[Win32 Services - Non-Microsoft Only]
Service 11Fßä#·ºÄÖ`I stopped successfully.
Service 11Fßä#·ºÄÖ`I deleted successfully.
File C:\WINDOWS\SYSTEM32\appdl32.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\IntelVideo.dll.bak moved successfully.
[Files/Folders - Modified Within 30 days]
ADS C:\WINDOWS\bootstat.dat:ppvmqi deleted successfully.
ADS C:\WINDOWS\oplimit.ini:rhuhij deleted successfully.
ADS C:\WINDOWS\outlook.pst:mtujkw deleted successfully.
[File String Scan - Non-Microsoft Only]
ADS C:\cpm.exe:Zone.Identifier deleted successfully.
Unable to delete ADS C:\WINDOWS\bootstat.dat:ppvmqi .
C:\WINDOWS\btjsb.log moved successfully.
C:\WINDOWS\bwxfv.dat moved successfully.
ADS C:\WINDOWS\clock.avi:aifrvu deleted successfully.
ADS C:\WINDOWS\comsetup.log:bbhqnl deleted successfully.
ADS C:\WINDOWS\control.ini:dhcpwn deleted successfully.
ADS C:\WINDOWS\dekve.dat:dopnew deleted successfully.
ADS C:\WINDOWS\dpcrp.txt:psnucy deleted successfully.
C:\WINDOWS\dpcrp.txt moved successfully.
C:\WINDOWS\eglzx.dat moved successfully.
ADS C:\WINDOWS\eqkcg.log:hkyekx deleted successfully.
C:\WINDOWS\eqkcg.log moved successfully.
C:\WINDOWS\evqhw.txt moved successfully.
ADS C:\WINDOWS\explorer.scf:zkjjei deleted successfully.
C:\WINDOWS\funqg.dat moved successfully.
C:\WINDOWS\gbagc.log moved successfully.
C:\WINDOWS\ggqvl.log moved successfully.
C:\WINDOWS\hdmko.log moved successfully.
C:\WINDOWS\iurku.log moved successfully.
ADS C:\WINDOWS\KB834707-IE6-20040929.115007.log:fmjkoj deleted successfully.
C:\WINDOWS\lhdgt.log moved successfully.
C:\WINDOWS\lrokq.log moved successfully.
ADS C:\WINDOWS\Michael Bloom.acl:nuowex deleted successfully.
ADS C:\WINDOWS\MSILog.txt:abxwkt deleted successfully.
ADS C:\WINDOWS\mwhii.log:jlyfrg deleted successfully.
ADS C:\WINDOWS\mxmmv.txt:pkbxwm deleted successfully.
C:\WINDOWS\mxmmv.txt moved successfully.
C:\WINDOWS\nqgmt.log moved successfully.
C:\WINDOWS\nwzmc.dat moved successfully.
C:\WINDOWS\oipub.log moved successfully.
Unable to delete ADS C:\WINDOWS\oplimit.ini:rhuhij .
Unable to delete ADS C:\WINDOWS\outlook.pst:mtujkw .
C:\WINDOWS\pbjde.txt moved successfully.
ADS C:\WINDOWS\Prairie Wind.bmp:twdcyx deleted successfully.
ADS C:\WINDOWS\Q323255.log:gzkcsn deleted successfully.
ADS C:\WINDOWS\Q323255.log:vvixsa deleted successfully.
ADS C:\WINDOWS\Q329170.log:ahkgmm deleted successfully.
ADS C:\WINDOWS\Q329390.log:ovbkul deleted successfully.
ADS C:\WINDOWS\Q810577.log:kwcjbg deleted successfully.
C:\WINDOWS\rfxhz.txt moved successfully.
C:\WINDOWS\ridih.dat moved successfully.
ADS C:\WINDOWS\SchedLgU.Txt:orljgf deleted successfully.
ADS C:\WINDOWS\setupapi.log.0.old:pbeyfq deleted successfully.
