[Mi-Chan]

Hi I'm Natsumi and I'm relatively new to this whole computer forum
site thing so please advise me if I'm posting wrongly etc. etc.

Anyway I read the "you must read this before posting a hijack this log"
post just FYI! Below is my hijack this log and I'll reply with an uninstall
list IF required. So please let me know and I'll post that up too.

The problem I'm having is Smitfraud-C.CoreService which refuses to
delete. I've tried all the solutions I've found on this site - the combofix,
smitfraud fix etc etc. But it still shows up on my spybot scans - please
help! I would love to get a one on one regarding this matter seeing as
I've tried all the self solutions etc.

Thank you so much to whomever helps out!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:22 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\APPS\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [RemoteControl] C:\APPS\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=032608 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 11218 bytes

[Advertisements]

Hello Mi-Chan and welcome to the G2G HijackThis forum. Let's see what we can find. Please follow the steps below in order.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Close ALL Internet browsers (very important).
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• In the Drivers section click on Non-Microsoft.
• Under Additional Scans click the checkboxes in front of the following items to select them:
  
  • Reg - BotCheck
    File - Additional Folder Scans
    
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT

[OldTimer]

Hello Mi-Chan and welcome to the G2G HijackThis forum. Let's see what we can find. Please follow the steps below in order.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Close ALL Internet browsers (very important).
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• In the Drivers section click on Non-Microsoft.
• Under Additional Scans click the checkboxes in front of the following items to select them:
  
  • Reg - BotCheck
    File - Additional Folder Scans
    
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT

[Mi-Chan]

Hi OT!

Thank you so much for addressing my problem!
I did all that you asked and here is the (split into two parts) report:

[code=auto:0]
OTScanIt logfile created on: 2008-03-23 10:40:56
OTScanIt by OldTimer - Version 1.0.6.0 Folder = C:\Documents and Settings\Natsumi Suzuki\My Documents\OTScanIt
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1022.11 Mb Total Physical Memory | 414.27 Mb Available Physical Memory | 40.53% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.63% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.14 Gb Total Space | 56.51 Gb Free Space | 64.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUZUKI
Current User Name: Natsumi Suzuki
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 13:27:08 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 13:28:18 | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2008-02-01 12:19:31 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2008-02-01 12:09:14 | Attr = ]
bwsvc.exe -> %ProgramFiles%\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe -> BUFFALO INC. [Ver = 2, 0, 3, 2 | Size = 397312 bytes | Modified Date = 2006-02-24 17:10:00 | Attr = ]
cmdagent.exe -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 507648 bytes | Modified Date = 2008-03-15 03:12:36 | Attr = ]
pifsvc.exe -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 2007-03-12 18:30:14 | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8599 | Size = 143426 bytes | Modified Date = 2006-07-11 17:24:00 | Attr = ]
sbcssvc.exe -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSSvc.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 788976 bytes | Modified Date = 2007-12-21 15:30:50 | Attr = ]
tablet.exe -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.90-3 | Size = 749568 bytes | Modified Date = 2005-06-18 01:30:46 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 794713 bytes | Modified Date = 2006-06-16 13:52:46 | Attr = ]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:50:51 | Size = 88363 bytes | Modified Date = 2004-10-08 08:20:52 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:35 | Attr = ]
tsnp2std.exe -> %SystemRoot%\tsnp2std.exe -> [Ver = 1, 1, 3, 6 | Size = 258048 bytes | Modified Date = 2006-07-07 12:34:32 | Attr = ]
vsnp2std.exe -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 5, 0 | Size = 675840 bytes | Modified Date = 2006-08-09 13:48:14 | Attr = ]
pdvdserv.exe -> %SystemDrive%\APPS\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2004-11-02 17:54:46 | Attr = ]
googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 2007-01-02 02:52:02 | Attr = ]
monitor.exe -> %CommonProgramFiles%\Ulead Systems\AutoDetector\Monitor.exe -> Ulead Systems, Inc. [Ver = 2.0.0.0 | Size = 90112 bytes | Modified Date = 2004-08-27 16:52:38 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3018 | Size = 180269 bytes | Modified Date = 2006-10-31 11:12:25 | Attr = ]
pifsvc.exe -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 2007-03-12 18:30:14 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2008-02-01 12:19:31 | Attr = ]
cfp.exe -> %ProgramFiles%\COMODO\Firewall\cfp.exe -> COMODO [Ver = 3.0.18.221 | Size = 1503488 bytes | Modified Date = 2008-03-15 03:07:17 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2008-02-19 13:10:32 | Attr = ]
sbcstray.exe -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSTray.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 698864 bytes | Modified Date = 2007-12-21 15:30:52 | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 2008-01-28 11:43:40 | Attr = RHS]
cm3_tray.exe -> %ProgramFiles%\BUFFALO\Client Manager3\cm3_tray.exe -> BUFFALO INC. [Ver = 1, 0, 1, 8 | Size = 466944 bytes | Modified Date = 2006-02-10 14:23:00 | Attr = ]
tabuserw.exe -> %SystemRoot%\system32\WTablet\TabUserW.exe -> Wacom Technology, Corp. [Ver = 4.90-3 | Size = 114688 bytes | Modified Date = 2005-06-18 02:05:50 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2008-02-19 13:10:24 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-10 23:10:17 | Attr = ]
lucoms~1.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
aupdate.exe -> %ProgramFiles%\Symantec\LiveUpdate\AUPDATE.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 623984 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
otscanit.exe -> %UserProfile%\My Documents\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.6.0 | Size = 311808 bytes | Modified Date = 2008-03-19 18:01:26 | Attr = ]
otscanit.exe -> %UserProfile%\My Documents\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.6.0 | Size = 311808 bytes | Modified Date = 2008-03-19 18:01:26 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 13:27:08 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 13:28:18 | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2008-02-01 12:19:31 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2008-02-01 12:09:14 | Attr = ]
(Bwsvc) Bwsvc [Win32_Own | Auto | Running] -> %ProgramFiles%\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe -> BUFFALO INC. [Ver = 2, 0, 3, 2 | Size = 397312 bytes | Modified Date = 2006-02-24 17:10:00 | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Running] -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 507648 bytes | Modified Date = 2008-03-15 03:12:36 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-03 22:11:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2008-02-19 13:10:24 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 2007-03-12 18:30:14 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8599 | Size = 143426 bytes | Modified Date = 2006-07-11 17:24:00 | Attr = ]
(SBCSSvc) Sunbelt CounterSpy Antispyware [Win32_Own | Auto | Running] -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSSvc.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 788976 bytes | Modified Date = 2007-12-21 15:30:50 | Attr = ]
(TabletService) TabletService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.90-3 | Size = 749568 bytes | Modified Date = 2005-06-18 01:30:46 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 2007-10-25 15:08:55 | Attr = ]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:51:06 | Size = 1270540 bytes | Modified Date = 2004-10-08 08:21:08 | Attr = ]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 2001-08-17 11:21:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 2004-08-03 20:37:44 | Attr = ]
(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 2001-08-17 11:22:00 | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 2001-08-17 11:21:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2008-02-01 12:19:29 | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2008-02-01 12:09:22 | Attr = ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2008-02-01 12:09:22 | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2008-02-01 12:19:34 | Attr = ]
(BUFADPT) BUFADPT [Kernel | System | Running] -> %SystemRoot%\system32\BUFADPT.SYS -> BUFFALO INC. [Ver = 1.0.2.1 built by: WinDDK | Size = 9600 bytes | Modified Date = 2005-07-06 13:52:00 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(cmdGuard) COMODO Firewall Pro Sandbox Driver [File_System | System | Running] -> %SystemRoot%\system32\drivers\cmdGuard.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 85112 bytes | Modified Date = 2008-03-15 03:12:03 | Attr = ]
(cmdHlp) COMODO Firewall Pro Helper Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 23800 bytes | Modified Date = 2008-03-15 03:12:05 | Attr = ]
(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 2001-08-17 11:21:54 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 2001-08-17 11:22:16 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 2008-01-22 14:30:00 | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 2006-09-19 12:44:04 | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows ® Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 2005-01-07 14:37:18 | Attr = ]
(Inspect) COMODO Firewall Pro Firewall Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\inspect.sys -> COMODO [Ver = 3.0.14.275 | Size = 79224 bytes | Modified Date = 2008-03-18 10:42:51 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 2001-08-17 11:22:12 | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8599 | Size = 3683840 bytes | Modified Date = 2006-07-11 17:24:00 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PenClass) Pen Class [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PenClass.sys -> Wacom Technology Corporation [Ver = 4.00 | Size = 8138 bytes | Modified Date = 2001-04-10 02:15:00 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 2005-04-25 14:33:00 | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 2001-08-17 11:22:20 | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 2001-08-17 11:22:20 | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 2001-08-17 11:22:18 | Attr = ]
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5,639,0118,2006 built by: WinDDK | Size = 80512 bytes | Modified Date = 2006-01-18 16:11:58 | Attr = ]
(SBHR) SBHR [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sbhr.sys -> [Ver = 2.2.932.0 | Size = 15544 bytes | Modified Date = 2008-03-14 15:36:00 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 15:55:53 | Attr = ]
(secdrvv) secdrvv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\secdrvv.sys -> [Ver = | Size = 86144 bytes | Modified Date = 2008-02-01 11:55:49 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 2004-08-03 20:37:44 | Attr = ]
(SNP2STD) USB2.0 PC Camera (SNP2STD) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\snp2sxp.sys -> [Ver = 5, 5, 8, 0 | Size = 11985920 bytes | Modified Date = 2006-08-11 15:22:50 | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 2001-08-17 11:37:44 | Attr = ]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.5010.0 nd455 cp1 | Size = 1155672 bytes | Modified Date = 2006-03-31 14:57:06 | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 2001-08-17 11:37:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 2001-08-17 11:37:36 | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20080212.002\symidsco.sys -> Symantec Corporation [Ver = 8.1.1.2 | Size = 158064 bytes | Modified Date = 2007-12-04 18:05:48 | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 2001-08-17 11:37:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 2001-08-17 11:37:42 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 193120 bytes | Modified Date = 2006-06-16 13:10:56 | Attr = ]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.1 | Size = 162176 bytes | Modified Date = 2005-12-06 17:45:00 | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 2001-08-17 11:22:22 | Attr = ]
(w39n51) Intel® PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w39n51.sys -> Intel® Corporation [Ver = 10, 1, 1, 3 | Size = 1429632 bytes | Modified Date = 2006-04-04 00:47:24 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(SBAPIFS) SBAPIFS [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\sbapifs.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2008-01-11 22:16:38 | Attr = ]
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:50:51 | Size = 88363 bytes | Modified Date = 2004-10-08 08:20:52 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2008-02-01 12:19:31 | Attr = ]
COMODO Firewall Pro -> %ProgramFiles%\COMODO\Firewall\cfp.exe -> COMODO [Ver = 3.0.18.221 | Size = 1503488 bytes | Modified Date = 2008-03-15 03:07:17 | Attr = ]
Corel Painter Essentials 21a -> %ProgramFiles%\Corel\Corel Painter Essentials 2\registration.exe -> Corel Corporation [Ver = 10.590 | Size = 733184 bytes | Modified Date = 2004-03-18 12:08:08 | Attr = ]
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 2007-01-02 02:52:02 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2008-02-19 13:10:32 | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8599 | Size = 7581696 bytes | Modified Date = 2006-07-11 17:24:00 | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 2006-07-11 17:24:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\Ringz Studio\Storm Codec\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2008-01-31 23:13:08 | Attr = ]
RemoteControl -> %SystemDrive%\APPS\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2004-11-02 17:54:46 | Attr = ]
SBCSTray -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSTray.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 698864 bytes | Modified Date = 2007-12-21 15:30:52 | Attr = ]
snp2std -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 5, 0 | Size = 675840 bytes | Modified Date = 2006-08-09 13:48:14 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:35 | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 2007-03-12 18:30:14 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 794713 bytes | Modified Date = 2006-06-16 13:52:46 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3018 | Size = 180269 bytes | Modified Date = 2006-10-31 11:12:25 | Attr = ]
tsnp2std -> %SystemRoot%\tsnp2std.exe -> [Ver = 1, 1, 3, 6 | Size = 258048 bytes | Modified Date = 2006-07-07 12:34:32 | Attr = ]
Ulead AutoDetector v2 -> %CommonProgramFiles%\Ulead Systems\AutoDetector\Monitor.exe -> Ulead Systems, Inc. [Ver = 2.0.0.0 | Size = 90112 bytes | Modified Date = 2004-08-27 16:52:38 | Attr = ]
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
SpybotDeletingA5197 -> %SystemRoot%\system32\command.com -> [Ver = | Size = 50620 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 2008-01-28 11:43:40 | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\ClientManager3.lnk -> %ProgramFiles%\BUFFALO\Client Manager3\cm3_tray.exe -> BUFFALO INC. [Ver = 1, 0, 1, 8 | Size = 466944 bytes | Modified Date = 2006-02-10 14:23:00 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\TabUserW.exe.lnk -> %SystemRoot%\system32\WTablet\TabUserW.exe -> Wacom Technology, Corp. [Ver = 4.90-3 | Size = 114688 bytes | Modified Date = 2005-06-18 02:05:50 | Attr = ]
< Natsumi Suzuki Startup Folder > -> C:\Documents and Settings\Natsumi Suzuki\Start Menu\Programs\Startup ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\WINDOWS\system32\guard32.dll -> %SystemRoot%\system32\guard32.dll -> [Ver = | Size = 139008 bytes | Modified Date = 2008-03-15 03:11:59 | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
< HOSTS File > (227676 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://search.msn.com/spbasic.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/?wl=true ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsof...search.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4251 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4261 domain(s) found. ->
34 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ]
{724d43a9-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Error: Value does not exist or could not be read.] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-08 19:50:40 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628 | Size = 640552 bytes | Modified Date = 2007-01-09 03:58:46 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{724d43a0-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-08 19:50:40 | Attr = ]
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628 | Size = 640552 bytes | Modified Date = 2007-01-09 03:58:46 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628 | Size = 640552 bytes | Modified Date = 2007-01-09 03:58:46 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr = ]
{320AF880-6646-11D3-ABEE-C5DBF3571F46}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Fill Forms] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Save] -> File not found
{724d43aa-0d85-11d4-9908-00400523e39a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [RoboForm] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKEY_LOCAL_MACHINE] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKEY_LOCAL_MACHINE] -> [Save] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> [RoboForm] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Customize Menu -> -> File not found
Fill Forms -> -> File not found
RoboForm Toolbar -> -> File not found
Save Forms -> -> File not found

