Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cpu Usage Abnormally High


  • Please log in to reply
8 replies to this topic

#1 lovingtahoe

lovingtahoe

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:South Lake Tahoe
  • Local time:02:25 AM

Posted 27 April 2007 - 05:29 PM

Hello,

In the last few days I have noticed that CPU usage has been at 50-60% with no programs open. I use to have 3-4%. I have run Shield AntiVirus, Spybot, Adaware, Spyware Blaster and the Ultimate Trouble Shooter... No luck in fonding what may be the culprit. Any and all advice/help is much appreciated.



Thank-you,

Melissa



Logfile of HijackThis v1.99.1

Scan saved at 2:51:02 PM, on 4/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe

C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe

C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\photos\hijackthis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL

O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main

O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe

O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173553545062

O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll

O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll

O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)

O23 - Service: nmservice - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:25 AM

Posted 03 May 2007 - 05:45 PM

Hello lovingtahoe and welcome to the BC HijackThis forum. Let's look at this with a different scanner.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • In the Registry group select All (leave all other settings at their defaults)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 lovingtahoe

lovingtahoe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:South Lake Tahoe
  • Local time:02:25 AM

Posted 03 May 2007 - 06:42 PM

Here is the log that you instructed me to post. By the way, THANK-YOU, THANK-YOU, THANK-YOU for taking the time to even try to help me! I appreciate your help.


