Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] I need some help.. Computer running slow

Started by joshward10 , Mar 29 2008 03:15 PM

  • This topic is locked This topic is locked
12 replies to this topic

#1 joshward10

joshward10

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 29 March 2008 - 03:15 PM

I think I may have downloaded some bad files. My system is really bogged down and when I have Internet Explorer open I can't even listen to music on iTunes because it's so choppy.

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 4:07:57 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Joshward\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Joshward\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Thank you for your help,

Josh

    Advertisements

Register to Remove

#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 05 April 2008 - 01:14 AM

Hi joshward10,

Have you been getting alerts from your security software, or do you have other reasons to suspect malware as the cause of the slowdown?

Please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer using this link:
http://www.kaspersky...kavwebscan.html
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Next and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As... button, change Save as type: to Text file and save the file to your desktop as Kaspersky.txt
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.


Download Deckard's System Scanner (DSS) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post the Kaspersky report and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
ASAP & UNITE Member

#3 joshward10

joshward10

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 06 April 2008 - 01:56 AM

No, no prompts have told me that I have any malware. I just know that the computer is far from running normally.

Ok, so I ran Kaspersky and got the log file. (the scan took 3 hours to complete. don't know if that's normal but it's just some fyi)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 06, 2008 2:23:13 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/04/2008
Kaspersky Anti-Virus database records: 685361
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 93575
Number of viruses found: 14
Number of infected objects: 49
Number of suspicious objects: 0
Duration of the scan process: 02:55:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Joshward\Application Data\Aim\ucfhlwmv\joshward10\cert8.db Object is locked skipped
C:\Documents and Settings\Joshward\Application Data\Aim\ucfhlwmv\joshward10\key3.db Object is locked skipped
C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-3a936e66.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-3a936e66.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-62b02f48.zip/vmain.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-62b02f48.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-77b46e89.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-77b46e89.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Joshward\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\ApplicationHistory\iexplore.exe.26e3ad32.ini.inuse Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\History\History.IE5\MSHist012008040520080406\index.dat Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\4S61JUDC\stats[1].htm Infected: Trojan-Downloader.VBS.Agent.n skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\WinFixer2005Setup.exe/file28 Infected: not-a-virus:FraudTool.Win32.WinAnti skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\WinFixer2005Setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\~DF2E71.tmp Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\~DFA9C4.tmp Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\~DFCBA8.tmp Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp0\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp1\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp2\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\~wa6psetup.exe/Stream/data0017 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\~wa6psetup.exe/Stream Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\Documents and Settings\Joshward\Local Settings\Temp\~wa6psetup.exe Inno: infected - 2 skipped
C:\Documents and Settings\Joshward\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Joshward\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joshward\My Documents\Morpheus Shared\Downloads\let the drummer kick that.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Joshward\My Documents\Morpheus Shared\Downloads\riddlin kids i feel fine.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Joshward\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Joshward\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\Program Files\crack.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\Program Files\Deutsch Xingtone Ringtone Maker 4.1.xx all Builds crack.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Program Files\Deutsch Xingtone Ringtone Maker 4.1.xx all Builds crack.exe/cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Deutsch Xingtone Ringtone Maker 4.1.xx all Builds crack.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.qz skipped
C:\Program Files\Deutsch Xingtone Ringtone Maker 4.1.xx all Builds crack.exe/spoolsv32.exe Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped
C:\Program Files\Deutsch Xingtone Ringtone Maker 4.1.xx all Builds crack.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\Program Files\Deutsch Xingtone Ringtone Maker 4.1.xx all Builds crack.exe SetupFactory: infected - 5 skipped
C:\Program Files\Morpheus\mymorpheusToolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\temp1.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\Program Files\temp2.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Program Files\temp2.exe/cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\temp2.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.qz skipped
C:\Program Files\temp2.exe/spoolsv32.exe Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped
C:\Program Files\temp2.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\Program Files\temp2.exe SetupFactory: infected - 5 skipped
C:\Program Files\temp3.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Program Files\temp3.exe/cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\temp3.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.qz skipped
C:\Program Files\temp3.exe/spoolsv32.exe Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped
C:\Program Files\temp3.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\Program Files\temp3.exe SetupFactory: infected - 5 skipped
C:\Program Files\US Xingtone Ringtone Maker 4.1.xx all Builds crack.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\Program Files\Xingtone Ringtone Maker 4.1.xx all Builds cracked.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Program Files\Xingtone Ringtone Maker 4.1.xx all Builds cracked.exe/cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Xingtone Ringtone Maker 4.1.xx all Builds cracked.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.qz skipped
C:\Program Files\Xingtone Ringtone Maker 4.1.xx all Builds cracked.exe/spoolsv32.exe Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped
C:\Program Files\Xingtone Ringtone Maker 4.1.xx all Builds cracked.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\Program Files\Xingtone Ringtone Maker 4.1.xx all Builds cracked.exe SetupFactory: infected - 5 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\awtsp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\FP00000.SHD Object is locked skipped
C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\FP00000.SPL Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\winupd.bat Infected: Trojan.BAT.Zapchast skipped

Scan process completed.


As far as DSS goes, I did as you said and saved to my desktop and ran it, but it kept freezing up and having to close. I tried to run it 3 times, restarted my computer and ran it again.. same thing happend every time.
It would freeze up on "backing up registry hives" then a message would pop up saying "dss.exe has encountered a problem and needs to close."

I figured it couldn't hurt to throw in another hijackthis log so here ya go:

Logfile of HijackThis v1.99.1
Scan saved at 2:55:09 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Joshward\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Joshward\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Thanks for the help so far

#4 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 06 April 2008 - 04:17 AM

Hi joshward10,

3 hours is pretty long for a kaspersky scan but not unheard of, it found quite a lot of malware we need to remove.

------------------------------------------------------------------------

Temporarily disable Spyware Guard
  • Right click the running icon of Spywareguard in the system tray to open the program.
  • Then go to Menu->File, and choose Exit.
  • It will automatically restart at next boot.
------------------------------------------------------------------------

Click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Press OK and Yes to confirm

------------------------------------------------------------------------

Please download OTMoveIt2 by OldTimer to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Double-click OTMoveIt2.exe to start the program.
  • Copy the lines in the OTMoveIt file list below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    OTMoveIt File List:
    C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-3a936e66.zip
C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-62b02f48.zip
C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-77b46e89.zip
C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\4S61JUDC\stats[1].htm
C:\Documents and Settings\Joshward\Local Settings\Temp\WinFixer2005Setup.exe
C:\Documents and Settings\Joshward\Local Settings\Temp\~wa6psetup.exe
C:\Documents and Settings\Joshward\My Documents\Morpheus Shared\Downloads\let the drummer kick that.mp3
C:\Documents and Settings\Joshward\My Documents\Morpheus Shared\Downloads\riddlin kids i feel fine.mp3
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
C:\Program Files\crack.exe
C:\Program Files\Deutsch Xingtone Ringtone Maker 4.1.xx all Builds crack.exe
C:\Program Files\Morpheus\mymorpheusToolbar.exe
C:\Program Files\temp1.exe
C:\Program Files\temp2.exe
C:\Program Files\temp3.exe
C:\Program Files\US Xingtone Ringtone Maker 4.1.xx all Builds crack.exe
C:\Program Files\Xingtone Ringtone Maker 4.1.xx all Builds cracked.exe
C:\WINDOWS\SYSTEM32\awtsp.dll
C:\winupd.bat
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Then click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report will appear in Notepad after the reboot.
  • Close OTMoveIt2

------------------------------------------------------------------------

Sorry to hear you had problems with DSS, please try once more using these instructions:

  • Make sure DSS.exe is on your Desktop
  • If your computer has been rebooted since disabling SpywareGuard then disable it again.
  • Press the Start->Run, copy/paste the following command into the box and press OK:

    "%userprofile%\desktop\dss.exe" /config

  • A configuration box will appear, make sure all boxes are checked - apart from Backup Registry Hives in the Options section which you should UN-check, then press Scan!
------------------------------------------------------------------------

Once complete, please post the OTMoveIt report and both DSS logs.
If DSS still doesn't work, then please post the OTMoveIt report and a new HijackThis log.
ASAP & UNITE Member

#5 joshward10

joshward10

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 06 April 2008 - 01:09 PM

DSS still didn't work. The instant it would hit Cleaning Temporary Files it would come up with the same error.