[Mi-Chan]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{21C737B1-E625-4A80-B173-D0D8FFF7B890} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{31BC333B-47F3-423B-8B46-20E17602D778} -> () ->
{375C74AA-A93A-4A16-B926-AE278B114082} -> () ->
{6860BAB1-528C-4317-9430-AFDDE63E4A1C} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{96F72862-FF9B-4EBB-B5EF-7341C86D8B1C} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 2007-09-13 13:31:38 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoft...free/asinst.cab[ActiveScan Installer Class] ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.4.2_05] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 23:19:30 | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 19:51:15 | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 968 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 23249 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007-10-18 11:34:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-02 17:18:24 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 2006-10-27 12:46:48 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 2006-10-27 13:07:44 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 2006-10-27 12:33:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 2007-01-02 02:52:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 2004-10-13 21:54:38 | Attr = HS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire\FrostWire.exe -> C:\Program Files\FrostWire\FrostWire.exe [C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire] -> FrostWire Group [Ver = 1.0.0.2 | Size = 114688 bytes | Modified Date = 2007-07-18 07:13:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.1.1 | Size = 10800 bytes | Modified Date = 2006-10-10 23:23:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 2007-04-28 02:47:26 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BUFFALO\Client Manager3\AOSS\aoss.exe -> C:\Program Files\BUFFALO\Client Manager3\aoss\AOSS.exe [C:\Program Files\BUFFALO\Client Manager3\AOSS\aoss.exe:*:Enabled:Aoss] -> [Ver = 1, 0, 1, 1 | Size = 176128 bytes | Modified Date = 2005-12-14 08:19:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 2007-09-13 13:31:38 | Attr = R ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 2008-02-01 12:19:32 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2008-02-01 12:19:31 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2008-02-01 12:19:31 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.1.9 | Size = 19897640 bytes | Modified Date = 2008-02-19 13:10:26 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007-10-18 11:34:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-02 17:18:24 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2846 (xpsp.060213-1526) | Size = 398848 bytes | Modified Date = 2006-02-14 11:48:10 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2846 (xpsp.060213-1526) | Size = 398848 bytes | Modified Date = 2006-02-14 11:48:10 | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 2008-03-17 10:22:09 | Attr = RH ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2008-03-13 11:36:32 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2008-03-22 19:48:16 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071828992 bytes | Created Date = 2008-03-13 15:58:32 | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-03-11 13:13:11 | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2008-03-11 13:27:28 | Attr = ]
core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk -> [Ver = | Size = 167545 bytes | Created Date = 2008-03-13 15:58:17 | Attr = ]
sbhr.sys -> %SystemRoot%\System32\drivers\sbhr.sys -> [Ver = 2.2.932.0 | Size = 15544 bytes | Created Date = 2008-03-14 15:36:00 | Attr = ]
ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 2008-03-13 16:07:44 | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2008-03-13 16:10:18 | Attr = ]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 2008-03-13 16:07:56 | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 2008-03-13 16:07:48 | Attr = ]
SBFC.dat -> %SystemRoot%\System32\SBFC.dat -> [Ver = | Size = 0 bytes | Created Date = 2008-03-22 02:00:09 | Attr = ]
SBRC.dat -> %SystemRoot%\System32\SBRC.dat -> [Ver = | Size = 0 bytes | Created Date = 2008-03-22 02:00:09 | Attr = ]
sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4870 bytes | Created Date = 2008-03-11 12:31:29 | Attr = ]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 2008-03-13 16:07:56 | Attr = ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 2008-03-13 16:10:18 | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 50 bytes | Created Date = 2008-02-29 16:09:32 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2008-03-11 13:13:33 | Attr = ]
isxdl.dll -> %SystemRoot%\isxdl.dll -> Bjørnar Henden [Ver = 5, 1, 0, 0 | Size = 59392 bytes | Created Date = 2008-03-03 11:47:37 | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 2008-03-11 13:13:07 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 2008-03-23 10:29:27 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 2008-03-23 10:29:26 | Attr = H ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 2008-03-13 14:56:45 | Attr = ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2550 bytes | Created Date = 2008-03-03 11:45:36 | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 2008-03-03 11:45:36 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 2008-03-13 14:38:33 | Attr = ]
Sunbelt Software -> %AllUsersProfile%\Application Data\Sunbelt Software -> [Folder | Created Date = 2008-03-14 15:32:45 | Attr = ]
WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 2008-03-22 19:45:28 | Attr = ]
Sunbelt Software -> %AppData%\Sunbelt Software -> [Folder | Created Date = 2008-03-14 15:33:28 | Attr = ]
PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Created Date = 2008-03-22 20:00:10 | Attr = ]
11slide2.jpg -> %UserProfile%\My Documents\11slide2.jpg -> [Ver = | Size = 28777 bytes | Created Date = 2008-03-20 18:05:05 | Attr = ]
11slide3.jpg -> %UserProfile%\My Documents\11slide3.jpg -> [Ver = | Size = 26367 bytes | Created Date = 2008-03-20 18:04:59 | Attr = ]
albinopeacock.jpg -> %UserProfile%\My Documents\albinopeacock.jpg -> [Ver = | Size = 81954 bytes | Created Date = 2008-02-29 23:36:42 | Attr = ]
Albino_Peacock'''.jpg -> %UserProfile%\My Documents\Albino_Peacock'''.jpg -> [Ver = | Size = 38273 bytes | Created Date = 2008-02-29 23:36:18 | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\My Documents\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2008-03-23 10:35:15 | Attr = ]
brightday_alemana.bmp -> %UserProfile%\My Documents\brightday_alemana.bmp -> [Ver = | Size = 30054 bytes | Created Date = 2008-03-08 13:57:21 | Attr = ]
charli_s_angels_by_burkinafazo.jpg -> %UserProfile%\My Documents\charli_s_angels_by_burkinafazo.jpg -> [Ver = | Size = 102632 bytes | Created Date = 2008-03-19 20:01:33 | Attr = ]
counterspy(2).exe -> %UserProfile%\My Documents\counterspy(2).exe -> Sunbelt Software [Ver = 2.5.1043.0 | Size = 77896616 bytes | Created Date = 2008-03-14 13:47:16 | Attr = ]