WinPFind3 logfile created on: 5/3/2007 4:11:31 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Owner\Desktop\photos\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1013.59 Mb Total Physical Memory | 615.12 Mb Available Physical Memory | 60.69% Memory free
2.38 Gb Paging File | 2.14 Gb Available in Paging File | 89.76% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.50 Gb Total Space | 201.36 Gb Free Space | 88.12% Space Free
Drive D: | 4.37 Gb Total Space | 1.48 Gb Free Space | 33.80% Space Free
Drive E: | 2.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: JEZEBEL
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
firewall.exe -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FireWall.exe -> NextAisle [Ver = 2, 1, 0, 0 | Size = 405504 bytes | Modified Date = 8/4/2004 9:13:28 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4308 | Size = 114688 bytes | Modified Date = 4/25/2005 11:32:52 AM | Attr = ]
prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 2/7/2007 10:12:12 AM | Attr = ]
vrmonnt.exe -> %ProgramFiles%\PCSECURITYSHIELD\SHIELDANTIVIRUS\vrmonnt.exe -> HAURI [Ver = 2006, 1, 18, 1 | Size = 249916 bytes | Modified Date = 1/18/2006 6:07:58 PM | Attr = ]
vrmonsvc.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/31/2006 11:56:38 AM | Attr = ]
vrres.exe -> %ProgramFiles%\PCSECURITYSHIELD\SHIELDANTIVIRUS\VrRes.exe -> ©HAURI [Ver = 2002, 10, 5, 1 | Size = 266304 bytes | Modified Date = 3/11/2004 1:00:00 PM | Attr = ]
wbload.exe -> %ProgramFiles%\AlienGUIse\wbload.exe -> Stardock Systems, Inc [Ver = 4.51 | Size = 437760 bytes | Modified Date = 5/12/2005 12:02:24 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\photos\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\photos\winpfind3u.exe -> [Ver = | Size = 353274 bytes | Modified Date = 5/3/2007 4:08:32 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2/9/2007 3:51:48 PM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.000 | Size = 69632 bytes | Modified Date = 2/9/2007 4:32:42 PM | Attr = ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 10/14/2006 8:21:04 PM | Attr = ]
(nmservice) nmservice [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 11/1/2006 1:04:02 AM | Attr = ]
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> File not found
(PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 2/7/2007 10:12:12 AM | Attr = ]
(vrmonsvc) ViRobot Expert Monitoring [Win32_Own | Auto | Running] -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/31/2006 11:56:38 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
dwStart -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FireWall.exe -> NextAisle [Ver = 2, 1, 0, 0 | Size = 405504 bytes | Modified Date = 8/4/2004 9:13:28 PM | Attr = ]
IntelAudioStudio -> %ProgramFiles%\Intel Audio Studio\IntelAudioStudio.exe -> Intel Corporation [Ver = 1.05.0076 | Size = 7090176 bytes | Modified Date = 7/20/2005 1:55:24 AM | Attr = ]
Persistence -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4308 | Size = 114688 bytes | Modified Date = 4/25/2005 11:32:52 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 12:42:26 AM | Attr = ]
SigmatelSysTrayApp -> sttray.exe -> File not found
Vrmon -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonnt.exe -> HAURI [Ver = 2006, 1, 18, 1 | Size = 249916 bytes | Modified Date = 1/18/2006 6:07:58 PM | Attr = ]
VrSchedule -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\VrRes.exe -> ©HAURI [Ver = 2002, 10, 5, 1 | Size = 266304 bytes | Modified Date = 3/11/2004 1:00:00 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 11:27:44 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
WB -> %ProgramFiles%\AlienGUIse\fastload.dll -> Stardock [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 12/21/2001 12:34:52 AM | Attr = ]
winjgf32 -> winjgf32.dll -> File not found
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> *.local ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 2:56:50 AM | Attr = ]
{316AEF8D-3C37-423E-9E6E-13820A9DC37A} [HKLM] -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\IrlOnIE.dll [EyeOnIE Class] -> [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Modified Date = 1/14/2004 4:19:48 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
{E22F9B9D-1A1F-473E-BED6-D8BC152441F4} [HKLM] -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FarPopupBlocker.dll [PopupBlocker Class] -> [Ver = 1.0.0.1 | Size = 77824 bytes | Modified Date = 8/4/2004 9:10:30 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{8C6C6617-B552-43DB-87FE-D43CAE2DFB2E} -> (Intel® PRO/100 VE Network Connection) ->
{E73661F3-C3F6-498C-8F5D-E904D18AB9D3} -> () ->
{F88B7CE3-5D14-4165-B43E-CCBDAB0CEE4F} -> (1394 Net Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -> FFarLsp.dll -> File not found
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
pure-go -> %CommonProgramFiles%\Pure Networks Shared\puresp3.dll -> Pure Networks, Inc. [Ver = 4.0.6305.0 | Size = 71232 bytes | Modified Date = 11/9/2006 2:37:38 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9...heckControl.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1173553545062 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{407408d4-94ed-4d86-ab69-a7f649d112ee} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->
>{7715C0A7-4389-4AC6-9944-131E9822270F} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{4EB37360-49E8-11D3-95B5-004033382980} [HKLM] -> %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip 4.0 Context Menu Shell Extension] -> ESTsoft [Ver = 6.11.27.111 | Size = 168960 bytes | Modified Date = 12/5/2006 10:02:06 PM | Attr = ]
< BotCheck > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 892 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> @W:8x63447ff9
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> RY ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 9Ƃ,2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> LRm'Hm`a ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> `rK ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings\\AllowInboundEchoRequest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\updatewin2k4.exe -> c:\windows\system32\updatewin2k4.exe:*:Enabled:updatewin2k4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundEchoRequest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 3:20:02 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{4EB37360-49E8-11D3-95B5-004033382980} [HKLM] -> %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip] -> ESTsoft [Ver = 6.11.27.111 | Size = 168960 bytes | Modified Date = 12/5/2006 10:02:06 PM | Attr = ]
{734028e4-d909-4130-92ed-74f1d8e0b9dc} [HKLM] -> Reg Data - Key not found [ViRobot Expert] -> File not found
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %SystemDrive%\My Backup -- 07-02-07 0944AM\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 9/1/2006 11:00:00 AM | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{2D7D2770-1C6E-442C-857F-9F285495863F} [HKLM] -> %System32%\WipeAllCom.dll [WipeAllCom] -> [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 7/27/2004 8:59:18 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\
"C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Bookmark] -> Nullsoft [Ver = 5,3,2,1003 | Size = 1118720 bytes | Modified Date = 11/21/2006 10:39:48 AM | Attr = ]
"C:\Program Files\Winamp\winamp.exe" /ADD "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Enqueue] -> Nullsoft [Ver = 5,3,2,1003 | Size = 1118720 bytes | Modified Date = 11/21/2006 10:39:48 AM | Attr = ]
"C:\Program Files\Winamp\winamp.exe" "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Play] -> Nullsoft [Ver = 5,3,2,1003 | Size = 1118720 bytes | Modified Date = 11/21/2006 10:39:48 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 11/9/2006 2:17:54 AM | Attr = ]
{4EB37360-49E8-11D3-95B5-004033382980} [HKLM] -> %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip] -> ESTsoft [Ver = 6.11.27.111 | Size = 168960 bytes | Modified Date = 12/5/2006 10:02:06 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %SystemDrive%\My Backup -- 07-02-07 0944AM\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 9/1/2006 11:00:00 AM | Attr = ]
{2D7D2770-1C6E-442C-857F-9F285495863F} [HKLM] -> %System32%\WipeAllCom.dll [WipeAllCom] -> [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 7/27/2004 8:59:18 PM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 11/9/2006 2:17:54 AM | Attr = ]
{4EB37360-49E8-11D3-95B5-004033382980} [HKLM] -> %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip] -> ESTsoft [Ver = 6.11.27.111 | Size = 168960 bytes | Modified Date = 12/5/2006 10:02:06 PM | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4308 | Size = 143360 bytes | Modified Date = 4/25/2005 11:31:56 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 11/9/2006 2:17:54 AM | Attr = ]
{4EB37360-49E8-11D3-95B5-004033382980} [HKLM] -> %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip] -> ESTsoft [Ver = 6.11.27.111 | Size = 168960 bytes | Modified Date = 12/5/2006 10:02:06 PM | Attr = ]
{734028e4-d909-4130-92ed-74f1d8e0b9dc} [HKLM] -> Reg Data - Key not found [ViRobot Expert] -> File not found
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %SystemDrive%\My Backup -- 07-02-07 0944AM\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 9/1/2006 11:00:00 AM | Attr = ]
{2D7D2770-1C6E-442C-857F-9F285495863F} [HKLM] -> %System32%\WipeAllCom.dll [WipeAllCom] -> [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 7/27/2004 8:59:18 PM | Attr = ]
< ControlSets > ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{4982D40A-C53B-4615-B15B-B5B5E98D167C} -> 8192 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8195 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\HomePage -> 0 ->
< Security Settings > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:25 AM

Posted 03 May 2007 - 07:16 PM

Hi lovingtahoe. Here's what I need you to do.