ADS C:\WINDOWS\Soap Bubbles.bmp:ozisrs deleted successfully.
ADS C:\WINDOWS\Soap Bubbles.bmp:xkxkxf deleted successfully.
ADS C:\WINDOWS\svcpack.log:ktvmmo deleted successfully.
C:\WINDOWS\sxtvu.txt moved successfully.
ADS C:\WINDOWS\tgyuu.log:dtnzpr deleted successfully.
ADS C:\WINDOWS\Upmagic.ini:cexgrv deleted successfully.
C:\WINDOWS\uqqqb.log moved successfully.
ADS C:\WINDOWS\vb.ini:camovw deleted successfully.
ADS C:\WINDOWS\vbaddin.ini:oxwtvq deleted successfully.
C:\WINDOWS\vtqyx.txt moved successfully.
ADS C:\WINDOWS\Windows Update.log:tcfujk deleted successfully.
ADS C:\WINDOWS\WindowsUpdate.log:cjcxbh deleted successfully.
ADS C:\WINDOWS\wininit.ini:hyvnrc deleted successfully.
ADS C:\WINDOWS\wininit.ini:iefwrg deleted successfully.
ADS C:\WINDOWS\WS40.CHW:azwdgj deleted successfully.
ADS C:\WINDOWS\WS40.CHW:ryhava deleted successfully.
C:\WINDOWS\xhpdu.log moved successfully.
ADS C:\WINDOWS\xjhwa.dat:ztcmrx deleted successfully.
C:\WINDOWS\xjhwa.dat moved successfully.
ADS C:\WINDOWS\xpsp1hfm.log:krafql deleted successfully.
C:\WINDOWS\yueyn.txt moved successfully.
C:\WINDOWS\yvtxm.txt moved successfully.
ADS C:\WINDOWS\Zapotec.bmp:ndqafc deleted successfully.
C:\WINDOWS\zcbia.txt moved successfully.
C:\WINDOWS\zkdkg.log moved successfully.
C:\WINDOWS\zrast.log moved successfully.
ADS C:\WINDOWS\_default.pif:bsmsjb deleted successfully.
ADS C:\WINDOWS\_default.pif:bsspcu deleted successfully.
ADS C:\WINDOWS\_default.pif:cdvetb deleted successfully.
ADS C:\WINDOWS\_default.pif:cjotde deleted successfully.
ADS C:\WINDOWS\_default.pif:cslrec deleted successfully.
ADS C:\WINDOWS\_default.pif:cssssv deleted successfully.
ADS C:\WINDOWS\_default.pif:cubxyf deleted successfully.
ADS C:\WINDOWS\_default.pif:cwsqig deleted successfully.
ADS C:\WINDOWS\_default.pif:dpayks deleted successfully.
ADS C:\WINDOWS\_default.pif:eglzxx deleted successfully.
ADS C:\WINDOWS\_default.pif:egorui deleted successfully.
ADS C:\WINDOWS\_default.pif:flojax deleted successfully.
ADS C:\WINDOWS\_default.pif:ftaaxg deleted successfully.
ADS C:\WINDOWS\_default.pif:ggjcib deleted successfully.
ADS C:\WINDOWS\_default.pif:gpxnlc deleted successfully.
ADS C:\WINDOWS\_default.pif:gxrond deleted successfully.
ADS C:\WINDOWS\_default.pif:hsgzwi deleted successfully.
ADS C:\WINDOWS\_default.pif:hsvwip deleted successfully.
ADS C:\WINDOWS\_default.pif:iszkik deleted successfully.
ADS C:\WINDOWS\_default.pif:ivwynd deleted successfully.
ADS C:\WINDOWS\_default.pif:jmsfhq deleted successfully.
ADS C:\WINDOWS\_default.pif:jrtlca deleted successfully.
ADS C:\WINDOWS\_default.pif:jtjjwu deleted successfully.
ADS C:\WINDOWS\_default.pif:jvhlgw deleted successfully.