counterspy.exe -> %UserProfile%\My Documents\counterspy.exe -> Sunbelt Software [Ver = 2.5.1032.0 | Size = 20429317 bytes | Created Date = 2008-03-14 13:05:53 | Attr = ]
disease.jpg -> %UserProfile%\My Documents\disease.jpg -> [Ver = | Size = 50334 bytes | Created Date = 2008-03-21 19:35:24 | Attr = ]
DN17Csetos_puppy.png -> %UserProfile%\My Documents\DN17Csetos_puppy.png -> [Ver = | Size = 19427 bytes | Created Date = 2008-03-08 14:10:34 | Attr = ]
dn_busyCcardcaptur.png -> %UserProfile%\My Documents\dn_busyCcardcaptur.png -> [Ver = | Size = 20593 bytes | Created Date = 2008-03-08 13:58:48 | Attr = ]
dn_dominatingCnegation.gif -> %UserProfile%\My Documents\dn_dominatingCnegation.gif -> [Ver = | Size = 25145 bytes | Created Date = 2008-03-08 13:58:19 | Attr = ]
fanart_riyku.psd -> %UserProfile%\My Documents\fanart_riyku.psd -> [Ver = | Size = 20460851 bytes | Created Date = 2008-03-12 20:56:44 | Attr = ]
feb08_33jodha1.jpg -> %UserProfile%\My Documents\feb08_33jodha1.jpg -> [Ver = | Size = 46201 bytes | Created Date = 2008-03-19 11:38:56 | Attr = ]
FP_col.bmp -> %UserProfile%\My Documents\FP_col.bmp -> [Ver = | Size = 122830 bytes | Created Date = 2008-03-16 21:56:25 | Attr = ]
HrithikRoshan12Jan2008.JPG -> %UserProfile%\My Documents\HrithikRoshan12Jan2008.JPG -> [Ver = | Size = 79089 bytes | Created Date = 2008-03-19 11:19:20 | Attr = ]
JodhaaAkbar.jpg -> %UserProfile%\My Documents\JodhaaAkbar.jpg -> [Ver = | Size = 238444 bytes | Created Date = 2008-03-19 11:38:48 | Attr = ]
JodhaaAkbar06.jpg -> %UserProfile%\My Documents\JodhaaAkbar06.jpg -> [Ver = | Size = 146083 bytes | Created Date = 2008-03-19 11:39:00 | Attr = ]
kenichi_5Cblaqheartedstar.png -> %UserProfile%\My Documents\kenichi_5Cblaqheartedstar.png -> [Ver = | Size = 26364 bytes | Created Date = 2008-03-08 14:11:34 | Attr = ]
ken_ichi_MatsuyamaCblaqheartedstar.png -> %UserProfile%\My Documents\ken_ichi_MatsuyamaCblaqheartedstar.png -> [Ver = | Size = 26530 bytes | Created Date = 2008-03-08 14:11:59 | Attr = ]
MyPictureMarcPlugin2.00.exe -> %UserProfile%\My Documents\MyPictureMarcPlugin2.00.exe -> [Ver = | Size = 672400 bytes | Created Date = 2008-03-05 17:12:51 | Attr = ]
n636158006_273932_2802.jpg -> %UserProfile%\My Documents\n636158006_273932_2802.jpg -> [Ver = | Size = 55802 bytes | Created Date = 2008-03-12 15:39:54 | Attr = ]
OTScanIt -> %UserProfile%\My Documents\OTScanIt -> [Folder | Created Date = 2008-03-23 10:39:20 | Attr = ]
OTScanIt.exe -> %UserProfile%\My Documents\OTScanIt.exe -> [Ver = | Size = 482640 bytes | Created Date = 2008-03-23 10:37:10 | Attr = ]
P10806772.JPG -> %UserProfile%\My Documents\P10806772.JPG -> [Ver = | Size = 52551 bytes | Created Date = 2008-02-29 18:36:47 | Attr = ]
P1080680.JPG -> %UserProfile%\My Documents\P1080680.JPG -> [Ver = | Size = 56128 bytes | Created Date = 2008-02-29 18:23:21 | Attr = ]
P1080681.JPG -> %UserProfile%\My Documents\P1080681.JPG -> [Ver = | Size = 48444 bytes | Created Date = 2008-02-29 18:23:21 | Attr = ]
P1080685.JPG -> %UserProfile%\My Documents\P1080685.JPG -> [Ver = | Size = 78528 bytes | Created Date = 2008-03-06 16:09:47 | Attr = ]
P1080690.jpg -> %UserProfile%\My Documents\P1080690.jpg -> [Ver = | Size = 163721 bytes | Created Date = 2008-03-07 13:30:52 | Attr = ]
P1080694.JPG -> %UserProfile%\My Documents\P1080694.JPG -> [Ver = | Size = 101634 bytes | Created Date = 2008-03-06 16:09:47 | Attr = ]
P1080696.JPG -> %UserProfile%\My Documents\P1080696.JPG -> [Ver = | Size = 92262 bytes | Created Date = 2008-03-06 16:09:47 | Attr = ]
P1080698.jpg -> %UserProfile%\My Documents\P1080698.jpg -> [Ver = | Size = 168030 bytes | Created Date = 2008-03-07 13:29:50 | Attr = ]
P1080699.JPG -> %UserProfile%\My Documents\P1080699.JPG -> [Ver = | Size = 1199004 bytes | Created Date = 2008-03-06 16:09:47 | Attr = ]
P1080703.JPG -> %UserProfile%\My Documents\P1080703.JPG -> [Ver = | Size = 2908799 bytes | Created Date = 2008-03-06 16:09:47 | Attr = ]
P1080704.JPG -> %UserProfile%\My Documents\P1080704.JPG -> [Ver = | Size = 2846434 bytes | Created Date = 2008-03-06 16:09:47 | Attr = ]
P1080705.JPG -> %UserProfile%\My Documents\P1080705.JPG -> [Ver = | Size = 2605044 bytes | Created Date = 2008-03-06 16:09:47 | Attr = ]
P1080706.JPG -> %UserProfile%\My Documents\P1080706.JPG -> [Ver = | Size = 2641034 bytes | Created Date = 2008-03-06 16:09:47 | Attr = ]
P1080707.JPG -> %UserProfile%\My Documents\P1080707.JPG -> [Ver = | Size = 2926997 bytes | Created Date = 2008-03-06 16:09:47 | Attr = ]
P1080722.jpg -> %UserProfile%\My Documents\P1080722.jpg -> [Ver = | Size = 178190 bytes | Created Date = 2008-03-07 13:28:53 | Attr = ]
P1080723.jpg -> %UserProfile%\My Documents\P1080723.jpg -> [Ver = | Size = 161906 bytes | Created Date = 2008-03-07 13:31:28 | Attr = ]
peacock-wooing-peahen.jpg -> %UserProfile%\My Documents\peacock-wooing-peahen.jpg -> [Ver = | Size = 98595 bytes | Created Date = 2008-02-29 23:39:05 | Attr = ]
peacock_1.jpg -> %UserProfile%\My Documents\peacock_1.jpg -> [Ver = | Size = 205801 bytes | Created Date = 2008-02-29 23:37:20 | Attr = ]
PREVIEW.PIX -> %UserProfile%\My Documents\PREVIEW.PIX -> [Ver = | Size = 61680 bytes | Created Date = 2008-03-21 19:32:04 | Attr = ]
PSYCHOLOGY PROJECT -> %UserProfile%\My Documents\PSYCHOLOGY PROJECT -> [Folder | Created Date = 2008-03-20 14:29:02 | Attr = ]
squisthCme.png -> %UserProfile%\My Documents\squisthCme.png -> [Ver = | Size = 22411 bytes | Created Date = 2008-03-08 13:57:42 | Attr = ]
stitch_wheeCpeaces_icons.gif -> %UserProfile%\My Documents\stitch_wheeCpeaces_icons.gif -> [Ver = | Size = 8534 bytes | Created Date = 2008-03-08 13:58:30 | Attr = ]
tatsuya_huh.png -> %UserProfile%\My Documents\tatsuya_huh.png -> [Ver = | Size = 7725 bytes | Created Date = 2008-03-08 13:58:24 | Attr = ]
the_5th_element_1.jpg -> %UserProfile%\My Documents\the_5th_element_1.jpg -> [Ver = | Size = 111219 bytes | Created Date = 2008-03-01 00:57:59 | Attr = ]
yuffie_downCkookyz.png -> %UserProfile%\My Documents\yuffie_downCkookyz.png -> [Ver = | Size = 21188 bytes | Created Date = 2008-03-08 13:58:13 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1793 bytes | Created Date = 2008-03-13 14:38:39 | Attr = ]
CounterSpy.lnk -> %AllUsersProfile%\Desktop\CounterSpy.lnk -> [Ver = | Size = 1824 bytes | Created Date = 2008-03-14 15:32:10 | Attr = ]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 936 bytes | Created Date = 2008-03-08 23:05:47 | Attr = ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 2008-03-22 19:46:27 | Attr = HS]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 2008-03-17 10:22:09 | Attr = RH ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2008-03-13 11:36:38 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2008-03-23 10:21:27 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071828992 bytes | Modified Date = 2008-03-23 10:28:53 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-03-14 15:31:31 | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-03-13 11:36:38 | Attr = ]
WINDOWS -> %SystemRoo