Start WinPFind3u. On the left-hand side of the screen where it says Registry, click the All option inside the group box. Leave all other options at their defaults (do not click the Select All option on the right-hand side of the screen).

Now click the Run Scan button near the top-left corner. When the scan is complete and Notepad opens with the log in it, copy/paste the log back here. After you post the log, scroll down to the bottom of the post. If the last last does not say < end of report >, then the log is too big to fit into one post. Go back to the log file and find the last line that shows in the post and starting from there copy/paste the rest of the log into a 2nd post.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 lovingtahoe

lovingtahoe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:South Lake Tahoe
  • Local time:02:25 AM

Posted 03 May 2007 - 07:25 PM

Ok, here you go. I believe that this time, I followed your directions correctly. thank-you Old Timer.


WinPFind3 logfile created on: 5/3/2007 5:18:08 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Owner\Desktop\photos\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1013.59 Mb Total Physical Memory | 615.23 Mb Available Physical Memory | 60.70% Memory free
2.38 Gb Paging File | 2.14 Gb Available in Paging File | 89.80% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.50 Gb Total Space | 201.36 Gb Free Space | 88.12% Space Free
Drive D: | 4.37 Gb Total Space | 1.48 Gb Free Space | 33.80% Space Free
Drive E: | 2.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: JEZEBEL
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
firewall.exe -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FireWall.exe -> NextAisle [Ver = 2, 1, 0, 0 | Size = 405504 bytes | Modified Date = 8/4/2004 9:13:28 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4308 | Size = 114688 bytes | Modified Date = 4/25/2005 11:32:52 AM | Attr = ]
prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 2/7/2007 10:12:12 AM | Attr = ]
vrmonnt.exe -> %ProgramFiles%\PCSECURITYSHIELD\SHIELDANTIVIRUS\vrmonnt.exe -> HAURI [Ver = 2006, 1, 18, 1 | Size = 249916 bytes | Modified Date = 1/18/2006 6:07:58 PM | Attr = ]
vrmonsvc.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/31/2006 11:56:38 AM | Attr = ]
vrres.exe -> %ProgramFiles%\PCSECURITYSHIELD\SHIELDANTIVIRUS\VrRes.exe -> ©HAURI [Ver = 2002, 10, 5, 1 | Size = 266304 bytes | Modified Date = 3/11/2004 1:00:00 PM | Attr = ]
wbload.exe -> %ProgramFiles%\AlienGUIse\wbload.exe -> Stardock Systems, Inc [Ver = 4.51 | Size = 437760 bytes | Modified Date = 5/12/2005 12:02:24 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\photos\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2/9/2007 3:51:48 PM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.000 | Size = 69632 bytes | Modified Date = 2/9/2007 4:32:42 PM | Attr = ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 10/14/2006 8:21:04 PM | Attr = ]
(nmservice) nmservice [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 11/1/2006 1:04:02 AM | Attr = ]
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> File not found
(PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 2/7/2007 10:12:12 AM | Attr = ]
(vrmonsvc) ViRobot Expert Monitoring [Win32_Own | Auto | Running] -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/31/2006 11:56:38 AM | Attr = ]

