/6/2007 9:03:42 PM | Attr = ]
solution.doc -> %UserDesktop%\solution.doc -> [Ver = | Size = 26624 bytes | Modified Date = 4/6/2007 10:52:12 PM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 3/31/2007 10:20:06 AM | Attr = ]
spybot.doc -> %UserDesktop%\spybot.doc -> [Ver = | Size = 20992 bytes | Modified Date = 3/31/2007 9:30:02 AM | Attr = ]
spyware -> %UserDesktop%\spyware -> [Folder | Modified Date = 4/6/2007 6:39:04 PM | Attr = ]
SpywareBlaster.lnk -> %UserDesktop%\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Modified Date = 4/1/2007 12:10:50 AM | Attr = ]
videos -> %UserDesktop%\videos -> [Folder | Modified Date = 3/31/2007 11:29:18 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 4/7/2007 10:49:16 AM | Attr = ]
GetRight - Tray Icon.lnk -> %AllUsersStartup%\GetRight - Tray Icon.lnk -> [Ver = | Size = 694 bytes | Modified Date = 4/6/2007 2:07:22 PM | Attr = ]
Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 4/6/2007 2:07:04 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 3/31/2007 1:05:38 PM | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 4/6/2007 7:52:44 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 4/4/2007 8:30:04 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 936, 0 | Size = 689280 bytes | Modified Date = 1/15/2007 10:32:08 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 7/12/2005 7:04:22 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
UPX! , UPX0 , -> %UserDocuments%\NIS06910.exe -> [Ver = | Size = 45450744 bytes | Modified Date = 6/8/2006 11:05:22 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->
WSUD , -> %UserDesktop%\dist -> [Ver = | Size = 15172037 bytes | Modified Date = 11/4/2004 12:27:12 PM | Attr = ]

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users