[Mi-Chan]

t% -> [Folder | Modified Date = 2008-03-23 10:29:27 | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2008-03-11 13:27:28 | Attr = ]
cmdGuard.sys -> %SystemRoot%\System32\drivers\cmdGuard.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 85112 bytes | Modified Date = 2008-03-15 03:12:03 | Attr = ]
cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 23800 bytes | Modified Date = 2008-03-15 03:12:05 | Attr = ]
core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk -> [Ver = | Size = 167545 bytes | Modified Date = 2008-03-13 15:58:19 | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-03-14 19:13:33 | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 227676 bytes | Modified Date = 2008-03-14 19:13:33 | Attr = ]
hosts.20080308-230950.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080308-230950.backup -> [Ver = | Size = 227708 bytes | Modified Date = 2008-03-08 23:09:36 | Attr = ]
hosts.20080308-232729.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080308-232729.backup -> [Ver = | Size = 227708 bytes | Modified Date = 2008-03-08 23:09:36 | Attr = ]
hosts.20080311-124803.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080311-124803.backup -> [Ver = | Size = 227640 bytes | Modified Date = 2008-03-11 12:31:19 | Attr = ]
hosts.20080313-114614.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080313-114614.backup -> [Ver = | Size = 27 bytes | Modified Date = 2008-03-11 14:08:14 | Attr = ]
hosts.20080313-130906.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080313-130906.backup -> [Ver = | Size = 226933 bytes | Modified Date = 2008-03-13 12:33:36 | Attr = ]
hosts.20080314-191333.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080314-191333.backup -> [Ver = | Size = 227001 bytes | Modified Date = 2008-03-13 13:09:06 | Attr = ]
inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3.0.14.275 | Size = 79224 bytes | Modified Date = 2008-03-18 10:42:51 | Attr = ]
sbhr.sys -> %SystemRoot%\System32\drivers\sbhr.sys -> [Ver = 2.2.932.0 | Size = 15544 bytes | Modified Date = 2008-03-14 15:36:00 | Attr = ]
ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 2008-03-13 17:04:05 | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-03-22 22:47:56 | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2008-03-13 11:37:31 | Attr = ]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-03-23 10:29:52 | Attr = ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 2008-03-22 19:48:46 | Attr = ]
guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 139008 bytes | Modified Date = 2008-03-15 03:11:59 | Attr = ]
Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2008-03-13 16:07:56 | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 2008-03-05 22:29:16 | Attr = ]
Ls hybrid screensaver dir -> %SystemRoot%\System32\Ls hybrid screensaver dir -> [Folder | Modified Date = 2008-03-14 18:44:59 | Attr = ]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 51048 bytes | Modified Date = 2008-03-23 10:29:09 | Attr = ]
pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2008-03-13 16:07:56 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 63590 bytes | Modified Date = 2008-03-23 10:33:32 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 404536 bytes | Modified Date = 2008-03-23 10:33:32 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 475154 bytes | Modified Date = 2008-03-23 10:33:32 | Attr = ]
SBFC.dat -> %SystemRoot%\System32\SBFC.dat -> [Ver = | Size = 0 bytes | Modified Date = 2008-03-22 02:00:09 | Attr = ]
SBRC.dat -> %SystemRoot%\System32\SBRC.dat -> [Ver = | Size = 0 bytes | Modified Date = 2008-03-22 02:00:09 | Attr = ]
tablet.dat -> %SystemRoot%\System32\tablet.dat -> [Ver = | Size = 12914 bytes | Modified Date = 2008-03-23 10:29:12 | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4870 bytes | Modified Date = 2008-03-13 12:33:46 | Attr = ]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2008-03-13 16:07:57 | Attr = ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Modified Date = 2008-03-09 01:15:33 | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2008-03-13 11:36:59 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2008-03-16 19:53:33 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-03-23 10:29:00 | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 50 bytes | Modified Date = 2008-02-29 16:09:34 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-03-13 16:07:45 | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008-03-13 11:36:38 | Attr = ]
iedit.INI -> %SystemRoot%\iedit.INI -> [Ver = | Size = 30 bytes | Modified Date = 2008-03-21 13:34:25 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-03-22 19:49:08 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-03-22 19:49:55 | Attr = HS]
PREFETCH -> %SystemRoot%\PREFETCH -> [Folder | Modified Date = 2008-03-23 10:40:05 | Attr = ]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-03-11 13:13:07 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2008-03-23 10:29:27 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2008-03-23 10:29:27 | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2008-03-23 10:29:49 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2008-03-11 13:18:50 | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-03-23 10:33:32 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 2008-03-23 10:29:51 | Attr = ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2550 bytes | Modified Date = 2008-03-03 11:49:37 | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2008-03-03 11:22:28 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 956 bytes | Modified Date = 2008-03-17 18:27:31 | Attr = ]
WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 432 bytes | Modified Date = 2008-03-14 19:13:11 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2008-03-08 16:05:07 | Attr = ]
Norton AntiVirus - Scan my computer - Natsumi Suzuki.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Natsumi Suzuki.job -> [Ver = | Size = 566 bytes | Modified Date = 2008-03-21 20:00:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-03-23 10:29:05 | Attr = H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6590 bytes | Modified Date = 2008-03-23 10:31:13 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6590 bytes | Modified Date = 2008-03-23 10:31:13 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2007-07-31 13:03:09 | Attr = ]
Perflib_Perfdata_97c.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\Perflib_Perfdata_97c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-03-23 10:30:13 | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2008-03-14 16:54:38 | Attr = ]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 2008-03-13 14:39:09 | Attr = ]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 2008-03-22 19:47:13 | Attr = S]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-03-15 04:58:10 | Attr = ]
Sunbelt Software -> %AllUsersProfile%\Application Data\Sunbelt Software -> [Folder | Modified Date = 2008-03-14 15:32:45 | Attr = ]
WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 2008-03-22 19:45:28 | Attr = ]
AVG7 -> %AppData%\AVG7 -> [Folder | Modified Date = 2008-03-23 10:23:09 | Attr = ]
FrostWire -> %AppData%\FrostWire -> [Folder | Modified Date = 2008-03-22 00:18:17 | Attr = ]
Sunbelt Software -> %AppData%\Sunbelt Software -> [Folder | Modified Date = 2008-03-14 15:33:28 | Attr = ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4318236 bytes | Modified Date = 2008-03-15 04:58:45 | Attr = H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2008-03-22 20:00:08 | Attr = ]
PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Modified Date = 2008-03-22 20:00:10 | Attr = ]
11slide2.jpg -> %UserProfile%\My Documents\11slide2.jpg -> [Ver = | Size = 28777 bytes | Modified Date = 2008-03-20 18:05:05 | Attr = ]
11slide3.jpg -> %UserProfile%\My Documents\11slide3.jpg -> [Ver = | Size = 26367 bytes | Modified Date = 2008-03-20 18:04:59 | Attr = ]
albinopeacock.jpg -> %UserProfile%\My Documents\albinopeacock.jpg -> [Ver = | Size = 81954 bytes | Modified Date = 2008-02-29 23:36:42 | Attr = ]