Here are my new log files:

Logfile of HijackThis v1.99.1
Scan saved at 2:06:40 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Joshward\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Joshward\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-3a936e66.zip moved successfully.
C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-62b02f48.zip moved successfully.
C:\Documents and Settings\Joshward\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-77b46e89.zip moved successfully.
< C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\4S61JUDC\stats[1].htm >
C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\4S61JUDC\stats[1].htm moved successfully.
C:\Documents and Settings\Joshward\Local Settings\Temp\WinFixer2005Setup.exe moved successfully.
C:\Documents and Settings\Joshward\Local Settings\Temp\~wa6psetup.exe moved successfully.
C:\Documents and Settings\Joshward\My Documents\Morpheus Shared\Downloads\let the drummer kick that.mp3 moved successfully.
C:\Documents and Settings\Joshward\My Documents\Morpheus Shared\Downloads\riddlin kids i feel fine.mp3 moved successfully.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll NOT unregistered.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll moved successfully.
C:\Program Files\crack.exe moved successfully.
C:\Program Files\Deutsch Xingtone Ringtone Maker 4.1.xx all Builds crack.exe moved successfully.
C:\Program Files\Morpheus\mymorpheusToolbar.exe moved successfully.
C:\Program Files\temp1.exe moved successfully.
C:\Program Files\temp2.exe moved successfully.
C:\Program Files\temp3.exe moved successfully.
C:\Program Files\US Xingtone Ringtone Maker 4.1.xx all Builds crack.exe moved successfully.
C:\Program Files\Xingtone Ringtone Maker 4.1.xx all Builds cracked.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\awtsp.dll
C:\WINDOWS\SYSTEM32\awtsp.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\awtsp.dll moved successfully.
C:\winupd.bat moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04062008_140025

#6 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 06 April 2008 - 10:06 PM

Hi joshward10,

It looks like DSS isn't going to play ball, please try this:

Download OTScanIt to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Rootkit Search click on Yes.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Security Settings
      Reg - Uninstall list
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
ASAP & UNITE Member