[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
dwStart -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FireWall.exe -> NextAisle [Ver = 2, 1, 0, 0 | Size = 405504 bytes | Modified Date = 8/4/2004 9:13:28 PM | Attr = ]
IntelAudioStudio -> %ProgramFiles%\Intel Audio Studio\IntelAudioStudio.exe -> Intel Corporation [Ver = 1.05.0076 | Size = 7090176 bytes | Modified Date = 7/20/2005 1:55:24 AM | Attr = ]
Persistence -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4308 | Size = 114688 bytes | Modified Date = 4/25/2005 11:32:52 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 12:42:26 AM | Attr = ]
SigmatelSysTrayApp -> sttray.exe -> File not found
Vrmon -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonnt.exe -> HAURI [Ver = 2006, 1, 18, 1 | Size = 249916 bytes | Modified Date = 1/18/2006 6:07:58 PM | Attr = ]
VrSchedule -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\VrRes.exe -> ©HAURI [Ver = 2002, 10, 5, 1 | Size = 266304 bytes | Modified Date = 3/11/2004 1:00:00 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 11:27:44 PM | Attr = ]
< IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> %System32%\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
{7849596a-48ea-486e-8937-a2a3009f31a9} [HKLM] -> %System32%\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
{35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 231424 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} [HKLM] -> %System32%\WPDShServiceObj.dll [WPDShServiceObj] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 133632 bytes | Modified Date = 10/18/2006 10:47:22 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
{8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 86016 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
schannel.dll -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 290816 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %System32%\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
shell32 -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
"sysdm.cpl" -> %System32%\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
crypt32chain -> %System32%\crypt32.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
cryptnet -> %System32%\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
ScCertProp -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Schedule -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
termsrv -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
WB -> %ProgramFiles%\AlienGUIse\fastload.dll -> Stardock [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 12/21/2001 12:34:52 AM | Attr = ]
winjgf32 -> winjgf32.dll -> File not found
wlballoon -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://yahoo.com/ ->
HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 6049280 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> *.local ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 2:56:50 AM | Attr = ]
{316AEF8D-3C37-423E-9E6E-13820A9DC37A} [HKLM] -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\IrlOnIE.dll [EyeOnIE Class] -> [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Modified Date = 1/14/2004 4:19:48 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
{E22F9B9D-1A1F-473E-BED6-D8BC152441F4} [HKLM] -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FarPopupBlocker.dll [PopupBlocker Class] -> [Ver = 1.0.0.1 | Size = 77824 bytes | Modified Date = 8/4/2004 9:10:30 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4D5C8C25-D075-11d0-B416-00C04FB90376} [HKLM] -> %System32%\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} [HKLM] -> %System32%\shdocvw.dll [Real.com] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\shell32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{8C6C6617-B552-43DB-87FE-D43CAE2DFB2E} -> (Intel® PRO/100 VE Network Connection) ->
{E73661F3-C3F6-498C-8F5D-E904D18AB9D3} -> () ->
{F88B7CE3-5D14-4165-B43E-CCBDAB0CEE4F} -> (1394 Net Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %System32%\winrnr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> FFarLsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000025 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000026 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000027 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000028 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000029 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000030 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
about -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
cdl -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
dvd -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2715.3011 (xpsp(wmbla).061009-1511) | Size = 1669632 bytes | Modified Date = 10/9/2006 5:15:52 PM | Attr = ]
file -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
ftp -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
gopher -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
http -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
http\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
http\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
https -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
https\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
https\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
ipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.1221 (dnsrv.040715-2015) | Size = 134144 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
javascript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
local -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
mailto -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
mhtml -> %System32%\inetcomm.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 678400 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
mk -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
msdaipp -> Reg Data - Key not found -> File not found
msdaipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
msdaipp\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
ms-its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.1221 (dnsrv.040715-2015) | Size = 134144 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
ms-itss -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\msitss.dll -> Microsoft Corporation [Ver = 5.40.1171.1 | Size = 221184 bytes | Modified Date = 6/20/2001 12:26:46 PM | Attr = ]
mso-offdap11 -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL -> Microsoft Corporation [Ver = 11.0.6255 | Size = 8140480 bytes | Modified Date = 3/22/2004 7:58:02 PM | Attr = ]
pure-go -> %CommonProgramFiles%\Pure Networks Shared\puresp3.dll -> Pure Networks, Inc. [Ver = 4.0.6305.0 | Size = 71232 bytes | Modified Date = 11/9/2006 2:37:38 AM | Attr = ]
res -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
sysimage -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
tv -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2715.3011 (xpsp(wmbla).061009-1511) | Size = 1669632 bytes | Modified Date = 10/9/2006 5:15:52 PM | Attr = ]
vbscript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
wia -> %System32%\wiascr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75776 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\