Albino_Peacock'''.jpg -> %UserProfile%\My Documents\Albino_Peacock'''.jpg -> [Ver = | Size = 38273 bytes | Modified Date = 2008-02-29 23:36:12 | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\My Documents\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-03-23 10:35:18 | Attr = ]
brightday_alemana.bmp -> %UserProfile%\My Documents\brightday_alemana.bmp -> [Ver = | Size = 30054 bytes | Modified Date = 2008-03-08 13:57:21 | Attr = ]
charli_s_angels_by_burkinafazo.jpg -> %UserProfile%\My Documents\charli_s_angels_by_burkinafazo.jpg -> [Ver = | Size = 102632 bytes | Modified Date = 2008-03-19 20:01:33 | Attr = ]
counterspy(2).exe -> %UserProfile%\My Documents\counterspy(2).exe -> Sunbelt Software [Ver = 2.5.1043.0 | Size = 77896616 bytes | Modified Date = 2008-03-14 15:26:00 | Attr = ]
counterspy.exe -> %UserProfile%\My Documents\counterspy.exe -> Sunbelt Software [Ver = 2.5.1032.0 | Size = 20429317 bytes | Modified Date = 2008-03-14 13:46:04 | Attr = ]
disease.jpg -> %UserProfile%\My Documents\disease.jpg -> [Ver = | Size = 50334 bytes | Modified Date = 2008-03-21 19:35:22 | Attr = ]
DN17Csetos_puppy.png -> %UserProfile%\My Documents\DN17Csetos_puppy.png -> [Ver = | Size = 19427 bytes | Modified Date = 2008-03-08 14:10:34 | Attr = ]
dn_busyCcardcaptur.png -> %UserProfile%\My Documents\dn_busyCcardcaptur.png -> [Ver = | Size = 20593 bytes | Modified Date = 2008-03-08 13:58:48 | Attr = ]
dn_dominatingCnegation.gif -> %UserProfile%\My Documents\dn_dominatingCnegation.gif -> [Ver = | Size = 25145 bytes | Modified Date = 2008-03-08 13:58:20 | Attr = ]
fanart_riyku.psd -> %UserProfile%\My Documents\fanart_riyku.psd -> [Ver = | Size = 20460851 bytes | Modified Date = 2008-03-12 20:56:44 | Attr = ]
feb08_33jodha1.jpg -> %UserProfile%\My Documents\feb08_33jodha1.jpg -> [Ver = | Size = 46201 bytes | Modified Date = 2008-03-19 11:38:56 | Attr = ]
FP_col.bmp -> %UserProfile%\My Documents\FP_col.bmp -> [Ver = | Size = 122830 bytes | Modified Date = 2008-03-16 21:56:26 | Attr = ]
HrithikRoshan12Jan2008.JPG -> %UserProfile%\My Documents\HrithikRoshan12Jan2008.JPG -> [Ver = | Size = 79089 bytes | Modified Date = 2008-03-19 11:19:21 | Attr = ]
JodhaaAkbar.jpg -> %UserProfile%\My Documents\JodhaaAkbar.jpg -> [Ver = | Size = 238444 bytes | Modified Date = 2008-03-19 11:38:49 | Attr = ]
JodhaaAkbar06.jpg -> %UserProfile%\My Documents\JodhaaAkbar06.jpg -> [Ver = | Size = 146083 bytes | Modified Date = 2008-03-19 11:39:00 | Attr = ]
Kenichi and Natsumi -> %UserProfile%\My Documents\Kenichi and Natsumi -> [Folder | Modified Date = 2008-03-01 01:30:45 | Attr = H ]
kenichi_5Cblaqheartedstar.png -> %UserProfile%\My Documents\kenichi_5Cblaqheartedstar.png -> [Ver = | Size = 26364 bytes | Modified Date = 2008-03-08 14:11:35 | Attr = ]
ken_ichi_MatsuyamaCblaqheartedstar.png -> %UserProfile%\My Documents\ken_ichi_MatsuyamaCblaqheartedstar.png -> [Ver = | Size = 26530 bytes | Modified Date = 2008-03-08 14:11:59 | Attr = ]
My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2008-03-22 22:17:23 | Attr = R ]
My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 2008-03-20 23:56:03 | Attr = ]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 601 bytes | Modified Date = 2008-03-22 19:51:25 | Attr = ]
MyPictureMarcPlugin2.00.exe -> %UserProfile%\My Documents\MyPictureMarcPlugin2.00.exe -> [Ver = | Size = 672400 bytes | Modified Date = 2008-03-05 17:13:17 | Attr = ]
n636158006_273932_2802.jpg -> %UserProfile%\My Documents\n636158006_273932_2802.jpg -> [Ver = | Size = 55802 bytes | Modified Date = 2008-03-12 15:39:54 | Attr = ]
NEOPETS WHOOHOO -> %UserProfile%\My Documents\NEOPETS WHOOHOO -> [Folder | Modified Date = 2008-03-21 19:52:43 | Attr = ]
OTScanIt -> %UserProfile%\My Documents\OTScanIt -> [Folder | Modified Date = 2008-03-23 10:39:31 | Attr = ]
OTScanIt.exe -> %UserProfile%\My Documents\OTScanIt.exe -> [Ver = | Size = 482640 bytes | Modified Date = 2008-03-23 10:37:54 | Attr = ]
P10806772.JPG -> %UserProfile%\My Documents\P10806772.JPG -> [Ver = | Size = 52551 bytes | Modified Date = 2008-02-29 18:36:47 | Attr = ]
P1080680.JPG -> %UserProfile%\My Documents\P1080680.JPG -> [Ver = | Size = 56128 bytes | Modified Date = 2008-02-29 18:38:14 | Attr = ]
P1080681.JPG -> %UserProfile%\My Documents\P1080681.JPG -> [Ver = | Size = 48444 bytes | Modified Date = 2008-02-29 18:35:09 | Attr = ]
P1080685.JPG -> %UserProfile%\My Documents\P1080685.JPG -> [Ver = | Size = 78528 bytes | Modified Date = 2008-03-07 13:35:09 | Attr = ]
P1080690.jpg -> %UserProfile%\My Documents\P1080690.jpg -> [Ver = | Size = 163721 bytes | Modified Date = 2008-03-07 13:32:35 | Attr = ]
P1080694.JPG -> %UserProfile%\My Documents\P1080694.JPG -> [Ver = | Size = 101634 bytes | Modified Date = 2008-03-07 13:33:10 | Attr = ]
P1080696.JPG -> %UserProfile%\My Documents\P1080696.JPG -> [Ver = | Size = 92262 bytes | Modified Date = 2008-03-07 13:34:07 | Attr = ]
P1080698.jpg -> %UserProfile%\My Documents\P1080698.jpg -> [Ver = | Size = 168030 bytes | Modified Date = 2008-03-07 13:32:21 | Attr = ]
P1080699.JPG -> %UserProfile%\My Documents\P1080699.JPG -> [Ver = | Size = 1199004 bytes | Modified Date = 2008-03-06 16:13:57 | Attr = ]
P1080703.JPG -> %UserProfile%\My Documents\P1080703.JPG -> [Ver = | Size = 2908799 bytes | Modified Date = 2008-03-06 06:40:32 | Attr = ]
P1080704.JPG -> %UserProfile%\My Documents\P1080704.JPG -> [Ver = | Size = 2846434 bytes | Modified Date = 2008-03-06 06:40:38 | Attr = ]
P1080705.JPG -> %UserProfile%\My Documents\P1080705.JPG -> [Ver = | Size = 2605044 bytes | Modified Date = 2008-03-06 06:40:44 | Attr = ]
P1080706.JPG -> %UserProfile%\My Documents\P1080706.JPG -> [Ver = | Size = 2641034 bytes | Modified Date = 2008-03-06 06:40:56 | Attr = ]
P1080707.JPG -> %UserProfile%\My Documents\P1080707.JPG -> [Ver = | Size = 2926997 bytes | Modified Date = 2008-03-06 06:41:04 | Attr = ]
P1080722.jpg -> %UserProfile%\My Documents\P1080722.jpg -> [Ver = | Size = 178190 bytes | Modified Date = 2008-03-07 13:32:07 | Attr = ]
P1080723.jpg -> %UserProfile%\My Documents\P1080723.jpg -> [Ver = | Size = 161906 bytes | Modified Date = 2008-03-07 13:32:51 | Attr = ]
peacock-wooing-peahen.jpg -> %UserProfile%\My Documents\peacock-wooing-peahen.jpg -> [Ver = | Size = 98595 bytes | Modified Date = 2008-02-29 23:39:05 | Attr = ]
peacock_1.jpg -> %UserProfile%\My Documents\peacock_1.jpg -> [Ver = | Size = 205801 bytes | Modified Date = 2008-02-29 23:37:20 | Attr = ]
PREVIEW.PIX -> %UserProfile%\My Documents\PREVIEW.PIX -> [Ver = | Size = 61680 bytes | Modified Date = 2008-03-21 19:35:22 | Attr = ]
PSYCHOLOGY PROJECT -> %UserProfile%\My Documents\PSYCHOLOGY PROJECT -> [Folder | Modified Date = 2008-03-20 16:06:18 | Attr = ]
squisthCme.png -> %UserProfile%\My Documents\squisthCme.png -> [Ver = | Size = 22411 bytes | Modified Date = 2008-03-08 13:57:47 | Attr = ]
stitch_wheeCpeaces_icons.gif -> %UserProfile%\My Documents\stitch_wheeCpeaces_icons.gif -> [Ver = | Size = 8534 bytes | Modified Date = 2008-03-08 13:58:31 | Attr = ]
tatsuya_huh.png -> %UserProfile%\My Documents\tatsuya_huh.png -> [Ver = | Size = 7725 bytes | Modified Date = 2008-03-08 13:58:24 | Attr = ]
the_5th_element_1.jpg -> %UserProfile%\My Documents\the_5th_element_1.jpg -> [Ver = | Size = 111219 bytes | Modified Date = 2008-03-01 00:57:59 | Attr = ]
Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 2820096 bytes | Modified Date = 2008-03-21 19:52:30 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
yuffie_downCkookyz.png -> %UserProfile%\My Documents\yuffie_downCkookyz.png -> [Ver = | Size = 21188 bytes | Modified Date = 2008-03-08 13:58:13 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1793 bytes | Modified Date = 2008-03-13 14:38:39 | Attr = ]
CounterSpy.lnk -> %AllUsersProfile%\Desktop\CounterSpy.lnk -> [Ver = | Size = 1824 bytes | Modified Date = 2008-03-14 15:32:10 | Attr = ]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 936 bytes | Modified Date = 2008-03-08 23:05:47 | Attr = ]
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2008-03-14 16:54:45 | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2008-03-22 19:47:13 | Attr = ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 2008-03-22 19:47:02 | Attr = HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2008-03-13 14:38:24 | Attr = ]