#7 joshward10

joshward10

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 06 April 2008 - 10:53 PM 

OTScanIt logfile created on: 4/6/2008 11:36:00 PM
OTScanIt by OldTimer - Version 1.0.9.0	 Folder = C:\Documents and Settings\Joshward\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
766.00 Mb Total Physical Memory | 334.66 Mb Available Physical Memory | 43.69% Memory free
1.08 Gb Paging File | 0.76 Gb Available in Paging File | 70.07% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.87 Gb Total Space | 13.99 Gb Free Space | 19.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOSH
Current User Name: Joshward
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
lexbces.exe -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 11:30:48 AM | Attr =	]
lexpps.exe -> %SystemRoot%\SYSTEM32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 11:26:20 AM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/23/2007 4:01:44 PM | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/4/2007 8:52:14 AM | Attr =	]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/20/2007 4:52:56 PM | Attr =	]
hpzipm12.exe -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 1:14:36 PM | Attr =	]
hkcmd.exe -> %SystemRoot%\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 6/22/2005 12:44:34 AM | Attr =	]
intelmem.exe -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 8:12:44 PM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 12:11:42 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 2:42:04 PM | Attr =	]
airpluscfg.exe -> %ProgramFiles%\D-Link\AirPlus XtremeG\AirPlusCFG.exe -> D-Link [Ver = 3, 3, 0, 40914 | Size = 987136 bytes | Modified Date = 9/22/2004 2:08:14 PM | Attr =	]
wzcsldr2.exe -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> Alpha Networks Inc. [Ver = 1, 0, 4, 40414 | Size = 45056 bytes | Modified Date = 8/16/2004 5:45:02 PM | Attr =	]
dlbcserv.exe -> %ProgramFiles%\Dell Photo Printer 720\dlbcserv.exe ->  [Ver = 1.0.0.1 | Size = 315392 bytes | Modified Date = 1/8/2005 6:42:54 PM | Attr = R  ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 8:28:24 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 2:41:56 PM | Attr =	]
hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 425984 bytes | Modified Date = 11/4/2004 8:36:46 PM | Attr =	]
acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 6.0.2.2004051800 | Size = 7667779 bytes | Modified Date = 5/18/2004 2:08:44 AM | Attr =	]
aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 5:50:04 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 4/4/2008 12:24:38 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/23/2007 4:01:44 PM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/4/2007 8:52:14 AM | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/20/2007 4:52:56 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 2:41:56 PM | Attr =	]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 11:30:48 AM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 1:14:36 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\A3AB.sys -> D-Link Corporation [Ver = 3.3.0.1571 | Size = 396480 bytes | Modified Date = 9/2/2004 9:01:16 PM | Attr =	]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]
(ANIO) ANIO Service [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\ANIO.sys -> Alpha Networks Inc. [Ver = 2.0.0.30505 | Size = 28205 bytes | Modified Date = 5/5/2003 7:25:48 PM | Attr =	]
(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr =	]
(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr =	]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 10/23/2007 4:01:23 PM | Attr =	]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 4/4/2007 8:52:40 AM | Attr =	]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 4/4/2007 8:52:40 AM | Attr =	]
(AvgClean) AVG Clean Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/20/2007 4:53:00 PM | Attr =	]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 4/4/2007 8:52:17 AM | Attr =	]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.60.0.0 built by: WinDDK | Size = 43136 bytes | Modified Date = 5/23/2003 12:58:30 PM | Attr =	]
(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMBOOT.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMIO.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\E100B325.SYS -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 12:12:10 PM | Attr =	]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 4:44:04 PM | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4342 | Size = 807998 bytes | Modified Date = 6/22/2005 1:12:34 AM | Attr =	]
(IntelC51) IntelC51 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\IntelC51.sys -> Intel Corporation [Ver = 2.15.36.0 | Size = 1233525 bytes | Modified Date = 3/5/2004 10:14:42 PM | Attr =	]
(IntelC52) IntelC52 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\IntelC52.sys -> Intel Corporation [Ver = 4.58.1 | Size = 647929 bytes | Modified Date = 3/5/2004 10:15:34 PM | Attr =	]
(IntelC53) IntelC53 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\IntelC53.sys -> Intel Corporation [Ver = 2.15.36.2 | Size = 61157 bytes | Modified Date = 6/15/2004 10:52:40 PM | Attr =	]
(mohfilt) mohfilt [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mohfilt.sys -> Intel Corporation [Ver = 7.11.0.0 | Size = 37048 bytes | Modified Date = 3/5/2004 10:13:38 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\NV4_MINI.SYS -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 10:29:56 PM | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 1:45:06 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.16a | Size = 20576 bytes | Modified Date = 8/2/2004 2:03:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr =	]
(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]
(senfilt) senfilt [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\senfilt.sys -> Creative Technology Ltd. [Ver = 5.10.00.3614 | Size = 732928 bytes | Modified Date = 9/17/2004 9:02:54 AM | Attr =	]
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr =	]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5246 | Size = 260352 bytes | Modified Date = 1/27/2005 3:31:06 PM | Attr =	]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 2:56:16 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr =	]
(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr =	]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr =	]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr =	]
(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr =	]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\usbaapl.sys -> Apple, Inc. [Ver = 1, 24, 0, 0 | Size = 30336 bytes | Modified Date = 9/6/2007 1:28:16 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ANIWZCS2Service -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe [C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe] -> Alpha Networks Inc. [Ver = 1, 0, 4, 40414 | Size = 45056 bytes | Modified Date = 8/16/2004 5:45:02 PM | Attr =	]
D-Link AirPlus XtremeG -> %ProgramFiles%\D-Link\AirPlus XtremeG\AirPlusCFG.exe [C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe] -> D-Link [Ver = 3, 3, 0, 40914 | Size = 987136 bytes | Modified Date = 9/22/2004 2:08:14 PM | Attr =	]
HotKeysCmds -> %SystemRoot%\SYSTEM32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 6/22/2005 12:44:34 AM | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/17/2005 12:11:42 AM | Attr =	]
IgfxTray -> %SystemRoot%\SYSTEM32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 6/22/2005 12:48:18 AM | Attr =	]
IntelMeM -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe [C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe] -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 8:12:44 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 2:42:04 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\dlbcserv.lnk -> %ProgramFiles%\Dell Photo Printer 720\dlbcserv.exe ->  [Ver = 1.0.0.1 | Size = 315392 bytes | Modified Date = 1/8/2005 6:42:54 PM | Attr = R  ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 8:28:24 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 53248 bytes | Modified Date = 11/4/2004 8:50:52 PM | Attr =	]
< Joshward Startup Folder > -> C:\Documents and Settings\Joshward\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe ->  [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 8:05:35 PM | Attr =	]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{81559C35-8464-49F7-BB0E-07A383BEF910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] ->  [Ver = 2.02 | Size = 126976 bytes | Modified Date = 8/3/2003 12:20:57 AM | Attr = R  ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 6/22/2005 12:44:12 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (764 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
192.168.0.108 HP000D9D29777B -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://home.microsoft.com/search/lobby/search.asp -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://google.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2572 domain(s) found. -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
81 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 61 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 2:17:44 PM | Attr =	]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] ->  [Ver = 2.02 | Size = 192512 bytes | Modified Date = 8/3/2003 12:24:01 AM | Attr = R  ]
{B0744341-96E0-4341-9ED2-8BC36CE0CCD0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 5/21/2005 4:43:30 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 5/21/2005 4:43:30 PM | Attr =	]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr =	]
{13C1DBF6-7535-495c-91F6-8C13714ED485}:Exec -> %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found
{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}:{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Tri&xie Options...] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 5:50:04 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr =	]
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found
CmdMapping\\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} [HKEY_LOCAL_MACHINE] ->  [Tri&xie Options...] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 5:50:04 PM | Attr =	]
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 5/21/2005 4:43:30 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{543B285E-1108-4AC7-9234-2320801FE73F} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{D4BA0886-9F59-488D-8080-7203B961D40A} ->	(D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B)) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://photo.walgreens.com/WalgreensActivia.cab[Snapfish Activia] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab[Facebook Photo Uploader 4] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/America Online 9.0/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/America Online 9.0/unicows.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/America Online 9.0/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4_5.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4_5.ocx\\.Owner -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4_5.ocx\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/unicows.dll\\.Owner -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/unicows.dll\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\SYSTEM32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\SYSTEM32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 764 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\SYSTEM32\SCECLI.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\NTMARTA.DLL [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 36466 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\IPNATHLP.DLL [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 5:50:04 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.9.33] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe -> C:\Program Files\Kazaa\kazaa.exe [C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avginet.exe -> C:\Program Files\Grisoft\AVG Free\avginet.exe [C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 12/20/2007 4:52:57 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgemc.exe -> C:\Program Files\Grisoft\AVG Free\avgemc.exe [C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/20/2007 4:52:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor] -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 8:28:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw] ->  [Ver = 3, 2, 0,805 | Size = 184320 bytes | Modified Date = 11/4/2004 12:44:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component] -> Hewlett-Packard [Ver = 4.5.0.805 | Size = 876544 bytes | Modified Date = 11/4/2004 11:43:02 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\LEXPPS.EXE -> C:\WINDOWS\SYSTEM32\LEXPPS.EXE [C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 11:26:20 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Morpheus\Morpheus.exe -> C:\Program Files\Morpheus\Morpheus.exe [C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell] -> Streamcast Networks, Inc [Ver = 1.0.0.1 | Size = 721408 bytes | Modified Date = 9/12/2006 2:17:26 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 625664 bytes | Modified Date = 12/6/2007 6:01:25 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Joshward\Desktop\utorrent.exe -> C:\Documents and Settings\Joshward\Desktop\utorrent.exe [C:\Documents and Settings\Joshward\Desktop\utorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 174163 bytes | Modified Date = 10/5/2006 5:02:23 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe -> C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe [C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2] ->  [Ver =  | Size = 8268401 bytes | Modified Date = 9/25/2006 5:47:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.4.3.1 | Size = 15997240 bytes | Modified Date = 9/26/2007 2:41:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\WUAUSERV.DLL [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 
< Security Settings > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> 
RpcSs -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\QMGR.DLL [C:\WINDOWS\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 36466 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\IPNATHLP.DLL [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 5:50:04 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.9.33] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe -> C:\Program Files\Kazaa\kazaa.exe [C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avginet.exe -> C:\Program Files\Grisoft\AVG Free\avginet.exe [C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 12/20/2007 4:52:57 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgemc.exe -> C:\Program Files\Grisoft\AVG Free\avgemc.exe [C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/20/2007 4:52:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor] -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 8:28:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw] ->  [Ver = 3, 2, 0,805 | Size = 184320 bytes | Modified Date = 11/4/2004 12:44:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component] -> Hewlett-Packard [Ver = 4.5.0.805 | Size = 876544 bytes | Modified Date = 11/4/2004 11:43:02 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\LEXPPS.EXE -> C:\WINDOWS\SYSTEM32\LEXPPS.EXE [C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 11:26:20 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Morpheus\Morpheus.exe -> C:\Program Files\Morpheus\Morpheus.exe [C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell] -> Streamcast Networks, Inc [Ver = 1.0.0.1 | Size = 721408 bytes | Modified Date = 9/12/2006 2:17:26 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 625664 bytes | Modified Date = 12/6/2007 6:01:25 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Joshward\Desktop\utorrent.exe -> C:\Documents and Settings\Joshward\Desktop\utorrent.exe [C:\Documents and Settings\Joshward\Desktop\utorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 174163 bytes | Modified Date = 10/5/2006 5:02:23 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe -> C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe [C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2] ->  [Ver =  | Size = 8268401 bytes | Modified Date = 9/25/2006 5:47:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.4.3.1 | Size = 15997240 bytes | Modified Date = 9/26/2007 2:41:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\SVCHOST.EXE [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\WUAUSERV.DLL [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{06E73C0B-7DE7-4F41-860B-587033B75BD9} -> iPod Updater 2004-11-15