ADS C:\WINDOWS\_default.pif:lpptph deleted successfully.
ADS C:\WINDOWS\_default.pif:meeufw deleted successfully.
ADS C:\WINDOWS\_default.pif:mseeym deleted successfully.
ADS C:\WINDOWS\_default.pif:ndrmay deleted successfully.
ADS C:\WINDOWS\_default.pif:ngxrdd deleted successfully.
ADS C:\WINDOWS\_default.pif:oomirs deleted successfully.
ADS C:\WINDOWS\_default.pif:orljgf deleted successfully.
ADS C:\WINDOWS\_default.pif:qmacxk deleted successfully.
ADS C:\WINDOWS\_default.pif:qrgxga deleted successfully.
ADS C:\WINDOWS\_default.pif:raqecs deleted successfully.
ADS C:\WINDOWS\_default.pif:rqigip deleted successfully.
ADS C:\WINDOWS\_default.pif:rxjtif deleted successfully.
ADS C:\WINDOWS\_default.pif:sumrlz deleted successfully.
ADS C:\WINDOWS\_default.pif:udmocm deleted successfully.
ADS C:\WINDOWS\_default.pif:udojve deleted successfully.
ADS C:\WINDOWS\_default.pif:vfgrmg deleted successfully.
ADS C:\WINDOWS\_default.pif:vkggfo deleted successfully.
ADS C:\WINDOWS\_default.pif:vnudpi deleted successfully.
ADS C:\WINDOWS\_default.pif:wqsdmc deleted successfully.
ADS C:\WINDOWS\_default.pif:wrchan deleted successfully.
ADS C:\WINDOWS\_default.pif:xhhewt deleted successfully.
ADS C:\WINDOWS\_default.pif:xhixyg deleted successfully.
ADS C:\WINDOWS\_default.pif:xmhpvz deleted successfully.
ADS C:\WINDOWS\_default.pif:xusgri deleted successfully.
ADS C:\WINDOWS\_default.pif:zhcpkd deleted successfully.
ADS C:\WINDOWS\_default.pif:zpqbof deleted successfully.
C:\WINDOWS\SYSTEM32\apjed.dat moved successfully.
C:\WINDOWS\SYSTEM32\furlb.dat moved successfully.
C:\WINDOWS\SYSTEM32\fvmxv.txt moved successfully.
C:\WINDOWS\SYSTEM32\gbsln.dat moved successfully.
File C:\WINDOWS\SYSTEM32\IntelVideo.dll.bak not found!
C:\WINDOWS\SYSTEM32\ivafm.txt moved successfully.
C:\WINDOWS\SYSTEM32\iygsm.txt moved successfully.
C:\WINDOWS\SYSTEM32\jebxb.txt moved successfully.
C:\WINDOWS\SYSTEM32\lywok.txt moved successfully.
C:\WINDOWS\SYSTEM32\mcbzz.txt moved successfully.
C:\WINDOWS\SYSTEM32\nelni.txt moved successfully.
C:\WINDOWS\SYSTEM32\ozswp.log moved successfully.
C:\WINDOWS\SYSTEM32\qwfod.txt moved successfully.
C:\WINDOWS\SYSTEM32\truei.txt moved successfully.
C:\WINDOWS\SYSTEM32\ugpob.log moved successfully.
C:\WINDOWS\SYSTEM32\vlsrl.txt moved successfully.
C:\WINDOWS\SYSTEM32\wmjmt.log moved successfully.
C:\WINDOWS\SYSTEM32\xoczn.txt moved successfully.
C:\WINDOWS\SYSTEM32\zjjer.txt moved successfully.