< End of report >
[/code]

[OldTimer]

Hi Mi-Chan. Ok, let's see what we can do.

First, we need to disable TeaTimer so it does not interfere with the changes we are going to make.

• Start Spybot-S&D.
• Go to the Mode menu, and make sure Advanced Mode is selected.
• On the left hand side, choose Tools and then click on Resident.
• Uncheck Resident TeaTimer and choose OK for any further prompts.
• Restart your computer.

Now follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.

• Click on Avenger.zip to open the file
• Extract avenger.exe to your desktop

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
secdrvv
Files to delete:
%systemroot%\system32\command.com
%systemroot%\system32\drivers\core.cache.dsk
%systemroot%\system32\drivers\secdrvv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.

• Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
• Click the Execute button
• Answer "Yes" twice when prompted.

The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (secdrvv) secdrvv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\secdrvv.sys
[Registry - Non-Microsoft Only]
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YY -> SpybotDeletingA5197 -> %SystemRoot%\system32\command.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Click on Online Services and then Online Scanner
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply.

Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
• In the Drivers section click on Non-Microsoft
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Step #5

Post the following back here:
The Avenger report (c:\Avenger.txt)
The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new OTScanIt scan log

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

[Mi-Chan]

Hi OT! Thank you for the prompt reply! ^^
Whew, it took a while but I finally have the three reports!
I will post them in separate replies with indications of what is what.
Thank you so much once again for your help!
Here is the avenger report:


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "secdrvv" deleted successfully.
File "C:\WINDOWS\system32\command.com" deleted successfully.
File "C:\WINDOWS\system32\drivers\core.cache.dsk" deleted successfully.
File "C:\WINDOWS\system32\drivers\secdrvv.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Mi-Chan]

Here is the fixit log:


Explorer killed successfully
[Driver Services - Non-Microsoft Only]
Unable to stop service secdrvv .
Unable to delete service secdrvv .
File C:\WINDOWS\system32\drivers\secdrvv.sys not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA5197 not found.
File C:\WINDOWS\system32\command.com not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\drivers\core.cache.dsk not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\drivers\core.cache.dsk not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\Perflib_Perfdata_a34.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.6.0 fix logfile created on 03232008_193734

[Mi-Chan]

Here is the OT scanit log part one:


[code=auto:0]
OTScanIt logfile created on: 2008-03-23 22:48:07
OTScanIt by OldTimer - Version 1.0.6.0 Folder = C:\Documents and Settings\Natsumi Suzuki\My Documents\OTScanIt
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1022.11 Mb Total Physical Memory | 309.14 Mb Available Physical Memory | 30.25% Memory free
2.40 Gb Paging File | 1.67 Gb Available in Paging File | 69.73% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.14 Gb Total Space | 56.62 Gb Free Space | 64.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUZUKI
Current User Name: Natsumi Suzuki
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 13:27:08 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 13:28:18 | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2008-02-01 12:19:31 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2008-02-01 12:09:14 | Attr = ]
bwsvc.exe -> %ProgramFiles%\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe -> BUFFALO INC. [Ver = 2, 0, 3, 2 | Size = 397312 bytes | Modified Date = 2006-02-24 17:10:00 | Attr = ]
cmdagent.exe -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 507648 bytes | Modified Date = 2008-03-15 03:12:36 | Attr = ]
pifsvc.exe -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 2007-03-12 18:30:14 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 794713 bytes | Modified Date = 2006-06-16 13:52:46 | Attr = ]
sbcssvc.exe -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSSvc.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 788976 bytes | Modified Date = 2007-12-21 15:30:50 | Attr = ]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:50:51 | Size = 88363 bytes | Modified Date = 2004-10-08 08:20:52 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:35 | Attr = ]
tsnp2std.exe -> %SystemRoot%\tsnp2std.exe -> [Ver = 1, 1, 3, 6 | Size = 258048 bytes | Modified Date = 2006-07-07 12:34:32 | Attr = ]
vsnp2std.exe -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 5, 0 | Size = 675840 bytes | Modified Date = 2006-08-09 13:48:14 | Attr = ]
pdvdserv.exe -> %SystemDrive%\APPS\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2004-11-02 17:54:46 | Attr = ]
monitor.exe -> %CommonProgramFiles%\Ulead Systems\AutoDetector\Monitor.exe -> Ulead Systems, Inc. [Ver = 2.0.0.0 | Size = 90112 bytes | Modified Date = 2004-08-27 16:52:38 | Attr = ]
pifsvc.exe -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 2007-03-12 18:30:14 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2008-02-01 12:19:31 | Attr = ]
cfp.exe -> %ProgramFiles%\COMODO\Firewall\cfp.exe -> COMODO [Ver = 3.0.18.221 | Size = 1503488 bytes | Modified Date = 2008-03-15 03:07:17 | Attr = ]
tablet.exe -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.90-3 | Size = 749568 bytes | Modified Date = 2005-06-18 01:30:46 | Attr = ]
sbcstray.exe -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSTray.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 698864 bytes | Modified Date = 2007-12-21 15:30:52 | Attr = ]
cm3_tray.exe -> %ProgramFiles%\BUFFALO\Client Manager3\cm3_tray.exe -> BUFFALO INC. [Ver = 1, 0, 1, 8 | Size = 466944 bytes | Modified Date = 2006-02-10 14:23:00 | Attr = ]
tabuserw.exe -> %SystemRoot%\system32\WTablet\TabUserW.exe -> Wacom Technology, Corp. [Ver = 4.90-3 | Size = 114688 bytes | Modified Date = 2005-06-18 02:05:50 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-10 23:10:17 | Attr = ]
googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 2007-01-02 02:52:02 | Attr = ]
otscanit.exe -> %UserProfile%\My Documents\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.6.0 | Size = 311808 bytes | Modified Date = 2008-03-19 18:01:26 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-04 13:27:08 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 13:28:18 | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2008-02-01 12:19:31 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2008-02-01 12:09:14 | Attr = ]
(Bwsvc) Bwsvc [Win32_Own | Auto | Running] -> %ProgramFiles%\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe -> BUFFALO INC. [Ver = 2, 0, 3, 2 | Size = 397312 bytes | Modified Date = 2006-02-24 17:10:00 | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Running] -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 507648 bytes | Modified Date = 2008-03-15 03:12:36 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-03 22:11:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2008-02-19 13:10:24 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 2007-03-12 18:30:14 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8599 | Size = 143426 bytes | Modified Date = 2006-07-11 17:24:00 | Attr = ]
(SBCSSvc) Sunbelt CounterSpy Antispyware [Win32_Own | Auto | Running] -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSSvc.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 788976 bytes | Modified Date = 2007-12-21 15:30:50 | Attr = ]
(TabletService) TabletService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.90-3 | Size = 749568 bytes | Modified Date = 2005-06-18 01:30:46 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 2007-10-25 15:08:55 | Attr = ]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:51:06 | Size = 1270540 bytes | Modified Date = 2004-10-08 08:21:08 | Attr = ]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 2001-08-17 11:21:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 2004-08-03 20:37:44 | Attr = ]
(asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 2001-08-17 11:22:00 | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 2001-08-17 11:21:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2008-02-01 12:19:29 | Attr = ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2008-02-01 12:09:22 | Attr = ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2008-02-01 12:09:22 | Attr = ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2008-02-01 12:19:34 | Attr = ]
(BUFADPT) BUFADPT [Kernel | System | Running] -> %SystemRoot%\system32\BUFADPT.SYS -> BUFFALO INC. [Ver = 1.0.2.1 built by: WinDDK | Size = 9600 bytes | Modified Date = 2005-07-06 13:52:00 | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(cmdGuard) COMODO Firewall Pro Sandbox Driver [File_System | System | Running] -> %SystemRoot%\system32\drivers\cmdGuard.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 85112 bytes | Modified Date = 2008-03-15 03:12:03 | Attr = ]
(cmdHlp) COMODO Firewall Pro Helper Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 23800 bytes | Modified Date = 2008-03-15 03:12:05 | Attr = ]
(CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 2001-08-17 11:21:54 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 2001-08-17 11:22:16 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 2008-01-22 14:30:00 | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 2006-09-19 12:44:04 | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows ® Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 2005-01-07 14:37:18 | Attr = ]
(Inspect) COMODO Firewall Pro Firewall Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\inspect.sys -> COMODO [Ver = 3.0.14.275 | Size = 79224 bytes | Modified Date = 2008-03-18 10:42:51 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 2001-08-17 11:22:12 | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8599 | Size = 3683840 bytes | Modified Date = 2006-07-11 17:24:00 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PenClass) Pen Class [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PenClass.sys -> Wacom Technology Corporation [Ver = 4.00 | Size = 8138 bytes | Modified Date = 2001-04-10 02:15:00 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004-08-10 11:30:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 2005-04-25 14:33:00 | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 2001-08-17 11:22:20 | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 2001-08-17 11:22:20 | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 2001-08-17 11:22:18 | Attr = ]
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5,639,0118,2006 built by: WinDDK | Size = 80512 bytes | Modified Date = 2006-01-18 16:11:58 | Attr = ]
(SBHR) SBHR [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sbhr.sys -> [Ver = 2.2.932.0 | Size = 15544 bytes | Modified Date = 2008-03-14 15:36:00 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 15:55:53 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 2004-08-03 20:37:44 | Attr = ]
(SNP2STD) USB2.0 PC Camera (SNP2STD) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\snp2sxp.sys -> [Ver = 5, 5, 8, 0 | Size = 11985920 bytes | Modified Date = 2006-08-11 15:22:50 | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 2001-08-17 11:37:44 | Attr = ]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.5010.0 nd455 cp1 | Size = 1155672 bytes | Modified Date = 2006-03-31 14:57:06 | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 2001-08-17 11:37:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 2001-08-17 11:37:36 | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20080212.002\symidsco.sys -> Symantec Corporation [Ver = 8.1.1.2 | Size = 158064 bytes | Modified Date = 2007-12-04 18:05:48 | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 2001-08-17 11:37:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 2001-08-17 11:37:42 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 193120 bytes | Modified Date = 2006-06-16 13:10:56 | Attr = ]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.1 | Size = 162176 bytes | Modified Date = 2005-12-06 17:45:00 | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 2001-08-17 11:22:22 | Attr = ]
(w39n51) Intel® PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w39n51.sys -> Intel® Corporation [Ver = 10, 1, 1, 3 | Size = 1429632 bytes | Modified Date = 2006-04-04 00:47:24 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(SBAPIFS) SBAPIFS [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\sbapifs.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2008-01-11 22:16:38 | Attr = ]
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:50:51 | Size = 88363 bytes | Modified Date = 2004-10-08 08:20:52 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2008-02-01 12:19:31 | Attr = ]
COMODO Firewall Pro -> %ProgramFiles%\COMODO\Firewall\cfp.exe -> COMODO [Ver = 3.0.18.221 | Size = 1503488 bytes | Modified Date = 2008-03-15 03:07:17 | Attr = ]
Corel Painter Essentials 21a -> %ProgramFiles%\Corel\Corel Painter Essentials 2\registration.exe -> Corel Corporation [Ver = 10.590 | Size = 733184 bytes | Modified Date = 2004-03-18 12:08:08 | Attr = ]
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 2007-01-02 02:52:02 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2008-02-19 13:10:32 | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8599 | Size = 7581696 bytes | Modified Date = 2006-07-11 17:24:00 | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 2006-07-11 17:24:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\Ringz Studio\Storm Codec\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2008-01-31 23:13:08 | Attr = ]
RemoteControl -> %SystemDrive%\APPS\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2004-11-02 17:54:46 | Attr = ]
SBCSTray -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSTray.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 698864 bytes | Modified Date = 2007-12-21 15:30:52 | Attr = ]
snp2std -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 5, 0 | Size = 675840 bytes | Modified Date = 2006-08-09 13:48:14 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:35 | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 2007-03-12 18:30:14 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.8 16Jun06 | Size = 794713 bytes | Modified Date = 2006-06-16 13:52:46 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3018 | Size = 180269 bytes | Modified Date = 2006-10-31 11:12:25 | Attr = ]
tsnp2std -> %SystemRoot%\tsnp2std.exe -> [Ver = 1, 1, 3, 6 | Size = 258048 bytes | Modified Date = 2006-07-07 12:34:32 | Attr = ]
Ulead AutoDetector v2 -> %CommonProgramFiles%\Ulead Systems\AutoDetector\Monitor.exe -> Ulead Systems, Inc. [Ver = 2.0.0.0 | Size = 90112 bytes | Modified Date = 2004-08-27 16:52:38 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\ClientManager3.lnk -> %ProgramFiles%\BUFFALO\Client Manager3\cm3_tray.exe -> BUFFALO INC. [Ver = 1, 0, 1, 8 | Size = 466944 bytes | Modified Date = 2006-02-10 14:23:00 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\TabUserW.exe.lnk -> %SystemRoot%\system32\WTablet\TabUserW.exe -> Wacom Technology, Corp. [Ver = 4.90-3 | Size = 114688 bytes | Modified Date = 2005-06-18 02:05:50 | Attr = ]
< Natsumi Suzuki Startup Folder > -> C:\Documents and Settings\Natsumi Suzuki\Start Menu\Programs\Startup ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\WINDOWS\system32\guard32.dll -> %SystemRoot%\system32\guard32.dll -> [Ver = | Size = 139008 bytes | Modified Date = 2008-03-15 03:11:59 | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->