{0DC86BEC-5CE3-413A-BB61-C40A3D186B24} -> Scan
{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} -> Microsoft Plus! Photo Story 2 LE
{14374619-0900-4056-BA06-C87C900AF9E6} -> QuickBooks Simple Start Special Edition
{14BEB6DF-A499-4A38-8E06-E173BCD5C087} -> ScannerCopy
{15EE79F4-4ED1-4267-9B0F-351009325D7D} -> HP Software Update
{17293791-C82E-476C-9997-9A0FF234A19B} -> HP Product Assistant
{181821B7-82AA-44DA-9DAF-EF254CCB670A} -> Fax
{1AD5F465-8282-4DAD-B957-E09C0B783D18} -> InstantShare
{1B680FBA-E317-4E93-AF43-3B59798A4BE0} -> Copy
{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31} -> TrayApp
{272EC8BA-5A08-4ea1-A189-684466A06B02} -> cp_dwShrek2Albums1
{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9} -> Unload
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
{33BB4982-DC52-4886-A03B-F4C5C80BEE89} -> Windows Media Player 10
{342C7C88-D335-4bc2-8CF1-281857629CE2} -> HP PSC & OfficeJet 4.7
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{35BDEFF1-A610-4956-A00D-15453C116395} -> Internet Explorer Default Page
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978)
{3762DB2D-71BD-421F-9E55-C74DA7DF4D07} -> CueTour
{391E18CE-7D3B-45E9-A8F0-34E77F14F47A} -> ProductContext
{3D047C15-C859-45F7-81CE-F2681778069B} -> iPod for Windows 2006-01-10
{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B} -> Google Earth
{3EBD3749-304E-4A4C-9575-C00E5F015217} -> Apple Mobile Device Support
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> Modem On Hold
{442BE28B-782B-4DC0-B490-E70A403B1C69} -> Readme
{4C590030-7469-453E-8589-D15DA9D03F52} -> ANIWZCS2 Service
{5421155F-B033-49DB-9B33-8F80F233D4D5} -> GdiplusUpgrade
{55937F00-A69B-4049-8D3A-1C7729742B6F} -> BUM
{5905F42D-3F5F-4916-ADA6-94A3646AEE76} -> Dell Driver Reset Tool
{5D6EC6F7-9B38-4a02-B063-97C2048B56A2} -> 7200_Help
{5E8D588F-307C-4250-B622-26969027319A} -> PanoStandAlone
{644D04A2-C682-4FD5-977D-03B804C4B9C5} -> CreativeProjects
{646A65DD-23FC-418E-B9F0-E0500FB42CB1} -> PhotoGallery
{655CB07D-C944-40BE-B93F-55957CAC7625} -> AiO_Scan
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD 5.3
{68963635-14A4-48D9-B431-DF3A74D1AAE1} -> Destinations
{69640730-B830-4C24-BB5C-222DA1260548} -> Turbo Lister 2
{6E179C77-7335-458D-9537-4F4EAC0181ED} -> Photo Click
{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} -> Microsoft Plus! Digital Media Edition Installer
{700A6597-3CE6-49C1-AA75-846B24CDA66D} -> BufferChm
{7148F0A8-6813-11D6-A77B-00B0D0142030} -> Java 2 Runtime Environment, SE v1.4.2_03
{724517BD-1DE1-4986-BFCA-C1DFD379E3BC} -> cp_dwShrek2Cards1
{74F7662C-B1DB-489E-A8AC-07A06B24978B} -> Dell System Restore
{79B92240-9C65-4DD7-B1AD-59910D2C1353} -> AirPlus XtremeG
{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68} -> Modem Event Monitor
{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B} -> HPSystemDiagnostics
{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E} -> ANIO Service
{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper
{84CDF5A8-1D57-4B69-BAB6-1F11D8923375} -> SkinsHP1
{85CFD253-38AE-4DB1-ACB7-F0F4C791990D} -> AiOSoftware
{8777AC6D-89F9-4793-8266-DE406F343E89} -> QFolder
{89EE857B-8970-4F9F-AB58-A1C873AC72B3} -> Broadcom Management Programs
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel(R) Extreme Graphics Driver
{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1} -> DocProc
{8EEA1427-5C0D-469F-9FC6-A622A99D98EB} -> Trixie
{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26} -> Musicmatch® Jukebox
{91120409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Standard Edition 2003
{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} -> QuickTime
{A5B9D22C-755A-4AC6-9904-875E80838BB6} -> CP_AtenaShokunin1Config
{A7391302-FADF-4314-80DC-C757DAE45178} -> 7200
{AC76BA86-0000-0000-0000-6028747ADE01} -> Adobe Acrobat - Reader 6.0.2 Update
{AC76BA86-7AD7-1033-7B44-A00000000001} -> Adobe Reader 6.0.1
{AC966B90-53CA-4710-8EEE-57ED25387872} -> 7200Trb
{AF19F291-F22F-4798-9662-525305AE9E48} -> WordPerfect Office 12
{B045B608-4A47-4C77-9EAD-06C394503306} -> iTunes
{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} -> Apple Software Update
{B911B811-BA3E-46D4-90F8-6F3338359651} -> Director
{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B} -> MarketResearch
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} -> WinZip 11.1
{CDFCF124-115F-4976-8BF4-08C89187A146} -> WebReg
{CE0C8CC5-E396-442B-A50E-D1D374A9E820} -> DocumentViewer
{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC} -> Battlefield 2142
{FC22D020-3005-4715-8DF9-F3EDE81DEB3D} -> CreativeProjectsTemplates
Absolute Poker -> Absolute Poker
Ad-Aware SE Personal -> Ad-Aware SE Personal
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Shockwave Player -> Adobe Shockwave Player
AIMToolbar -> AIM Toolbar
AOL Instant Messenger -> AOL Instant Messenger
Audacity_is1 -> Audacity 1.2.4
AVG7Uninstall -> AVG Free Edition
ChordWizard Silver 2.0 -> ChordWizard Silver 2.0
Dell Photo Printer 720 -> Dell Photo Printer 720
Dell Photo Printer 720 Logger -> Dell Photo Printer 720 Logger
DellSupport -> Dell Support 5.0.0 (630)
DVD Decrypter -> DVD Decrypter (Remove Only)
HijackThis -> HijackThis 1.99.1
Hijackthis_is1 -> Hijackthis 1.99.1
HP Photo & Imaging -> HP Image Zone 4.7
HPExtendedCapabilities -> HP Extended Capabilities 4.7
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9} -> iPod Updater 2004-11-15
InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B} -> iPod for Windows 2006-01-10
InstallShield_{69640730-B830-4C24-BB5C-222DA1260548} -> Turbo Lister 2
InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353} -> AirPlus XtremeG
InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3} -> Broadcom Management Programs
Intel(R) 537EP V9x DF PCI Modem -> Intel(R) 537EP V9x DF PCI Modem
IrfanView -> IrfanView (remove only)
Kaspersky Online Scanner -> Kaspersky Online Scanner
KB867282 -> Windows XP Hotfix - KB867282
KB873333 -> Windows XP Hotfix - KB873333
KB873339 -> Windows XP Hotfix - KB873339
KB883939 -> Security Update for Windows XP (KB883939)
KB885250 -> Windows XP Hotfix - KB885250
KB885835 -> Windows XP Hotfix - KB885835
KB885836 -> Windows XP Hotfix - KB885836
KB886185 -> Windows XP Hotfix - KB886185
KB887472 -> Windows XP Hotfix - KB887472
KB887742 -> Windows XP Hotfix - KB887742
KB888113 -> Windows XP Hotfix - KB888113
KB888302 -> Windows XP Hotfix - KB888302
KB888310 -> Windows XP Hotfix - KB888310
KB890046 -> Security Update for Windows XP (KB890046)
KB890175 -> Windows XP Hotfix - KB890175
KB890859 -> Windows XP Hotfix - KB890859
KB890923 -> Windows XP Hotfix - KB890923
KB891781 -> Windows XP Hotfix - KB891781
KB893066 -> Windows XP Hotfix - KB893066
KB893086 -> Windows XP Hotfix - KB893086
KB893756 -> Security Update for Windows XP (KB893756)
KB893803v2 -> Windows Installer 3.1 (KB893803)
KB894391 -> Update for Windows XP (KB894391)
KB896358 -> Security Update for Windows XP (KB896358)
KB896422 -> Security Update for Windows XP (KB896422)
KB896423 -> Security Update for Windows XP (KB896423)
KB896424 -> Security Update for Windows XP (KB896424)
KB896428 -> Security Update for Windows XP (KB896428)
KB896688 -> Security Update for Windows XP (KB896688)
KB896727 -> Update for Windows XP (KB896727)
KB898458 -> Security Update for Step By Step Interactive Training (KB898458)
KB898461 -> Update for Windows XP (KB898461)
KB899587 -> Security Update for Windows XP (KB899587)
KB899588 -> Security Update for Windows XP (KB899588)
KB899591 -> Security Update for Windows XP (KB899591)
KB900485 -> Update for Windows XP (KB900485)
KB900725 -> Security Update for Windows XP (KB900725)
KB901017 -> Security Update for Windows XP (KB901017)
KB901190 -> Security Update for Windows XP (KB901190)
KB901214 -> Security Update for Windows XP (KB901214)
KB902400 -> Security Update for Windows XP (KB902400)
KB903235 -> Security Update for Windows XP (KB903235)
KB904706 -> Security Update for Windows XP (KB904706)
KB904942 -> Update for Windows XP (KB904942)
KB905414 -> Security Update for Windows XP (KB905414)
KB905749 -> Security Update for Windows XP (KB905749)
KB905915 -> Security Update for Windows XP (KB905915)
KB908519 -> Security Update for Windows XP (KB908519)
KB908531 -> Security Update for Windows XP (KB908531)
KB910437 -> Update for Windows XP (KB910437)
KB911280 -> Security Update for Windows XP (KB911280)
KB911562 -> Security Update for Windows XP (KB911562)
KB911564 -> Security Update for Windows Media Player (KB911564)
KB911565 -> Security Update for Windows Media Player 10 (KB911565)
KB911567 -> Security Update for Windows XP (KB911567)
KB911927 -> Security Update for Windows XP (KB911927)
KB912812 -> Security Update for Windows XP (KB912812)
KB912919 -> Security Update for Windows XP (KB912919)
KB913446 -> Security Update for Windows XP (KB913446)
KB913580 -> Security Update for Windows XP (KB913580)
KB914388 -> Security Update for Windows XP (KB914388)
KB914389 -> Security Update for Windows XP (KB914389)
KB914440 -> Hotfix for Windows XP (KB914440)
KB915865 -> Hotfix for Windows XP (KB915865)
KB916281 -> Security Update for Windows XP (KB916281)
KB916595 -> Update for Windows XP (KB916595)
KB917159 -> Security Update for Windows XP (KB917159)
KB917344 -> Security Update for Windows XP (KB917344)
KB917422 -> Security Update for Windows XP (KB917422)
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734)
KB917953 -> Security Update for Windows XP (KB917953)
KB918118 -> Security Update for Windows XP (KB918118)
KB918439 -> Security Update for Windows XP (KB918439)
KB918899 -> Security Update for Windows XP (KB918899)
KB919007 -> Security Update for Windows XP (KB919007)
KB920213 -> Security Update for Windows XP (KB920213)
KB920214 -> Security Update for Windows XP (KB920214)
KB920670 -> Security Update for Windows XP (KB920670)
KB920683 -> Security Update for Windows XP (KB920683)
KB920685 -> Security Update for Windows XP (KB920685)
KB920872 -> Update for Windows XP (KB920872)
KB921398 -> Security Update for Windows XP (KB921398)
KB921503 -> Security Update for Windows XP (KB921503)
KB921883 -> Security Update for Windows XP (KB921883)
KB922582 -> Update for Windows XP (KB922582)
KB922616 -> Security Update for Windows XP (KB922616)
KB922760 -> Security Update for Windows XP (KB922760)
KB922819 -> Security Update for Windows XP (KB922819)
KB923191 -> Security Update for Windows XP (KB923191)
KB923414 -> Security Update for Windows XP (KB923414)
KB923689 -> Security Update for Windows XP (KB923689)
KB923694 -> Security Update for Windows XP (KB923694)
KB923723 -> Security Update for Step By Step Interactive Training (KB923723)
KB923980 -> Security Update for Windows XP (KB923980)
KB924191 -> Security Update for Windows XP (KB924191)
KB924270 -> Security Update for Windows XP (KB924270)
KB924496 -> Security Update for Windows XP (KB924496)
KB924667 -> Security Update for Windows XP (KB924667)
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398)
KB925454 -> Security Update for Windows XP (KB925454)
KB925486 -> Security Update for Windows XP (KB925486)
KB925902 -> Security Update for Windows XP (KB925902)
KB926255 -> Security Update for Windows XP (KB926255)
KB926436 -> Security Update for Windows XP (KB926436)
KB927779 -> Security Update for Windows XP (KB927779)
KB927802 -> Security Update for Windows XP (KB927802)
KB927891 -> Update for Windows XP (KB927891)
KB928090 -> Security Update for Windows XP (KB928090)
KB928255 -> Security Update for Windows XP (KB928255)
KB928843 -> Security Update for Windows XP (KB928843)
KB929123 -> Security Update for Windows XP (KB929123)
KB929338 -> Update for Windows XP (KB929338)
KB929969 -> Security Update for Windows XP (KB929969)
KB930178 -> Security Update for Windows XP (KB930178)
KB930916 -> Update for Windows XP (KB930916)
KB931261 -> Security Update for Windows XP (KB931261)
KB931768 -> Security Update for Windows XP (KB931768)
KB931784 -> Security Update for Windows XP (KB931784)
KB931836 -> Update for Windows XP (KB931836)
KB932168 -> Security Update for Windows XP (KB932168)
KB933360 -> Update for Windows XP (KB933360)
KB933566 -> Security Update for Windows XP (KB933566)
KB933729 -> Security Update for Windows XP (KB933729)
KB935839 -> Security Update for Windows XP (KB935839)
KB935840 -> Security Update for Windows XP (KB935840)
KB936021 -> Security Update for Windows XP (KB936021)
KB936357 -> Update for Windows XP (KB936357)
KB936782_WMP10 -> Security Update for Windows Media Player 10 (KB936782)
KB937143 -> Security Update for Windows XP (KB937143)
KB938127 -> Security Update for Windows XP (KB938127)
KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127)
KB938828 -> Update for Windows XP (KB938828)
KB938829 -> Security Update for Windows XP (KB938829)
KB939653 -> Security Update for Windows XP (KB939653)
KB939653-IE7 -> Security Update for Windows Internet Explorer 7 (KB939653)
KB941202 -> Security Update for Windows XP (KB941202)
KB941568 -> Security Update for Windows XP (KB941568)
KB941569 -> Security Update for Windows XP (KB941569)
KB941644 -> Security Update for Windows XP (KB941644)
KB942615-IE7 -> Security Update for Windows Internet Explorer 7 (KB942615)
KB942763 -> Update for Windows XP (KB942763)
KB943055 -> Security Update for Windows XP (KB943055)
KB943460 -> Security Update for Windows XP (KB943460)
KB943485 -> Security Update for Windows XP (KB943485)
KB944533-IE7 -> Security Update for Windows Internet Explorer 7 (KB944533)
KB944653 -> Security Update for Windows XP (KB944653)
KB946026 -> Security Update for Windows XP (KB946026)
M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Morpheus -> Morpheus 5.2 (remove only)
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
Panda ActiveScan -> Panda ActiveScan
PartyPoker -> PartyPoker
PokerStars -> PokerStars
RealPlayer 6.0 -> RealPlayer
R-Undelete 3.5NSIS -> R-Undelete 3.5
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4
SpywareBlaster_is1 -> SpywareBlaster v3.5.1
SpywareGuard_is1 -> SpywareGuard v2.2
StreetPlugin -> Learn2 Player (Uninstall Only)
SUPER © -> SUPER © Version 2006.19 (FIX)
TunePlus_is1 -> TunePlus 1.0.0.4
ViewpointMediaPlayer -> Viewpoint Media Player
VX2 Cleaner plug-in for Ad-Aware SE -> VX2 Cleaner plug-in for Ad-Aware SE
WgaNotify -> Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime -> Windows Media Format Runtime
Windows Media Player -> Windows Media Player 10
WinRAR archiver -> WinRAR archiver
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{9863F141-7A33-4c9a-A5F2-96996461B216} -> KODAK EASYSHARE Gallery Easy Upload, v2.1