< End of log >
Created on 11/05/2007 13:39:18
And here is the WinPFind3U scan:
WinPFind3 logfile created on: 11/5/2007 1:43:03 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Michael Bloom\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
511.48 Mb Total Physical Memory | 208.24 Mb Available Physical Memory | 40.71% Memory free
1.22 Gb Paging File | 0.80 Gb Available in Paging File | 65.41% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.39 Gb Total Space | 9.53 Gb Free Space | 25.50% Space Free
Drive D: | 37.14 Gb Total Space | 5.46 Gb Free Space | 14.70% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: MICHAEL-RC14HL1
Current User Name: Michael Bloom
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:04 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 58992 bytes | Modified Date = 7/14/2005 9:16:00 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 198256 bytes | Modified Date = 7/14/2005 9:16:30 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 181872 bytes | Modified Date = 7/14/2005 9:16:44 PM | Attr = ]
connectioncenter.exe -> %ProgramFiles%\NetZero DSL\ConnectionCenter.exe -> NetZero, Inc. [Ver = 3.0.0.0 | Size = 1095152 bytes | Modified Date = 9/17/2007 4:48:48 PM | Attr = ]
dvd43_tray.exe -> %ProgramFiles%\dvd43\dvd43_tray.exe -> Captain Red [Ver = 1.3.0.54 | Size = 271360 bytes | Modified Date = 12/4/2003 3:50:00 AM | Attr = ]
easyshare.exe -> %ProgramFiles%\KODAK\Kodak EasyShare software\bin\EasyShare.exe -> [Ver = 5, 3, 33, 27 | Size = 180224 bytes | Modified Date = 6/7/2006 6:26:28 AM | Attr = ]
hotsync.exe -> D:\Program Files\Sony Handheld\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:16:08 PM | Attr = ]
java.exe -> D:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\jre\bin\java.exe -> [Ver = | Size = 24681 bytes | Modified Date = 5/7/2004 9:20:52 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.50.5 | Size = 36975 bytes | Modified Date = 8/26/2005 6:14:44 PM | Attr = ]
lifedrivemgrtray.exe -> D:\Program Files\Sony Handheld\LifeDriveMgrTray.exe -> palmOne, Inc. [Ver = 1.0.0.2 | Size = 86016 bytes | Modified Date = 4/28/2005 11:49:30 AM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11/28/2005 12:11:36 PM | Attr = ]
navapsvc.exe -> D:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.9.16 | Size = 177264 bytes | Modified Date = 1/10/2005 12:20:22 PM | Attr = ]
nopdb.exe -> D:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -> Symantec Corporation [Ver = 7.00.0.24 | Size = 181416 bytes | Modified Date = 8/30/2004 11:50:38 PM | Attr = ]
npfmntor.exe -> D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.9.16 | Size = 46704 bytes | Modified Date = 1/10/2005 12:20:42 PM | Attr = ]
nprotect.exe -> D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -> Symantec Corporation [Ver = 18.0.0.62 | Size = 95328 bytes | Modified Date = 8/30/2004 11:52:10 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
ocrawr32.exe -> %SystemDrive%\OPLIMIT\OCRAWR32.EXE -> Caere Corporation [Ver = 5, 0, 0, 1 | Size = 41984 bytes | Modified Date = 3/19/1998 3:22:02 PM | Attr = ]
osa.exe -> D:\Program Files\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 61440 bytes | Modified Date = 7/12/2000 9:53:20 PM | Attr = ]
palmoneliveconnect.exe -> D:\Program Files\Sony Handheld\PalmOneLiveConnect.exe -> palmOne, Inc. [Ver = 2.0.0.1 | Size = 86016 bytes | Modified Date = 4/28/2005 11:48:56 AM | Attr = ]
pctspk.exe -> %System32%\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 3:36:54 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 1/23/2006 12:15:16 AM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 8/2/2005 9:41:20 AM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 3.50.31a | Size = 114741 bytes | Modified Date = 2/7/2003 1:03:00 AM | Attr = ]
vsaccess.exe -> %SystemDrive%\VSTASCAN\VsAccess.exe -> UMAX [Ver = 2.0 | Size = 282624 bytes | Modified Date = 7/11/2001 8:18:28 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]
wrapper.exe -> D:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe -> [Ver = | Size = 126976 bytes | Modified Date = 7/16/2004 10:26:44 PM | Attr = ]