[Mi-Chan]

And here is part two of the scanit log! Thank you so much!!!:


< HOSTS File > (227676 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://search.msn.com/spbasic.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/?wl=true ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsof...search.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4251 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4261 domain(s) found. ->
34 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ]
{724d43a9-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Error: Value does not exist or could not be read.] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-08 19:50:40 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr = ]
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628 | Size = 640552 bytes | Modified Date = 2007-01-09 03:58:46 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{724d43a0-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-5 | Size = 5645104 bytes | Modified Date = 2007-08-08 19:50:40 | Attr = ]
{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628 | Size = 640552 bytes | Modified Date = 2007-01-09 03:58:46 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{CD292324-974F-4224-D074-CACA427AA030} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Neopets\Toolbar\Toolbar.dll [Neopets] -> Velocity Services, Inc. [Ver = 4.0.2496.19628 | Size = 640552 bytes | Modified Date = 2007-01-09 03:58:46 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr = ]
{320AF880-6646-11D3-ABEE-C5DBF3571F46}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Fill Forms] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Save] -> File not found
{724d43aa-0d85-11d4-9908-00400523e39a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [RoboForm] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKEY_LOCAL_MACHINE] -> [Fill Forms] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKEY_LOCAL_MACHINE] -> [Save] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> [RoboForm] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Customize Menu -> -> File not found
Fill Forms -> -> File not found
RoboForm Toolbar -> -> File not found
Save Forms -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{21C737B1-E625-4A80-B173-D0D8FFF7B890} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{31BC333B-47F3-423B-8B46-20E17602D778} -> () ->
{375C74AA-A93A-4A16-B926-AE278B114082} -> () ->
{6860BAB1-528C-4317-9430-AFDDE63E4A1C} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{96F72862-FF9B-4EBB-B5EF-7341C86D8B1C} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 2007-09-13 13:31:38 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoft...free/asinst.cab[ActiveScan Installer Class] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-sec...m/ols/fscax.cab[F-Secure Online Scanner 3.3] ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.4.2_05] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->