application/octet-stream -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
application/x-complus -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
application/x-msdownload -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
Class Install Handler -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
deflate -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
gzip -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
lzdhtml -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
text/webviewhtml -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
text/xml -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -> Microsoft Corporation [Ver = 11.0.5510 | Size = 39488 bytes | Modified Date = 7/14/2003 11:45:12 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9...heckControl.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1173553545062 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 4/19/2007 2:08:09 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1062903808 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
setup.iss -> %SystemRoot%\setup.iss -> [Ver = | Size = 260 bytes | Created Date = 4/19/2007 4:01:38 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 4/25/2007 8:21:45 AM | Attr = ]
DonationCoder_rokusnooper_InstallInfo.dat -> %System32%\DonationCoder_rokusnooper_InstallInfo.dat -> [Ver = | Size = 46 bytes | Created Date = 4/18/2007 3:12:38 PM | Attr = ]
ExGrid.dll -> %System32%\ExGrid.dll -> Exontrol Inc. [Ver = 4, 0, 0, 2 | Size = 1658880 bytes | Created Date = 4/24/2007 12:03:19 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/25/2007 8:22:52 AM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1062903808 bytes | Modified Date = 5/3/2007 10:14:28 AM | Attr = HS]
My Backup -- 07-02-07 0944AM -> %SystemDrive%\My Backup -- 07-02-07 0944AM -> [Folder | Modified Date = 4/27/2007 1:58:08 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/3/2007 10:42:40 AM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/19/2007 10:59:58 AM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/3/2007 10:03:44 AM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/25/2007 8:22:34 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/3/2007 10:14:28 AM | Attr = S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 4/27/2007 1:35:12 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 5/3/2007 10:03:24 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/25/2007 8:22:46 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/3/2007 9:29:56 AM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/18/2007 5:56:44 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 5/3/2007 10:39:16 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/3/2007 4:39:40 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/20/2007 1:24:18 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/19/2007 5:00:54 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 4/25/2007 7:34:42 PM | Attr = ]
setup.iss -> %SystemRoot%\setup.iss -> [Ver = | Size = 260 bytes | Modified Date = 4/19/2007 5:01:44 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/3/2007 10:42:40 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/3/2007 1:01:22 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/25/2007 8:22:26 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/3/2007 10:14:30 AM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/3/2007 10:39:14 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 4/25/2007 7:15:02 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/19/2007 11:02:12 AM | Attr = RHS]
DonationCoder_rokusnooper_InstallInfo.dat -> %System32%\DonationCoder_rokusnooper_InstallInfo.dat -> [Ver = | Size = 46 bytes | Modified Date = 4/18/2007 4:12:40 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4/24/2007 12:01:58 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 57520 bytes | Modified Date = 4/25/2007 8:22:46 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 391950 bytes | Modified Date = 4/25/2007 8:22:46 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 444832 bytes | Modified Date = 4/19/2007 5:00:28 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/19/2007 10:59:58 AM | Attr = ]
URTTemp -> %System32%\URTTemp -> [Folder | Modified Date = 4/19/2007 5:00:34 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 5/1/2007 1:09:36 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/19/2007 11:02:08 AM | Attr = ]
vrcore.sys -> %System32%\drivers\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2007,05,03,71 | Size = 3504064 bytes | Modified Date = 5/3/2007 1:01:04 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\ViRobot.dll -> (?)??? [Ver = 2005, 11, 16, 442 | Size = 187392 bytes | Modified Date = 11/17/2005 5:24:26 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\vrad.dll -> HAURI [Ver = 2005, 6, 2, 18 | Size = 59904 bytes | Modified Date = 11/17/2005 5:24:38 PM | Attr = ]
aspack , -> %System32%\ALZALZ.BIN -> [Ver = | Size = 62464 bytes | Modified Date = 3/29/2006 8:43:36 AM | Attr = ]
aspack , -> %System32%\ALZZip.BIN -> [Ver = | Size = 42496 bytes | Modified Date = 3/29/2006 8:43:38 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\eSellerateEngine.dll -> eSellerate Inc. [Ver = 3.6.2.8 | Size = 151552 bytes | Modified Date = 10/11/2005 2:40:52 PM | Attr = ]
UPX! , UPX0 , -> %System32%\eWebControl.dll -> eSellerate Inc. [Ver = 1.0.2.0 | Size = 57856 bytes | Modified Date = 10/4/2005 8:11:22 AM | Attr = ]
aspack , -> %System32%\HDBHO.dll -> [Ver = | Size = 208896 bytes | Modified Date = 3/27/2003 7:37:34 AM | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ViRobot.dll -> (?)??? [Ver = 2005, 11, 16, 442 | Size = 187392 bytes | Modified Date = 11/17/2005 5:24:26 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrad.dll -> HAURI [Ver = 2005, 6, 2, 18 | Size = 59904 bytes | Modified Date = 11/17/2005 5:24:38 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrboot.dll -> HAURI Inc. [Ver = 2, 0, 0, 16 | Size = 27136 bytes | Modified Date = 4/28/2005 1:02:00 PM | Attr = ]
UPX! , ad-beh , -> %System32%\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2005,11,16,30 | Size = 2245760 bytes | Modified Date = 11/17/2005 5:24:44 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrrepair.dll -> HAURI Inc. [Ver = 2004, 10, 29, 2 | Size = 103936 bytes | Modified Date = 10/28/2004 1:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrunace.dll -> HAURI Inc. [Ver = 2002, 7, 30, 1 | Size = 72704 bytes | Modified Date = 7/30/2002 4:26:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vruncab.dll -> [Ver = | Size = 57598 bytes | Modified Date = 8/25/1999 8:56:46 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrungzip.dll -> [Ver = | Size = 44032 bytes | Modified Date = 6/20/2001 12:22:52 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrunrar.dll -> HAURI Inc. [Ver = 2002, 7, 30, 1 | Size = 119296 bytes | Modified Date = 7/30/2002 4:44:38 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
UPX! , ad-beh , MZKERNEL32.DLL , -> %System32%\drivers\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2007,05,03,71 | Size = 3504064 bytes | Modified Date = 5/3/2007 1:01:04 PM | Attr = ]