wzqkpick.exe -> D:\Program Files\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 3/23/2007 10:41:34 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:04 AM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11/28/2005 12:11:36 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 198256 bytes | Modified Date = 7/14/2005 9:16:30 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 79472 bytes | Modified Date = 7/14/2005 9:16:40 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 181872 bytes | Modified Date = 7/14/2005 9:16:44 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:04 AM | Attr = ]
(mple7docserver) Maya 7 PLE Documentation Server [Win32_Own | Auto | Running] -> D:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe -> [Ver = | Size = 126976 bytes | Modified Date = 7/16/2004 10:26:44 PM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> D:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.9.16 | Size = 177264 bytes | Modified Date = 1/10/2005 12:20:22 PM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.9.16 | Size = 46704 bytes | Modified Date = 1/10/2005 12:20:42 PM | Attr = ]
(NProtectService) Norton Unerase Protection [Win32_Own | Auto | Running] -> D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -> Symantec Corporation [Ver = 18.0.0.62 | Size = 95328 bytes | Modified Date = 8/30/2004 11:52:10 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
(Pctspk) PCTEL Speaker Phone [Win32_Own | Auto | Running] -> %System32%\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 3:36:54 PM | Attr = ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> D:\Program Files\Norton SystemWorks\Norton AntiVirus\savscan.exe -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 3/7/2005 2:59:36 PM | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.0.9.16 | Size = 67184 bytes | Modified Date = 1/10/2005 12:20:48 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 AM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 9:24:04 AM | Attr = ]
(Speed Disk service) Speed Disk service [Win32_Own | Auto | Running] -> D:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -> Symantec Corporation [Ver = 7.00.0.24 | Size = 181416 bytes | Modified Date = 8/30/2004 11:50:38 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 8/2/2005 9:41:20 AM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 58992 bytes | Modified Date = 7/14/2005 9:16:00 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 3.50.31a | Size = 114741 bytes | Modified Date = 2/7/2003 1:03:00 AM | Attr = ]
dvd43 -> %ProgramFiles%\dvd43\dvd43_tray.exe -> Captain Red [Ver = 1.3.0.54 | Size = 271360 bytes | Modified Date = 12/4/2003 3:50:00 AM | Attr = ]
NetZeroDSL -> %ProgramFiles%\NetZero DSL\ConnectionCenter.exe -> NetZero, Inc. [Ver = 3.0.0.0 | Size = 1095152 bytes | Modified Date = 9/17/2007 4:48:48 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1622016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 1/23/2006 12:15:16 AM | Attr = ]
StorageGuard -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.11a | Size = 155648 bytes | Modified Date = 2/13/2003 1:01:00 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.50.5 | Size = 36975 bytes | Modified Date = 8/26/2005 6:14:44 PM | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 8/2/2005 11:24:50 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Internet Download Accelerator -> d:\Program Files\IDA\ida.exe -> File not found
Norton SystemWorks -> D:\Program Files\Norton SystemWorks\CfgWiz.exe -> Symantec Corporation [Ver = 5.0.0.51 | Size = 132248 bytes | Modified Date = 9/9/2004 7:12:00 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\HotSync Manager.lnk -> D:\Program Files\Sony Handheld\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:16:08 PM | Attr = ]
%AllUsersStartup%\Kodak EasyShare software.lnk -> %ProgramFiles%\KODAK\Kodak EasyShare software\bin\EasyShare.exe -> [Ver = 5, 3, 33, 27 | Size = 180224 bytes | Modified Date = 6/7/2006 6:26:28 AM | Attr = ]
%AllUsersStartup%\WinZip Quick Pick.lnk -> D:\Program Files\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Michael Bloom\Start Menu\Programs\Startup ->
%UserStartup%\LifeDrive™ Manager.lnk -> D:\Program Files\Sony Handheld\LifeDriveMgrTray.exe -> palmOne, Inc. [Ver = 1.0.0.2 | Size = 86016 bytes | Modified Date = 4/28/2005 11:49:30 AM | Attr = ]