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 4/6/2008 2:25:59 AM | Attr =	]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 4/6/2008 2:00:25 PM | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Created Date = 4/5/2008 6:05:29 PM | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 4/6/2008 2:27:00 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Created Date = 4/5/2008 6:05:32 PM | Attr =	]
04-04-08_1140.jpg -> %UserProfile%\Desktop\04-04-08_1140.jpg ->  [Ver =  | Size = 63987 bytes | Created Date = 4/6/2008 7:07:39 PM | Attr =	]
11-30-06_2349.jpg -> %UserProfile%\Desktop\11-30-06_2349.jpg ->  [Ver =  | Size = 52383 bytes | Created Date = 4/6/2008 7:06:12 PM | Attr =	]
DSC02557.JPG -> %UserProfile%\Desktop\DSC02557.JPG ->  [Ver =  | Size = 3265509 bytes | Created Date = 4/6/2008 8:26:49 PM | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 4/6/2008 2:24:50 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk ->  [Ver =  | Size = 650 bytes | Created Date = 3/29/2008 4:07:39 PM | Attr =	]
HJTsetup.exe -> %UserProfile%\Desktop\HJTsetup.exe -> Soeperman Enterprises Ltd									[Ver =					  | Size = 488144 bytes | Created Date = 3/29/2008 4:07:18 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTsetup.exe:Zone.Identifier
imagejpeg_1.jpg -> %UserProfile%\Desktop\imagejpeg_1.jpg ->  [Ver =  | Size = 22982 bytes | Created Date = 4/6/2008 7:07:19 PM | Attr =	]
Masterpiece.bmp -> %UserProfile%\Desktop\Masterpiece.bmp ->  [Ver =  | Size = 1191362 bytes | Created Date = 4/6/2008 8:32:51 PM | Attr =	]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.0 | Size = 290816 bytes | Created Date = 4/6/2008 1:57:15 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 4/6/2008 11:33:22 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 540250 bytes | Created Date = 4/6/2008 11:26:16 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier

[Files/Folders - Modified Within 30 days]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 4/6/2008 2:25:59 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 803278848 bytes | Modified Date = 4/6/2008 1:44:14 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 4/6/2008 2:00:28 PM | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 4/6/2008 11:32:26 PM | Attr =	]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 4/6/2008 2:00:25 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 4/6/2008 4:49:46 PM | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Modified Date = 4/5/2008 6:05:29 PM | Attr =	]
PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT ->  [Ver =  | Size = 54280 bytes | Modified Date = 3/11/2008 11:02:01 PM | Attr =	]
PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT ->  [Ver =  | Size = 384596 bytes | Modified Date = 3/11/2008 11:02:01 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 445630 bytes | Modified Date = 3/11/2008 11:02:01 PM | Attr =	]
WPA.DBL -> %SystemRoot%\System32\WPA.DBL ->  [Ver =  | Size = 2206 bytes | Modified Date = 4/6/2008 1:46:50 PM | Attr =	]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 4/6/2008 1:44:44 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 4/6/2008 8:34:43 PM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 4/6/2008 2:27:00 AM | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 4/5/2008 6:05:28 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 4/6/2008 11:27:05 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 4/6/2008 1:47:28 PM | Attr =  H ]
SYSTEM32 -> %SystemRoot%\SYSTEM32 ->  [Folder | Modified Date = 4/6/2008 8:34:39 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 4/6/2008 1:47:10 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 3/19/2008 9:44:06 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 4/6/2008 1:44:47 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5484 bytes | Modified Date = 4/6/2008 1:46:05 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5484 bytes | Modified Date = 4/6/2008 1:46:06 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11068 bytes | Modified Date = 10/18/2005 2:23:51 PM | Attr =	]
CA7F7RSL.com%2F&ad_type=text&cc=49&u_h=768&u_w=1024&u_ah=734&u_aw=1024&u_cd=32&u_tz=-300&u_his=1&u_java=true -> C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\3J0QNWNE\CA7F7RSL.com ->  [Ver =  | Size = 1094 bytes | Modified Date = 3/23/2007 2:43:40 PM | Attr =	]
imp[1].com%2F&r=0 -> C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\4S61JUDC\imp[1].com ->  [Ver =  | Size = 532 bytes | Modified Date = 3/23/2007 4:44:52 PM | Attr =	]
imp[1].com%2Ft-pain-kvrjm%2Foverview&r=0 -> C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\NTXKUPHU\imp[1].com ->  [Ver =  | Size = 1076 bytes | Modified Date = 3/23/2007 4:48:02 PM | Attr =	]
BitTorrent-4.20.7.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\BitTorrent-4.20.7.exe ->  [Ver =  | Size = 5838494 bytes | Modified Date = 8/8/2006 1:56:39 PM | Attr =	]
cmdo.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\cmdo.exe ->  [Ver = 1.4.2.0 | Size = 31232 bytes | Modified Date = 10/31/2006 12:25:19 AM | Attr =	]
FlashPlayerUpdate.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\FlashPlayerUpdate.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 819912 bytes | Modified Date = 1/27/2006 7:11:40 PM | Attr =	]
shutdown.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\shutdown.exe ->  [Ver =  | Size = 32768 bytes | Modified Date = 10/31/2006 12:25:19 AM | Attr =	]
1344 C:\Documents and Settings\Joshward\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Joshward\Local Settings\Temp\*.tmp -> 
dxsetup.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\{E5BE43BE-65EE-496F-AF4B-60FFD21C1221}\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\dxsetup.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 484560 bytes | Modified Date = 5/25/2006 4:53:28 PM | Attr =	]
md5deep.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~foigilc.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
sed.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~foigilc.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
swreg.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~foigilc.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
md5deep.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~ggmokhr.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
sed.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~ggmokhr.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
swreg.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~ggmokhr.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
md5deep.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~kuugwir.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
sed.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~kuugwir.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
swreg.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~kuugwir.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
cmdo.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp0\cmdo.exe ->  [Ver = 1.4.2.0 | Size = 31232 bytes | Modified Date = 10/31/2006 12:27:19 AM | Attr =	]
shutdown.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp0\shutdown.exe ->  [Ver =  | Size = 32768 bytes | Modified Date = 10/31/2006 12:27:19 AM | Attr =	]
cmdo.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp1\cmdo.exe ->  [Ver = 1.4.2.0 | Size = 31232 bytes | Modified Date = 10/31/2006 12:27:44 AM | Attr =	]
shutdown.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp1\shutdown.exe ->  [Ver =  | Size = 32768 bytes | Modified Date = 10/31/2006 12:27:44 AM | Attr =	]
cmdo.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp2\cmdo.exe ->  [Ver = 1.4.2.0 | Size = 31232 bytes | Modified Date = 10/31/2006 12:28:12 AM | Attr =	]
shutdown.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp2\shutdown.exe ->  [Ver =  | Size = 32768 bytes | Modified Date = 10/31/2006 12:28:12 AM | Attr =	]
md5deep.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~sohwzsx.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
sed.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~sohwzsx.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
swreg.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~sohwzsx.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
md5deep.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~stjzdwg.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
sed.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~stjzdwg.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
swreg.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~stjzdwg.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
md5deep.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~ujtapsb.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
sed.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~ujtapsb.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
swreg.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~ujtapsb.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
md5deep.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~xyahijc.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
sed.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~xyahijc.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
swreg.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\~xyahijc.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 9:23:07 PM | Attr =	]
Ntwrk_Scry_update.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\HPSUB1L-.N3A\Ntwrk_Scry_update.exe ->  [Ver =  | Size = 210544 bytes | Modified Date = 4/1/2006 4:55:33 PM | Attr =	]
setup.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\NI.UWA6P_0001_N56M1011\setup.exe -> WinSoftware, Ltd. [Ver = 2, 0, 162, 9 | Size = 8953048 bytes | Modified Date = 12/22/2005 5:00:51 PM | Attr =	]
setup.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\NI.UWFX5_0001_N57M2811\setup.exe -> WinSoftware Ltd. [Ver = 1, 1, 42, 1 | Size = 2420952 bytes | Modified Date = 12/20/2005 2:22:48 AM | Attr =	]
HijackThis.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Modified Date = 1/7/2006 8:42:02 PM | Attr = R  ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe:Zone.Identifier
KillBox.exe -> C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Directory 1 for KillBox.zip\KillBox.exe -> Option^Explicit Software						vbtechcd@gmail.com [Ver = 2.00.0588 | Size = 71680 bytes | Modified Date = 12/27/2005 4:04:36 AM | Attr =	]
@Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for KillBox.zip\KillBox.exe:Zone.Identifier
6.4.20.7-EasyShrx.Dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\6.4.20.7-EasyShrx.Dll -> Eastman Kodak Company [Ver = 5.3.11.5 | Size = 1134592 bytes | Modified Date = 5/14/2007 2:24:55 PM | Attr =	]
bitcoll.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\bitcoll.dll ->  [Ver =  | Size = 77824 bytes | Modified Date = 10/31/2006 12:25:19 AM | Attr =	]
EntitlementClientInstall.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\EntitlementClientInstall.dll -> Intuit, Inc. [Ver = 1, 0, 0, 42 | Size = 1552384 bytes | Modified Date = 5/9/2006 12:27:58 PM | Attr =	]
InstHelp.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\InstHelp.dll ->  [Ver =  | Size = 57344 bytes | Modified Date = 10/12/2004 12:14:18 PM | Attr =	]
instph.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\instph.dll -> AOL LLC [Ver = 5.0.2.0 | Size = 94256 bytes | Modified Date = 12/21/2006 3:32:49 PM | Attr =	]
MFC71.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\MFC71.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1060864 bytes | Modified Date = 5/9/2006 12:27:58 PM | Attr =	]
msvcp71.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\msvcp71.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 5/9/2006 12:27:58 PM | Attr =	]
msvcr71.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\msvcr71.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 5/9/2006 12:27:58 PM | Attr =	]
pcc.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\pcc.dll -> Intuit, Inc. [Ver = 1.2 B1 | Size = 372736 bytes | Modified Date = 5/9/2006 12:27:59 PM | Attr =	]
qbinstal.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\qbinstal.dll -> Intuit, Inc. [Ver = 15.0D R2 | Size = 380928 bytes | Modified Date = 5/9/2006 12:27:58 PM | Attr =	]
stlport_vc746.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\stlport_vc746.dll -> STLport Consulting, Inc. [Ver = 4.6.2004.0924 | Size = 552960 bytes | Modified Date = 5/9/2006 12:27:58 PM | Attr =	]
uninst.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\uninst.dll ->  [Ver =  | Size = 114688 bytes | Modified Date = 9/1/2004 11:56:56 AM | Attr =	]
xerces-c_2_5_0_qb.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\xerces-c_2_5_0_qb.dll -> Apache Software Foundation [Ver = 2, 5, 0 | Size = 1916928 bytes | Modified Date = 5/9/2006 12:27:59 PM | Attr =	]
1344 C:\Documents and Settings\Joshward\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Joshward\Local Settings\Temp\*.tmp -> 
DSETUP.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\{E5BE43BE-65EE-496F-AF4B-60FFD21C1221}\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 74448 bytes | Modified Date = 5/25/2006 4:53:26 PM | Attr =	]
dsetup32.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\{E5BE43BE-65EE-496F-AF4B-60FFD21C1221}\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 2248400 bytes | Modified Date = 5/25/2006 4:53:26 PM | Attr =	]
dss.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\~foigilc.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 10/14/2007 1:42:28 AM | Attr =	]
dss.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\~ggmokhr.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 10/14/2007 1:42:28 AM | Attr =	]
dss.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\~kuugwir.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 10/14/2007 1:42:28 AM | Attr =	]
bitcoll.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp0\bitcoll.dll ->  [Ver =  | Size = 77824 bytes | Modified Date = 10/31/2006 12:27:19 AM | Attr =	]
bitcoll.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp1\bitcoll.dll ->  [Ver =  | Size = 77824 bytes | Modified Date = 10/31/2006 12:27:44 AM | Attr =	]
bitcoll.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\~setuptmp2\bitcoll.dll ->  [Ver =  | Size = 77824 bytes | Modified Date = 10/31/2006 12:28:12 AM | Attr =	]
dss.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\~sohwzsx.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 10/14/2007 1:42:28 AM | Attr =	]
dss.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\~stjzdwg.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 10/14/2007 1:42:28 AM | Attr =	]
dss.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\~ujtapsb.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 10/14/2007 1:42:28 AM | Attr =	]
dss.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\~xyahijc.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 10/14/2007 1:42:28 AM | Attr =	]
_Setup.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\isp25D.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 380928 bytes | Modified Date = 1/18/2007 10:13:50 PM | Attr =	]
_Setup.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\isp480.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 380928 bytes | Modified Date = 1/17/2007 7:25:35 PM | Attr =	]
LangDLL.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\nsd15E.tmp\LangDLL.dll ->  [Ver =  | Size = 5120 bytes | Modified Date = 8/13/2006 9:22:14 PM | Attr =	]
Processes.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\nsd15E.tmp\Processes.dll -> Andrei Ciubotaru [Hardwired] [Ver = 1, 0, 0, 1 | Size = 36352 bytes | Modified Date = 8/13/2006 9:22:21 PM | Attr =	]
System.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\nsd15E.tmp\System.dll ->  [Ver =  | Size = 10240 bytes | Modified Date = 8/13/2006 9:22:20 PM | Attr =	]
InstallOptions.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\nsf1F9.tmp\InstallOptions.dll ->  [Ver =  | Size = 12288 bytes | Modified Date = 8/5/2005 6:43:23 PM | Attr =	]
System.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\nsf1F9.tmp\System.dll ->  [Ver =  | Size = 9216 bytes | Modified Date = 8/5/2005 6:43:23 PM | Attr =	]
InstallOptions.dll -> C:\Documents and Settings\Joshward\Local Settings\Temp\nsw8F.tmp\InstallOptions.dll ->  [Ver =  | Size = 12288 bytes | Modified Date = 8/6/2005 3:42:54 PM | Attr =	]
AVRES_OPTRF_LiveUpdate.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\AVRES_OPTRF_LiveUpdate.dat ->  [Ver =  | Size = 124 bytes | Modified Date = 6/17/2006 2:50:19 PM | Attr =	]
ESGServices.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\ESGServices.dat ->  [Ver =  | Size = 15573 bytes | Modified Date = 5/9/2006 12:27:58 PM | Attr =	]
paystat.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\paystat.dat ->  [Ver =  | Size = 1442 bytes | Modified Date = 5/9/2006 12:27:58 PM | Attr =	]
Perflib_Perfdata_768.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\Perflib_Perfdata_768.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/3/2006 2:30:34 PM | Attr =	]
Perflib_Perfdata_7e8.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\Perflib_Perfdata_7e8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/8/2006 6:15:32 PM | Attr =	]
qbm3t2.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\qbm3t2.dat ->  [Ver =  | Size = 7768 bytes | Modified Date = 5/9/2006 12:27:58 PM | Attr =	]
symcprop.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\symcprop.dat ->  [Ver =  | Size = 88572 bytes | Modified Date = 6/17/2006 2:58:50 PM | Attr =	]
SymSCLiveUpdate.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\SymSCLiveUpdate.dat ->  [Ver =  | Size = 316 bytes | Modified Date = 6/17/2006 2:58:50 PM | Attr =	]
1344 C:\Documents and Settings\Joshward\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Joshward\Local Settings\Temp\*.tmp -> 
index.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\Cookies\index.dat ->  [Ver =  | Size = 65536 bytes | Modified Date = 3/23/2007 11:39:11 PM | Attr =	]
index.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 131072 bytes | Modified Date = 3/23/2007 11:51:48 PM | Attr =	]
index.dat -> C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 1703936 bytes | Modified Date = 3/23/2007 11:54:00 PM | Attr =	]
pp233.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\pp233.ini ->  [Ver =  | Size = 5052 bytes | Modified Date = 12/21/2006 3:44:34 PM | Attr =	]
temp2.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\temp2.ini ->  [Ver =  | Size = 86016 bytes | Modified Date = 7/13/2007 10:51:06 PM | Attr =	]