< End of report >

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:25 AM

Posted 03 May 2007 - 08:48 PM

Hi lovingtahoe. That looks better.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> SigmatelSysTrayApp -> sttray.exe
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> winjgf32 -> winjgf32.dll
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
YN -> Protocol_Catalog9\Catalog_Entries\000000000001 -> FFarLsp.dll
YN -> Protocol_Catalog9\Catalog_Entries\000000000002 -> FFarLsp.dll
YN -> Protocol_Catalog9\Catalog_Entries\000000000003 -> FFarLsp.dll
YN -> Protocol_Catalog9\Catalog_Entries\000000000004 -> FFarLsp.dll
YN -> Protocol_Catalog9\Catalog_Entries\000000000005 -> FFarLsp.dll
YN -> Protocol_Catalog9\Catalog_Entries\000000000011 -> FFarLsp.dll


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 lovingtahoe

lovingtahoe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:South Lake Tahoe
  • Local time:02:25 AM

Posted 03 May 2007 - 10:24 PM

Hello Old Timer,

As far as problems... the only issue is the CPU usage. It seems unexplainable. It is staying at 52-60% with only task manager open.

here is the new logfile as well as the fix-report:


[Registry - All]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SigmatelSysTrayApp deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjgf32 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\ LSP stack updated.
< End of log >
Created on 05/03/2007 20:13:07

_______________________________________________________

WinPFind3 logfile created on: 5/3/2007 8:14:30 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Owner\Desktop\photos\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1013.59 Mb Total Physical Memory | 653.38 Mb Available Physical Memory | 64.46% Memory free
2.38 Gb Paging File | 2.17 Gb Available in Paging File | 90.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.50 Gb Total Space | 201.36 Gb Free Space | 88.12% Space Free
Drive D: | 4.37 Gb Total Space | 1.48 Gb Free Space | 33.80% Space Free
Drive E: | 2.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: JEZEBEL
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
firewall.exe -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FireWall.exe -> NextAisle [Ver = 2, 1, 0, 0 | Size = 405504 bytes | Modified Date = 8/4/2004 9:13:28 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4308 | Size = 114688 bytes | Modified Date = 4/25/2005 11:32:52 AM | Attr = ]
nmsrvc.exe -> %ProgramFiles%\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 11/1/2006 1:04:02 AM | Attr = ]
prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 2/7/2007 10:12:12 AM | Attr = ]
vrmonnt.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonnt.exe -> HAURI [Ver = 2006, 1, 18, 1 | Size = 249916 bytes | Modified Date = 1/18/2006 6:07:58 PM | Attr = ]
vrmonsvc.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/31/2006 11:56:38 AM | Attr = ]
vrres.exe -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\VrRes.exe -> ©HAURI [Ver = 2002, 10, 5, 1 | Size = 266304 bytes | Modified Date = 3/11/2004 1:00:00 PM | Attr = ]
wbload.exe -> %ProgramFiles%\AlienGUIse\wbload.exe -> Stardock Systems, Inc [Ver = 4.51 | Size = 437760 bytes | Modified Date = 5/12/2005 12:02:24 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\photos\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2/9/2007 3:51:48 PM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.000 | Size = 69632 bytes | Modified Date = 2/9/2007 4:32:42 PM | Attr = ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 10/14/2006 8:21:04 PM | Attr = ]
(nmservice) nmservice [Win32_Own | Auto | Running] -> %ProgramFiles%\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 11/1/2006 1:04:02 AM | Attr = ]
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> File not found
(PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 2/7/2007 10:12:12 AM | Attr = ]
(vrmonsvc) ViRobot Expert Monitoring [Win32_Own | Auto | Running] -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe -> HAURI [Ver = 2006, 1, 5, 1 | Size = 188416 bytes | Modified Date = 1/31/2006 11:56:38 AM | Attr = ]