%UserStartup%\Microsoft Find Fast.lnk -> D:\Program Files\Microsoft Office\Office\FINDFAST.EXE -> [Ver = | Size = 122880 bytes | Modified Date = 7/12/2000 9:53:10 PM | Attr = ]
%UserStartup%\OCRAWARE.lnk -> %SystemDrive%\OPLIMIT\OCRAWARE.EXE -> Caere Corporation [Ver = | Size = 51360 bytes | Modified Date = 7/18/1998 11:26:06 AM | Attr = ]
%UserStartup%\Office Startup.lnk -> D:\Program Files\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 61440 bytes | Modified Date = 7/12/2000 9:53:20 PM | Attr = ]
-> %UserStartup%\PowerReg Scheduler V3.exe -> Leader Technologies [Ver = 3,0,0,0 | Size = 225280 bytes | Modified Date = 8/19/2005 10:56:16 PM | Attr = ]
%UserStartup%\UMAX VistaAccess.lnk -> %SystemDrive%\VSTASCAN\VsAccess.exe -> UMAX [Ver = 2.0 | Size = 282624 bytes | Modified Date = 7/11/2001 8:18:28 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://my.netzero.ne...i...&mn=2739352 ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://my.netzero.ne...=minisearch_dsl ->
HKCU: Search Page -> http://my.netzero.ne...=minisearch_dsl ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: URLSearchHooks\\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} [HKLM] -> %ProgramFiles%\NetZero DSL\SearchEnh1.dll [URLSearchHook Class] -> NetZero, Inc. [Ver = 3.0.0.0 | Size = 284144 bytes | Modified Date = 9/13/2007 2:34:20 PM | Attr = ]
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> *.local ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
turbotax.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{4224FF33-C2EB-4039-B8C8-6EED565B9D96} [HKLM] -> %ProgramFiles%\NetZero DSL\PopupBlocker.dll [Pop-up Blocker] -> United Online, Inc. [Ver = 1.0.0.0 | Size = 225240 bytes | Modified Date = 3/6/2007 11:27:46 AM | Attr = ]
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} [HKLM] -> %ProgramFiles%\E-Book Systems\FlipAlbum 6 Pro\FpLaunch.dll [FlpLauncher Class] -> [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 8/21/2000 12:39:30 PM | Attr = ]
{52706EF7-D7A2-49AD-A615-E903858CF284} [HKLM] -> d:\Program Files\NetZero\qsacc\X1IEBHO.dll [Popup-Blocker Class] -> NetZero, Inc. [Ver = 3.6.00 | Size = 175560 bytes | Modified Date = 6/27/2005 4:02:02 PM | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> D:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 11.0.9.16 | Size = 218736 bytes | Modified Date = 1/10/2005 12:20:36 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> D:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.9.16 | Size = 218736 bytes | Modified Date = 1/10/2005 12:20:36 PM | Attr = ]
{8E613EAF-E16E-415C-BD39-F71D6A3B5518} [HKLM] -> %ProgramFiles%\NetZero DSL\Toolbar.dll [NetZero DSL] -> NetZero, Inc. [Ver = 3.0.0.0 | Size = 264688 bytes | Modified Date = 9/13/2007 2:34:26 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> D:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.9.16 | Size = 218736 bytes | Modified Date = 1/10/2005 12:20:36 PM | Attr = ]
WebBrowser\\{8E613EAF-E16E-415C-BD39-F71D6A3B5518} [HKLM] -> %ProgramFiles%\NetZero DSL\Toolbar.dll [NetZero DSL] -> NetZero, Inc. [Ver = 3.0.0.0 | Size = 264688 bytes | Modified Date = 9/13/2007 2:34:26 PM | Attr = ]
WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKLM] -> d:\Program Files\NetZero\Toolbar.dll [ZeroBar] -> [Ver = 2, 0, 0, 1 | Size = 292304 bytes | Modified Date = 12/1/2005 4:10:56 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_05\bin\npjpi150_05.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.50.5 | Size = 69746 bytes | Modified Date = 8/26/2005 6:33:54 PM | Attr = ]
{7F9DB11C-E358-4ca6-A83D-ACC663939424} -> Reg Data - Value does not exist [ButtonText: Bonjour] -> File not found
{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Display All Images with Full Quality -> -> File not found
Display Image with Full Quality -> -> File not found
Download ALL with IDA -> Reg Data - Value does not exist -> File not found
Download with IDA -> Reg Data - Value does not exist -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{17E4B705-43A2-4D8E-8AE4-F78E1384CC6D} -> (VIA Rhine II Fast Ethernet Adapter) ->