_isdelet.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_isdelet.ini ->  [Ver =  | Size = 234 bytes | Modified Date = 1/18/2007 10:51:29 PM | Attr =	]
1344 C:\Documents and Settings\Joshward\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Joshward\Local Settings\Temp\*.tmp -> 
0x0404.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x0404.ini ->  [Ver =  | Size = 3261 bytes | Modified Date = 12/21/2005 7:42:52 PM | Attr =	]
0x0406.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x0406.ini ->  [Ver =  | Size = 4855 bytes | Modified Date = 12/21/2005 7:42:52 PM | Attr =	]
0x0407.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x0407.ini ->  [Ver =  | Size = 5140 bytes | Modified Date = 12/21/2005 7:42:51 PM | Attr =	]
0x0409.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x0409.ini ->  [Ver =  | Size = 4632 bytes | Modified Date = 12/21/2005 7:42:50 PM | Attr =	]
0x040a.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x040a.ini ->  [Ver =  | Size = 5275 bytes | Modified Date = 12/21/2005 7:42:56 PM | Attr =	]
0x040b.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x040b.ini ->  [Ver =  | Size = 4734 bytes | Modified Date = 12/21/2005 7:42:54 PM | Attr =	]
0x040c.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x040c.ini ->  [Ver =  | Size = 5406 bytes | Modified Date = 12/21/2005 7:42:50 PM | Attr =	]
0x0410.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x0410.ini ->  [Ver =  | Size = 5130 bytes | Modified Date = 12/21/2005 7:42:54 PM | Attr =	]
0x0411.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x0411.ini ->  [Ver =  | Size = 5014 bytes | Modified Date = 12/21/2005 7:42:52 PM | Attr =	]
0x0412.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x0412.ini ->  [Ver =  | Size = 4303 bytes | Modified Date = 12/21/2005 7:42:55 PM | Attr =	]
0x0413.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x0413.ini ->  [Ver =  | Size = 5118 bytes | Modified Date = 12/21/2005 7:42:53 PM | Attr =	]
0x0414.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x0414.ini ->  [Ver =  | Size = 4810 bytes | Modified Date = 12/21/2005 7:42:56 PM | Attr =	]
0x041d.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x041d.ini ->  [Ver =  | Size = 4636 bytes | Modified Date = 12/21/2005 7:42:57 PM | Attr =	]
0x0804.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\0x0804.ini ->  [Ver =  | Size = 3326 bytes | Modified Date = 12/21/2005 7:42:52 PM | Attr =	]
Setup.INI -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\Setup.INI ->  [Ver =  | Size = 1437 bytes | Modified Date = 12/21/2005 7:42:50 PM | Attr =	]
_ISMSIDEL.INI -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is10\_ISMSIDEL.INI ->  [Ver =  | Size = 1181 bytes | Modified Date = 12/21/2005 7:43:08 PM | Attr =	]
0x0404.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x0404.ini ->  [Ver =  | Size = 3261 bytes | Modified Date = 12/21/2005 7:31:39 PM | Attr =	]
0x0406.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x0406.ini ->  [Ver =  | Size = 4855 bytes | Modified Date = 12/21/2005 7:31:39 PM | Attr =	]
0x0407.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x0407.ini ->  [Ver =  | Size = 5140 bytes | Modified Date = 12/21/2005 7:31:31 PM | Attr =	]
0x0409.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x0409.ini ->  [Ver =  | Size = 4632 bytes | Modified Date = 12/21/2005 7:31:24 PM | Attr =	]
0x040a.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x040a.ini ->  [Ver =  | Size = 5275 bytes | Modified Date = 12/21/2005 7:32:00 PM | Attr =	]
0x040b.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x040b.ini ->  [Ver =  | Size = 4734 bytes | Modified Date = 12/21/2005 7:31:46 PM | Attr =	]
0x040c.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x040c.ini ->  [Ver =  | Size = 5406 bytes | Modified Date = 12/21/2005 7:31:27 PM | Attr =	]
0x0410.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x0410.ini ->  [Ver =  | Size = 5130 bytes | Modified Date = 12/21/2005 7:31:50 PM | Attr =	]
0x0411.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x0411.ini ->  [Ver =  | Size = 5014 bytes | Modified Date = 12/21/2005 7:31:35 PM | Attr =	]
0x0412.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x0412.ini ->  [Ver =  | Size = 4303 bytes | Modified Date = 12/21/2005 7:31:53 PM | Attr =	]
0x0413.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x0413.ini ->  [Ver =  | Size = 5118 bytes | Modified Date = 12/21/2005 7:31:43 PM | Attr =	]
0x0414.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x0414.ini ->  [Ver =  | Size = 4810 bytes | Modified Date = 12/21/2005 7:31:56 PM | Attr =	]
0x041d.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x041d.ini ->  [Ver =  | Size = 4636 bytes | Modified Date = 12/21/2005 7:32:04 PM | Attr =	]
0x0804.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\0x0804.ini ->  [Ver =  | Size = 3326 bytes | Modified Date = 12/21/2005 7:31:38 PM | Attr =	]
Setup.INI -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\Setup.INI ->  [Ver =  | Size = 1437 bytes | Modified Date = 12/21/2005 7:31:23 PM | Attr =	]
_ISMSIDEL.INI -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is25E\_ISMSIDEL.INI ->  [Ver =  | Size = 1199 bytes | Modified Date = 12/21/2005 7:32:37 PM | Attr =	]
0x0404.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x0404.ini ->  [Ver =  | Size = 3261 bytes | Modified Date = 12/21/2005 10:46:57 PM | Attr =	]
0x0406.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x0406.ini ->  [Ver =  | Size = 4855 bytes | Modified Date = 12/21/2005 10:46:57 PM | Attr =	]
0x0407.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x0407.ini ->  [Ver =  | Size = 5140 bytes | Modified Date = 12/21/2005 10:46:55 PM | Attr =	]
0x0409.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x0409.ini ->  [Ver =  | Size = 4632 bytes | Modified Date = 12/21/2005 10:46:54 PM | Attr =	]
0x040a.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x040a.ini ->  [Ver =  | Size = 5275 bytes | Modified Date = 12/21/2005 10:47:00 PM | Attr =	]
0x040b.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x040b.ini ->  [Ver =  | Size = 4734 bytes | Modified Date = 12/21/2005 10:46:58 PM | Attr =	]
0x040c.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x040c.ini ->  [Ver =  | Size = 5406 bytes | Modified Date = 12/21/2005 10:46:55 PM | Attr =	]
0x0410.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x0410.ini ->  [Ver =  | Size = 5130 bytes | Modified Date = 12/21/2005 10:46:58 PM | Attr =	]
0x0411.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x0411.ini ->  [Ver =  | Size = 5014 bytes | Modified Date = 12/21/2005 10:46:56 PM | Attr =	]
0x0412.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x0412.ini ->  [Ver =  | Size = 4303 bytes | Modified Date = 12/21/2005 10:46:59 PM | Attr =	]
0x0413.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x0413.ini ->  [Ver =  | Size = 5118 bytes | Modified Date = 12/21/2005 10:46:57 PM | Attr =	]
0x0414.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x0414.ini ->  [Ver =  | Size = 4810 bytes | Modified Date = 12/21/2005 10:47:00 PM | Attr =	]
0x041d.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x041d.ini ->  [Ver =  | Size = 4636 bytes | Modified Date = 12/21/2005 10:47:01 PM | Attr =	]
0x0804.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\0x0804.ini ->  [Ver =  | Size = 3326 bytes | Modified Date = 12/21/2005 10:46:57 PM | Attr =	]
Setup.INI -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\Setup.INI ->  [Ver =  | Size = 1437 bytes | Modified Date = 12/21/2005 10:46:54 PM | Attr =	]
_ISMSIDEL.INI -> C:\Documents and Settings\Joshward\Local Settings\Temp\_is36\_ISMSIDEL.INI ->  [Ver =  | Size = 1181 bytes | Modified Date = 12/21/2005 10:47:14 PM | Attr =	]
_ISMSIDEL.INI -> C:\Documents and Settings\Joshward\Local Settings\Temp\_isF0\_ISMSIDEL.INI ->  [Ver =  | Size = 11 bytes | Modified Date = 11/21/2007 10:10:58 PM | Attr =	]
desktop.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 9/15/2005 3:52:17 PM | Attr =  HS]
ioSpecial.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\nsf1F9.tmp\ioSpecial.ini ->  [Ver =  | Size = 738 bytes | Modified Date = 8/5/2005 6:43:34 PM | Attr =	]
ioSpecial.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\nsw8F.tmp\ioSpecial.ini ->  [Ver =  | Size = 531 bytes | Modified Date = 8/6/2005 3:42:58 PM | Attr =	]
desktop.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/23/2007 2:43:26 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\3J0QNWNE\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/23/2007 2:43:39 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Joshward\Local Settings\Temp\Temporary Internet Files\Content.IE5\NTXKUPHU\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/23/2007 2:43:38 PM | Attr =  HS]
regincd2.exe -> C:\WINDOWS\Temp\regincd2.exe ->  [Ver =  | Size = 3072 bytes | Modified Date = 4/4/2007 8:52:35 AM | Attr =	]
regtdi.exe -> C:\WINDOWS\Temp\regtdi.exe ->  [Ver =  | Size = 3584 bytes | Modified Date = 4/4/2007 8:52:41 AM | Attr =	]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/19/2008 9:44:05 AM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/19/2008 9:44:05 AM | Attr =  HS]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 3/19/2008 9:44:05 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 145 bytes | Modified Date = 12/26/2007 10:44:04 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/26/2007 10:44:04 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0HFMMQ1R\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/26/2007 10:44:04 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2Y0BBB2W\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/26/2007 10:44:04 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D3IBNF9R\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/26/2007 10:44:04 AM | Attr =  HS]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IAC06NVT\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 12/26/2007 10:44:04 AM | Attr =  HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Modified Date = 4/5/2008 6:05:32 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 4/6/2008 1:48:35 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 80384 bytes | Modified Date = 4/6/2008 8:26:02 PM | Attr =	]
HJT -> %UserProfile%\My Documents\HJT ->  [Folder | Modified Date = 3/29/2008 4:05:39 PM | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 2137 bytes | Modified Date = 4/6/2008 4:59:56 PM | Attr =	]
04-04-08_1140.jpg -> %UserProfile%\Desktop\04-04-08_1140.jpg ->  [Ver =  | Size = 63987 bytes | Modified Date = 4/4/2008 11:40:56 AM | Attr =	]
11-30-06_2349.jpg -> %UserProfile%\Desktop\11-30-06_2349.jpg ->  [Ver =  | Size = 52383 bytes | Modified Date = 4/6/2008 6:57:18 PM | Attr =	]
DSC02557.JPG -> %UserProfile%\Desktop\DSC02557.JPG ->  [Ver =  | Size = 3265509 bytes | Modified Date = 4/6/2008 7:26:40 PM | Attr =	]
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 4/6/2008 2:40:29 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk ->  [Ver =  | Size = 650 bytes | Modified Date = 3/29/2008 4:07:39 PM | Attr =	]
HJTsetup.exe -> %UserProfile%\Desktop\HJTsetup.exe -> Soeperman Enterprises Ltd									[Ver =					  | Size = 488144 bytes | Modified Date = 3/29/2008 4:07:19 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTsetup.exe:Zone.Identifier
Masterpiece.bmp -> %UserProfile%\Desktop\Masterpiece.bmp ->  [Ver =  | Size = 1191362 bytes | Modified Date = 4/6/2008 8:32:51 PM | Attr =	]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.0 | Size = 290816 bytes | Modified Date = 4/6/2008 1:57:16 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 4/6/2008 11:33:22 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 540250 bytes | Modified Date = 4/6/2008 11:33:15 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\352DFC58EA831BD4CA7B0F4F7C1999D0\Usage]
"AiO_Device"=dword:38868b2a
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\Desktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\Favorites\NM trip.url:favicon 1406 bytes
C:\Documents and Settings\Joshward\Local Settings\Application Data\Microsoft\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\Local Settings\Temp\ygppicmgr\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\myspace\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\party\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\party2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\PTK Houston\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\PTK Nashville\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\random pix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\random+lake\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\ray\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\resized party pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\RFL & Golf Tourney\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Rockin OUT\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\die\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\dress up\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\easter (around)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Endofyear\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\FrO!\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Halloween\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\hudson\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Inductions and Car Wreck\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\ipod\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\jays v-day party\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\jklbjkh\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\2\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\4th and stuff\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\breck2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\CCR + Random Night\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\christmas and snow day\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\BB and Club\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\colors\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\muddin\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\supercharger\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\w70\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Rocktober fest and me\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\run up the wall\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\school pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\sd800\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\seans wedding\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\SLVR pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\megan!!\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Memorial pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\W70 daniel\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\zoo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\zresize\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\concert\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Daniel paintballin\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Colorado\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\tattoo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\TCU\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Texas de Brazil Don Pab\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Use these\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\UT, Grad party\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\best buy\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Board\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\Boston\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Pictures\brandie's wedding\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Videos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Music\iTunes\iTunes Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Music\iTunes\iTunes Music\z new music 1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Music\System of a Down\Mezmerize\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Music\System of a Down\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Music\The Postal Service\Give Up\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Music\The Postal Service\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Music\Weezer\Make Believe\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Music\Weezer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Music\z john\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\My Music\z new music 1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\more brazil pix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\brazil pix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Joshward\My Documents\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 185