[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
dwStart -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FireWall.exe -> NextAisle [Ver = 2, 1, 0, 0 | Size = 405504 bytes | Modified Date = 8/4/2004 9:13:28 PM | Attr = ]
IntelAudioStudio -> %ProgramFiles%\Intel Audio Studio\IntelAudioStudio.exe -> Intel Corporation [Ver = 1.05.0076 | Size = 7090176 bytes | Modified Date = 7/20/2005 1:55:24 AM | Attr = ]
Persistence -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4308 | Size = 114688 bytes | Modified Date = 4/25/2005 11:32:52 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 12:42:26 AM | Attr = ]
Vrmon -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\vrmonnt.exe -> HAURI [Ver = 2006, 1, 18, 1 | Size = 249916 bytes | Modified Date = 1/18/2006 6:07:58 PM | Attr = ]
VrSchedule -> %ProgramFiles%\PCSecurityShield\ShieldAntivirus\VrRes.exe -> ©HAURI [Ver = 2002, 10, 5, 1 | Size = 266304 bytes | Modified Date = 3/11/2004 1:00:00 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 11:27:44 PM | Attr = ]
< IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> %System32%\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
{7849596a-48ea-486e-8937-a2a3009f31a9} [HKLM] -> %System32%\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
{35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 231424 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} [HKLM] -> %System32%\WPDShServiceObj.dll [WPDShServiceObj] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 133632 bytes | Modified Date = 10/18/2006 10:47:22 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
{8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 86016 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
schannel.dll -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 290816 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %System32%\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
shell32 -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
"sysdm.cpl" -> %System32%\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
crypt32chain -> %System32%\crypt32.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
cryptnet -> %System32%\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
ScCertProp -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Schedule -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
termsrv -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
WB -> %ProgramFiles%\AlienGUIse\fastload.dll -> Stardock [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 12/21/2001 12:34:52 AM | Attr = ]
wlballoon -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://yahoo.com/ ->
HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 6049280 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> *.local ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 2:56:50 AM | Attr = ]
{316AEF8D-3C37-423E-9E6E-13820A9DC37A} [HKLM] -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\IrlOnIE.dll [EyeOnIE Class] -> [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Modified Date = 1/14/2004 4:19:48 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
{E22F9B9D-1A1F-473E-BED6-D8BC152441F4} [HKLM] -> %ProgramFiles%\PCSecurityShield\The Shield Firewall\FarPopupBlocker.dll [PopupBlocker Class] -> [Ver = 1.0.0.1 | Size = 77824 bytes | Modified Date = 8/4/2004 9:10:30 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4D5C8C25-D075-11d0-B416-00C04FB90376} [HKLM] -> %System32%\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} [HKLM] -> %System32%\shdocvw.dll [Real.com] -> Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Modified Date = 9/23/2006 1:12:50 PM | Attr = ]
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\shell32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{8C6C6617-B552-43DB-87FE-D43CAE2DFB2E} -> (Intel® PRO/100 VE Network Connection) ->
{E73661F3-C3F6-498C-8F5D-E904D18AB9D3} -> () ->
{F88B7CE3-5D14-4165-B43E-CCBDAB0CEE4F} -> (1394 Net Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %System32%\winrnr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
about -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
cdl -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
dvd -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2715.3011 (xpsp(wmbla).061009-1511) | Size = 1669632 bytes | Modified Date = 10/9/2006 5:15:52 PM | Attr = ]
file -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
ftp -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
gopher -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
http -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
http\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
http\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
https -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
https\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
https\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
ipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.1221 (dnsrv.040715-2015) | Size = 134144 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
javascript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
local -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
mailto -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
mhtml -> %System32%\inetcomm.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 678400 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
mk -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
msdaipp -> Reg Data - Key not found -> File not found
msdaipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
msdaipp\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 3:25:22 AM | Attr = ]
ms-its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.1221 (dnsrv.040715-2015) | Size = 134144 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
ms-itss -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\msitss.dll -> Microsoft Corporation [Ver = 5.40.1171.1 | Size = 221184 bytes | Modified Date = 6/20/2001 12:26:46 PM | Attr = ]
mso-offdap11 -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL -> Microsoft Corporation [Ver = 11.0.6255 | Size = 8140480 bytes | Modified Date = 3/22/2004 7:58:02 PM | Attr = ]
pure-go -> %CommonProgramFiles%\Pure Networks Shared\puresp3.dll -> Pure Networks, Inc. [Ver = 4.0.6305.0 | Size = 71232 bytes | Modified Date = 11/9/2006 2:37:38 AM | Attr = ]
res -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
sysimage -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
tv -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2715.3011 (xpsp(wmbla).061009-1511) | Size = 1669632 bytes | Modified Date = 10/9/2006 5:15:52 PM | Attr = ]
vbscript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 3577856 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
wia -> %System32%\wiascr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75776 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
< Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\
application/octet-stream -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
application/x-complus -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
application/x-msdownload -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
Class Install Handler -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
deflate -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
gzip -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
lzdhtml -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1162240 bytes | Modified Date = 11/7/2006 10:03:36 PM | Attr = ]
text/webviewhtml -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.2620 (xpsp_sp2_gdr.050225-1820) | Size = 8450048 bytes | Modified Date = 2/28/2005 4:11:18 PM | Attr = ]