{4B81F4DE-0B7B-4FE5-BE09-17E8B9630991} -> () ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 94208 bytes | Modified Date = 11/28/2005 12:11:28 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky...can_unicode.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.micr...922/wmv9VCM.CAB ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.micros...b?1124491344102 ->
{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} -> - CodeBase = file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{AE563720-B4F5-11D4-A415-00108302FDFD} -> NOXLATE-BANR - CodeBase = file://C:\Program Files\AutoCAD 2002\InstBanr.ocx ->
{C6637286-300D-11D4-AE0A-0010830243BD} -> InstaFred - CodeBase = file://C:\Program Files\AutoCAD 2002\InstFred.ocx ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.m...ash/swflash.cab ->
{F281A59C-7B65-11D3-8617-0010830243BD} -> - CodeBase = file://C:\Program Files\AutoCAD 2002\AcPreview.ocx ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 11/3/2007 7:09:49 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 11/1/2007 11:12:19 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 11/3/2007 7:10:52 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 11/2/2007 12:54:31 PM | Attr = ]
txlog.xml -> %SystemDrive%\txlog.xml -> [Ver = | Size = 21 bytes | Created Date = 10/30/2007 9:15:22 AM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 11/4/2007 9:34:08 AM | Attr = ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/10/2007 3:03:26 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/10/2007 3:01:02 AM | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 11/3/2007 7:10:03 PM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 11/1/2007 11:32:42 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 11/2/2007 12:59:50 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 11/3/2007 7:10:03 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 10/22/2007 2:50:46 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 10/22/2007 2:50:46 PM | Attr = H ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 10/30/2007 10:47:33 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 10/30/2007 6:58:47 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 11/1/2007 11:45:42 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 11/3/2007 7:10:03 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 11/3/2007 7:10:03 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 11/3/2007 7:10:03 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2792 bytes | Created Date = 11/1/2007 10:44:08 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 11/3/2007 7:10:03 PM | Attr = ]
AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 11/4/2007 10:05:31 AM | Attr = ]
[Files/Folders - Modified Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 11/3/2007 7:16:36 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 11/1/2007 11:12:20 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/4/2007 10:07:56 AM | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 11/3/2007 7:15:46 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 11/2/2007 1:11:50 PM | Attr = ]
txlog.xml -> %SystemDrive%\txlog.xml -> [Ver = | Size = 21 bytes | Modified Date = 10/30/2007 9:15:34 AM | Attr = ]
VSTASCAN -> %SystemDrive%\VSTASCAN -> [Folder | Modified Date = 11/3/2007 11:56:12 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/5/2007 1:39:18 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 11/4/2007 9:34:10 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/10/2007 3:03:24 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/10/2007 3:03:28 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/10/2007 3:01:04 AM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/4/2007 10:07:36 AM | Attr = S]
Cache -> %SystemRoot%\Cache -> [Folder | Modified Date = 10/30/2007 7:51:28 AM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/29/2007 6:56:20 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 11/1/2007 11:45:44 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 11/3/2007 7:15:12 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 11/2/2007 1:00:06 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/27/2007 11:38:26 PM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/10/2007 3:01:24 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/10/2007 3:01:46 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/1/2007 11:45:44 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/3/2007 9:59:36 AM | Attr = HS]