< End of report >

#8 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 07 April 2008 - 06:54 AM

Hi joshward10,

Please open Start->Control Panel->Add/Remove Programs, look down the list for J2SE Runtime Environment 5.0 Update 6 and remove it. This is out of date and now a security risk, you can get the latest update (version 6 update 5) from here

You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player.
To remove, uninstall Viewpoint Media Player via Add/Remove Programs

Party Poker and PokerStars have been reported as being malware-related so I strongly recommend you remove them via Add/Remove Programs

Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Press OK and Yes to confirm

Temporarily disable Spyware Guard
  • Right click the running icon of Spywareguard in the system tray to open the program.
  • Then go to Menu->File, and choose Exit.
  • It will automatically restart at next boot.

Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following line:

O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Now open HijackThis, select Open the Misc Tools section
Next to the Generate StartupList log button, place a checkmark in the box labelled list also minor sections (full)
Then press the Generate StartupList log button and say Yes to the prompt
Save the StartupList log to your deskop and include a copy in your next response.
Now press Back and Scan and then Save log to create and save a new HijackThis log.

Once complete, please post the StartupList log and a new HijackThis log.
ASAP & UNITE Member

#9 joshward10

joshward10

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 07 April 2008 - 08:27 PM

Ok, when I tried removing PartyPoker an error came up. "An error occurred while trying to remove PartyPoker. It may have already been unistalled. Would you like to remove PartyPoker from the Add or Remove programs list?" I went ahead and said yes.

Here are my logs:

StartupList report, 4/7/2008, 9:24:32 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16608)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Joshward\Start Menu\Programs\Startup]
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = c:\windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
IntelMeM = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
D-Link AirPlus XtremeG = C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
ANIWZCS2Service = C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\LOGON.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?linkid=39204

[Snapfish Activia]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
CODEBASE = http://photo.walgree...eensActivia.cab

[Facebook Photo Uploader Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx
CODEBASE = http://upload.facebo...otoUploader.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.ma...t/ultrashim.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[Facebook Photo Uploader 4]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader4_5.ocx
CODEBASE = http://upload.facebo...Uploader4_5.cab

--------------------------------------------------

Enumerating Windows NT/2000/XP services

ANIO Service: \??\C:\WINDOWS\system32\ANIO.SYS (autostart)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 12,892 bytes
Report generated in 0.250 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only





Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 9:25:13 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Joshward\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Joshward\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#10 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 08 April 2008 - 12:12 AM

Hi joshward10, How did you get on with the Java Runtime update? Your log is showing an older version of Java that previously, the latest is Version 6 Update 5. Also, tell me how your computer is behaving now, are you experiencing the same symptoms?
ASAP & UNITE Member

#11 joshward10

joshward10

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 10 April 2008 - 01:26 PM

I'm really sorry it took this long to respond. I just got really busy with some tests I had to study for. Well last night I downloaded the new java that you told me to get. The only thing is that there were some thunderstorms last night and the power went off. I'm pretty sure it got done installing before the power went out though. And the computer is still choppy for some reason. If I could just get iTunes to not chop when playing music I would be a happy camper haha..

Here is another HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:22:33 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\iTunes\iTunes.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Joshward\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Joshward\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Thanks.

#12 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 10 April 2008 - 07:41 PM

Hi joshward10,

There is still old Java Runtime visible in your log and I can't see the new version. This is important because the old versions can cause your machine to be infected simply by visiting a malicious website. If you open Start->Control Panel->Add/Remove Programs, you should remove any Java Runtime programs apart from Version 6 Update 5 - this is the latest version and the only one you need. If you don't have it you can download it from here.

Download OTCleanIt to your Desktop
Double-click it to run the program, and press the CleanUp! button.
When prompted, allow your computer to be rebooted.

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

------------------------------------------------------------------------

At this stage I cannot find a malware-related cause for the problems you are experiencing, so I'd say there are other causes. I think the fastest way to resolve the issue is to refer you to the Microsoft Windows forum here at WTT, the experts there specialize in this type of problem and a speedy resolution is very likely.

Here are some tips to help you keep your computer clean:

You should consider installing a Personal Firewall program. Even if you are behind a NAT router, I recommend you use firewall software as it will improve the security of your computer by monitoring and controlling outbound connections to the internet as well as inbound. There are various free packages available, one I can recommend is Comodo:
http://www.personalf...all.comodo.com/
A tutorial on firewalls to help you get started:
http://www.bleepingc...tutorial60.html

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
ASAP & UNITE Member

#13 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 14 April 2008 - 08:48 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
ASAP & UNITE Member

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·