text/xml -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -> Microsoft Corporation [Ver = 11.0.5510 | Size = 39488 bytes | Modified Date = 7/14/2003 11:45:12 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9...heckControl.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1173553545062 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 4/19/2007 2:08:09 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1062903808 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
setup.iss -> %SystemRoot%\setup.iss -> [Ver = | Size = 260 bytes | Created Date = 4/19/2007 4:01:38 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 4/25/2007 8:21:45 AM | Attr = ]
DonationCoder_rokusnooper_InstallInfo.dat -> %System32%\DonationCoder_rokusnooper_InstallInfo.dat -> [Ver = | Size = 46 bytes | Created Date = 4/18/2007 3:12:38 PM | Attr = ]
ExGrid.dll -> %System32%\ExGrid.dll -> Exontrol Inc. [Ver = 4, 0, 0, 2 | Size = 1658880 bytes | Created Date = 4/24/2007 12:03:19 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/25/2007 8:22:52 AM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1062903808 bytes | Modified Date = 5/3/2007 5:35:40 PM | Attr = HS]
My Backup -- 07-02-07 0944AM -> %SystemDrive%\My Backup -- 07-02-07 0944AM -> [Folder | Modified Date = 4/27/2007 1:58:08 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/3/2007 10:42:40 AM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/19/2007 10:59:58 AM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/3/2007 10:03:44 AM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/25/2007 8:22:34 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/3/2007 5:35:40 PM | Attr = S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 4/27/2007 1:35:12 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 5/3/2007 10:03:24 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/25/2007 8:22:46 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/3/2007 9:29:56 AM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/18/2007 5:56:44 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 5/3/2007 10:39:16 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/3/2007 7:35:24 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/20/2007 1:24:18 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/19/2007 5:00:54 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 4/25/2007 7:34:42 PM | Attr = ]
setup.iss -> %SystemRoot%\setup.iss -> [Ver = | Size = 260 bytes | Modified Date = 4/19/2007 5:01:44 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/3/2007 10:42:40 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/3/2007 8:13:46 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/25/2007 8:22:26 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/3/2007 5:35:42 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/3/2007 10:39:14 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 4/25/2007 7:15:02 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 4/19/2007 11:02:12 AM | Attr = RHS]
DonationCoder_rokusnooper_InstallInfo.dat -> %System32%\DonationCoder_rokusnooper_InstallInfo.dat -> [Ver = | Size = 46 bytes | Modified Date = 4/18/2007 4:12:40 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4/24/2007 12:01:58 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 57520 bytes | Modified Date = 4/25/2007 8:22:46 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 391950 bytes | Modified Date = 4/25/2007 8:22:46 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 444832 bytes | Modified Date = 4/19/2007 5:00:28 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/19/2007 10:59:58 AM | Attr = ]
URTTemp -> %System32%\URTTemp -> [Folder | Modified Date = 4/19/2007 5:00:34 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 5/1/2007 1:09:36 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 4/19/2007 11:02:08 AM | Attr = ]
vrcore.sys -> %System32%\drivers\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2007,05,03,71 | Size = 3504064 bytes | Modified Date = 5/3/2007 1:01:04 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\ViRobot.dll -> (?)??? [Ver = 2005, 11, 16, 442 | Size = 187392 bytes | Modified Date = 11/17/2005 5:24:26 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\vrad.dll -> HAURI [Ver = 2005, 6, 2, 18 | Size = 59904 bytes | Modified Date = 11/17/2005 5:24:38 PM | Attr = ]
aspack , -> %System32%\ALZALZ.BIN -> [Ver = | Size = 62464 bytes | Modified Date = 3/29/2006 8:43:36 AM | Attr = ]
aspack , -> %System32%\ALZZip.BIN -> [Ver = | Size = 42496 bytes | Modified Date = 3/29/2006 8:43:38 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\eSellerateEngine.dll -> eSellerate Inc. [Ver = 3.6.2.8 | Size = 151552 bytes | Modified Date = 10/11/2005 2:40:52 PM | Attr = ]
UPX! , UPX0 , -> %System32%\eWebControl.dll -> eSellerate Inc. [Ver = 1.0.2.0 | Size = 57856 bytes | Modified Date = 10/4/2005 8:11:22 AM | Attr = ]
aspack , -> %System32%\HDBHO.dll -> [Ver = | Size = 208896 bytes | Modified Date = 3/27/2003 7:37:34 AM | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/24/2006 8:47:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ViRobot.dll -> (?)??? [Ver = 2005, 11, 16, 442 | Size = 187392 bytes | Modified Date = 11/17/2005 5:24:26 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrad.dll -> HAURI [Ver = 2005, 6, 2, 18 | Size = 59904 bytes | Modified Date = 11/17/2005 5:24:38 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrboot.dll -> HAURI Inc. [Ver = 2, 0, 0, 16 | Size = 27136 bytes | Modified Date = 4/28/2005 1:02:00 PM | Attr = ]
UPX! , ad-beh , -> %System32%\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2005,11,16,30 | Size = 2245760 bytes | Modified Date = 11/17/2005 5:24:44 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrrepair.dll -> HAURI Inc. [Ver = 2004, 10, 29, 2 | Size = 103936 bytes | Modified Date = 10/28/2004 1:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrunace.dll -> HAURI Inc. [Ver = 2002, 7, 30, 1 | Size = 72704 bytes | Modified Date = 7/30/2002 4:26:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vruncab.dll -> [Ver = | Size = 57598 bytes | Modified Date = 8/25/1999 8:56:46 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrungzip.dll -> [Ver = | Size = 44032 bytes | Modified Date = 6/20/2001 12:22:52 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vrunrar.dll -> HAURI Inc. [Ver = 2002, 7, 30, 1 | Size = 119296 bytes | Modified Date = 7/30/2002 4:44:38 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 12:00:00 PM | Attr = ]
UPX! , ad-beh , MZKERNEL32.DLL , -> %System32%\drivers\vrcore.sys -> HAURI, Inc. 1998-2003 [Ver = 2007,05,03,71 | Size = 3504064 bytes | Modified Date = 5/3/2007 1:01:04 PM | Attr = ]

< End of report >

#8 lovingtahoe

lovingtahoe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:South Lake Tahoe
  • Local time:02:25 AM

Posted 04 May 2007 - 09:28 PM

Old Timer... Guess what? I think it is fixed!!! I turned on my computer this evening and Voila! Back to 3-5% CPU usage. Thank-you sooooo much for your help :thumbsup:))))))

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:25 AM

Posted 05 May 2007 - 06:37 AM

Hmm. Very strange indeed. Well, the last log looks fine so I don't think we are dealing with any type of malware. If I had to make a guess I would say that it could have been from some sort of update from a program that updates regularly (such as an antivirus program). There could have been a bug in the previous update and when it did its latest update it was fixed. Just a guess on may part.

In any case, all's well that end's well I always say :thumbsup: .

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users