IP4000,3000 -> %SystemRoot%\IP4000,3000 -> [Folder | Modified Date = 10/30/2007 7:51:28 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 10/17/2007 11:11:04 PM | Attr = ]
oplimit.ini -> %SystemRoot%\oplimit.ini -> [Ver = | Size = 732 bytes | Modified Date = 11/4/2007 10:06:06 AM | Attr = ]
outlook.pst -> %SystemRoot%\outlook.pst -> [Ver = | Size = 1343488 bytes | Modified Date = 10/12/2007 3:45:46 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/5/2007 12:00:14 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/1/2007 11:25:16 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/4/2007 10:08:08 AM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 11/1/2007 11:24:22 PM | Attr = ]
scan05a.ini -> %SystemRoot%\scan05a.ini -> [Ver = | Size = 10438 bytes | Modified Date = 11/5/2007 1:36:58 PM | Attr = ]
StartHtmico -> %SystemRoot%\StartHtmico -> [Folder | Modified Date = 10/30/2007 7:51:40 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 11/5/2007 1:39:20 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 11/5/2007 12:05:32 PM | Attr = ]
umaxuapi.ini -> %SystemRoot%\umaxuapi.ini -> [Ver = | Size = 6952 bytes | Modified Date = 11/3/2007 11:56:00 AM | Attr = ]
vista32.ini -> %SystemRoot%\vista32.ini -> [Ver = | Size = 6701 bytes | Modified Date = 11/4/2007 10:11:28 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1324 bytes | Modified Date = 10/12/2007 2:57:46 PM | Attr = ]
Norton AntiVirus - Scan my computer - Michael Bloom.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Michael Bloom.job -> [Ver = | Size = 564 bytes | Modified Date = 11/3/2007 9:02:34 AM | Attr = ]
Norton SystemWorks One Button Checkup.job -> %SystemRoot%\tasks\Norton SystemWorks One Button Checkup.job -> [Ver = | Size = 308 bytes | Modified Date = 11/5/2007 12:23:14 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/4/2007 10:07:48 AM | Attr = H ]
Symantec Drmc.job -> %SystemRoot%\tasks\Symantec Drmc.job -> [Ver = | Size = 324 bytes | Modified Date = 11/5/2007 12:00:02 AM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 10/30/2007 10:47:34 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/3/2007 1:18:40 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 11/2/2007 10:15:50 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/10/2007 3:03:30 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/4/2007 10:05:32 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 11/1/2007 11:45:44 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 87959 bytes | Modified Date = 11/4/2007 10:08:14 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 59472 bytes | Modified Date = 10/30/2007 10:04:34 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 393968 bytes | Modified Date = 10/30/2007 10:04:34 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 460590 bytes | Modified Date = 10/30/2007 10:04:34 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2792 bytes | Modified Date = 11/1/2007 11:05:18 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13050 bytes | Modified Date = 11/4/2007 10:07:48 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 11/2/2007 1:01:44 PM | Attr = ]
[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemDrive%\all.exe -> [Ver = | Size = 17520 bytes | Modified Date = 8/14/2005 2:35:14 PM | Attr = ]
UPX! , UPX0 , -> %SystemDrive%\FixIefts.exe -> Symantec Corporation [Ver = 1.0.1 | Size = 156296 bytes | Modified Date = 10/5/2005 7:24:32 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
PEC2 , -> %System32%\Dwapilib.tlb -> [Ver = | Size = 197171 bytes | Modified Date = 2/14/1997 11:24:14 PM | Attr = ]
Thawte Consulting , -> %System32%\mfimgvwr.ocx -> MyFamily.com, Inc. [Ver = 2.0.0.1 | Size = 189976 bytes | Modified Date = 10/18/2006 2:52:24 PM | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 4:04:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 11/19/2003 3:59:36 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Modified Date = 6/14/2004 3:56:26 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 5:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
< End of report >