[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 2008-03-17 10:22:09 | Attr = RH ]
Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 2008-03-23 18:50:06 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2008-03-13 11:36:32 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2008-03-22 19:48:16 | Attr = HS]
fsaua.data -> %SystemDrive%\fsaua.data -> [Folder | Created Date = 2008-03-23 20:08:27 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071828992 bytes | Created Date = 2008-03-13 15:58:32 | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-03-11 13:13:11 | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2008-03-11 13:27:28 | Attr = ]
sbhr.sys -> %SystemRoot%\System32\drivers\sbhr.sys -> [Ver = 2.2.932.0 | Size = 15544 bytes | Created Date = 2008-03-14 15:36:00 | Attr = ]
ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 2008-03-13 16:07:44 | Attr = ]
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2008-03-13 16:10:18 | Attr = ]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 2008-03-13 16:07:56 | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 2008-03-13 16:07:48 | Attr = ]
SBFC.dat -> %SystemRoot%\System32\SBFC.dat -> [Ver = | Size = 0 bytes | Created Date = 2008-03-22 02:00:09 | Attr = ]
SBRC.dat -> %SystemRoot%\System32\SBRC.dat -> [Ver = | Size = 0 bytes | Created Date = 2008-03-22 02:00:09 | Attr = ]
sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4870 bytes | Created Date = 2008-03-11 12:31:29 | Attr = ]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 2008-03-13 16:07:56 | Attr = ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 2008-03-11 12:30:49 | Attr = ]
zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 2008-03-13 16:10:18 | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 50 bytes | Created Date = 2008-02-29 16:09:32 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2008-03-11 13:13:33 | Attr = ]
isxdl.dll -> %SystemRoot%\isxdl.dll -> Bjørnar Henden [Ver = 5, 1, 0, 0 | Size = 59392 bytes | Created Date = 2008-03-03 11:47:37 | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 2008-03-11 13:13:08 | Attr = ]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 2008-03-11 13:13:07 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 2008-03-13 14:56:45 | Attr = ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2550 bytes | Created Date = 2008-03-03 11:45:36 | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 2008-03-03 11:45:36 | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 2008-03-17 10:22:09 | Attr = RH ]
Avenger -> %SystemDrive%\Avenger -> [Folder | Modified Date = 2008-03-23 18:50:44 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2008-03-13 11:36:38 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2008-03-23 10:21:27 | Attr = HS]
fsaua.data -> %SystemDrive%\fsaua.data -> [Folder | Modified Date = 2008-03-23 20:08:27 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071828992 bytes | Modified Date = 2008-03-23 19:43:16 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-03-14 15:31:31 | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-03-13 11:36:38 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-03-23 20:08:16 | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2008-03-11 13:27:28 | Attr = ]
cmdGuard.sys -> %SystemRoot%\System32\drivers\cmdGuard.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 85112 bytes | Modified Date = 2008-03-15 03:12:03 | Attr = ]
cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.14.275 built by: WinDDK | Size = 23800 bytes | Modified Date = 2008-03-15 03:12:05 | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-03-14 19:13:33 | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 227676 bytes | Modified Date = 2008-03-14 19:13:33 | Attr = ]
hosts.20080308-230950.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080308-230950.backup -> [Ver = | Size = 227708 bytes | Modified Date = 2008-03-08 23:09:36 | Attr = ]
hosts.20080308-232729.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080308-232729.backup -> [Ver = | Size = 227708 bytes | Modified Date = 2008-03-08 23:09:36 | Attr = ]
hosts.20080311-124803.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080311-124803.backup -> [Ver = | Size = 227640 bytes | Modified Date = 2008-03-11 12:31:19 | Attr = ]
hosts.20080313-114614.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080313-114614.backup -> [Ver = | Size = 27 bytes | Modified Date = 2008-03-11 14:08:14 | Attr = ]
hosts.20080313-130906.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080313-130906.backup -> [Ver = | Size = 226933 bytes | Modified Date = 2008-03-13 12:33:36 | Attr = ]
hosts.20080314-191333.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080314-191333.backup -> [Ver = | Size = 227001 bytes | Modified Date = 2008-03-13 13:09:06 | Attr = ]
inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3.0.14.275 | Size = 79224 bytes | Modified Date = 2008-03-18 10:42:51 | Attr = ]
sbhr.sys -> %SystemRoot%\System32\drivers\sbhr.sys -> [Ver = 2.2.932.0 | Size = 15544 bytes | Modified Date = 2008-03-14 15:36:00 | Attr = ]
ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 2008-03-13 17:04:05 | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-03-23 20:08:15 | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2008-03-13 11:37:31 | Attr = ]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-03-23 19:44:04 | Attr = ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 2008-03-22 19:48:46 | Attr = ]
guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 139008 bytes | Modified Date = 2008-03-15 03:11:59 | Attr = ]
Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2008-03-13 16:07:56 | Attr = ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 2008-03-05 22:29:16 | Attr = ]
Ls hybrid screensaver dir -> %SystemRoot%\System32\Ls hybrid screensaver dir -> [Folder | Modified Date = 2008-03-14 18:44:59 | Attr = ]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 51048 bytes | Modified Date = 2008-03-23 19:43:31 | Attr = ]
pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2008-03-13 16:07:56 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 63590 bytes | Modified Date = 2008-03-23 19:47:38 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 404536 bytes | Modified Date = 2008-03-23 19:47:38 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 475154 bytes | Modified Date = 2008-03-23 19:47:38 | Attr = ]
SBFC.dat -> %SystemRoot%\System32\SBFC.dat -> [Ver = | Size = 0 bytes | Modified Date = 2008-03-22 02:00:09 | Attr = ]
SBRC.dat -> %SystemRoot%\System32\SBRC.dat -> [Ver = | Size = 0 bytes | Modified Date = 2008-03-22 02:00:09 | Attr = ]
tablet.dat -> %SystemRoot%\System32\tablet.dat -> [Ver = | Size = 12914 bytes | Modified Date = 2008-03-23 19:43:37 | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4870 bytes | Modified Date = 2008-03-13 12:33:46 | Attr = ]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2008-03-13 16:07:57 | Attr = ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Modified Date = 2008-03-09 01:15:33 | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2008-03-13 11:36:59 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2008-03-16 19:53:33 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-03-23 19:43:23 | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 50 bytes | Modified Date = 2008-02-29 16:09:34 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-03-23 21:55:28 | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008-03-13 11:36:38 | Attr = ]
iedit.INI -> %SystemRoot%\iedit.INI -> [Ver = | Size = 30 bytes | Modified Date = 2008-03-21 13:34:25 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-03-22 19:49:08 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-03-22 19:49:55 | Attr = HS]
PREFETCH -> %SystemRoot%\PREFETCH -> [Folder | Modified Date = 2008-03-23 22:47:47 | Attr = ]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-03-11 13:13:07 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2008-03-23 19:43:54 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2008-03-11 13:18:50 | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-03-23 19:47:38 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 2008-03-23 19:43:54 | Attr = ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2550 bytes | Modified Date = 2008-03-03 11:49:37 | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2008-03-03 11:22:28 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 956 bytes | Modified Date = 2008-03-23 22:44:14 | Attr = ]
WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 432 bytes | Modified Date = 2008-03-14 19:13:11 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2008-03-08 16:05:07 | Attr = ]
Norton AntiVirus - Scan my computer - Natsumi Suzuki.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Natsumi Suzuki.job -> [Ver = | Size = 566 bytes | Modified Date = 2008-03-21 20:00:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-03-23 19:43:28 | Attr = H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6590 bytes | Modified Date = 2008-03-23 19:45:31 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6590 bytes | Modified Date = 2008-03-23 19:45:31 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2007-07-31 13:03:09 | Attr = ]
fsgk32.exe -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fssm32.exe -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fsgk32.exe -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fssm32.exe -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
AVPFPI0.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 2008-03-23 21:00:43 | Attr = ]
avpproxy.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
daas_s.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2008-02-27 15:59:28 | Attr = ]
fm4av.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [Ver = | Size = 513536 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fpinor.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fsbl.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fsbld.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 2008-03-23 20:53:44 | Attr = ]
fsecr32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsgkiapi.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fsmart.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 28 | Size = 147456 bytes | Modified Date = 2008-03-23 20:59:54 | Attr = ]
fspe32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fssubmit.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 2008-03-23 20:53:33 | Attr = ]
fsup32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupcx32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupfg32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupmw32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupnp32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupux32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupwu32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> [Ver = | Size = 126976 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsusscr.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14093 | Size = 880640 bytes | Modified Date = 2008-03-23 20:59:54 | Attr = ]
Nse_w32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [Ver = | Size = 506936 bytes | Modified Date = 2008-03-23 20:52:46 | Attr = ]
AVPFPI0.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 2008-03-23 21:00:43 | Attr = ]
avpproxy.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fm4av.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [Ver = | Size = 513536 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fpinor.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fsbl.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fsgkiapi.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
fsecr32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fspe32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsup32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupcx32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupfg32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupmw32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupnp32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupux32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupwu32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> [Ver = | Size = 126976 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsmart.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 28 | Size = 147456 bytes | Modified Date = 2008-03-23 20:59:54 | Attr = ]
fsusscr.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14093 | Size = 880640 bytes | Modified Date = 2008-03-23 20:59:54 | Attr = ]
Nse_w32.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [Ver = | Size = 506936 bytes | Modified Date = 2008-03-23 20:52:46 | Attr = ]
fssubmit.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 2008-03-23 20:53:33 | Attr = ]
fsblu.dll -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 2008-03-23 20:53:44 | Attr = ]
Perflib_Perfdata_8a8.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\Perflib_Perfdata_8a8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-03-23 21:54:40 | Attr = ]
1 C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\*.tmp ->
ext.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 2008-03-23 20:47:41 | Attr = ]
fsedb.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> [Ver = | Size = 639442 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupdllb.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [Ver = | Size = 422594 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupplgn.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat -> [Ver = | Size = 226 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsuptmpl.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat -> [Ver = | Size = 5858 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
perf.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat -> [Ver = | Size = 128 bytes | Modified Date = 2008-03-23 22:47:30 | Attr = ]
sae.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 2008-03-23 20:47:41 | Attr = ]
sai.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 2008-03-23 20:47:42 | Attr = ]
ext.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 2008-03-23 20:47:41 | Attr = ]
sae.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 2008-03-23 20:47:41 | Attr = ]
sai.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 2008-03-23 20:47:42 | Attr = ]
fsedb.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [Ver = | Size = 639442 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupdllb.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [Ver = | Size = 422594 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsupplgn.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat -> [Ver = | Size = 226 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
fsuptmpl.dat -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat -> [Ver = | Size = 5858 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 203 bytes | Modified Date = 2008-03-23 20:47:41 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 205 bytes | Modified Date = 2008-03-23 20:47:34 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 241 bytes | Modified Date = 2008-03-23 20:53:44 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 176 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 250 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 204 bytes | Modified Date = 2008-03-23 20:59:54 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 168 bytes | Modified Date = 2008-03-23 20:53:32 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 204 bytes | Modified Date = 2008-03-23 20:52:46 | Attr = ]
verdicts.ini -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini -> [Ver = | Size = 2539 bytes | Modified Date = 2008-03-23 20:47:35 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\avmisc\[email protected] -> [Ver = | Size = 203 bytes | Modified Date = 2008-03-23 20:47:41 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\avpe\[email protected] -> [Ver = | Size = 205 bytes | Modified Date = 2008-03-23 20:47:34 | Attr = ]
verdicts.ini -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini -> [Ver = | Size = 2539 bytes | Modified Date = 2008-03-23 20:47:35 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\fsav_beta\[email protected] -> [Ver = | Size = 176 bytes | Modified Date = 2008-03-23 21:00:44 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\hydrawin\[email protected] -> [Ver = | Size = 250 bytes | Modified Date = 2008-03-23 20:57:22 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\mlcwin\[email protected] -> [Ver = | Size = 204 bytes | Modified Date = 2008-03-23 20:59:54 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\[email protected] -> [Ver = | Size = 204 bytes | Modified Date = 2008-03-23 20:52:46 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\[email protected] -> [Ver = | Size = 168 bytes | Modified Date = 2008-03-23 20:53:32 | Attr = ]
[email protected] -> C:\Documents and Settings\Natsumi Suzuki\Local Settings\Temp\OnlineScanner\updates\ols_bl\[email protected] -> [Ver = | Size = 241 bytes | Modified Date = 2008-03-23 20:53:44 | Attr = ]

< End of report >
[/code]

[OldTimer]

Hi Mi-Chan. Everything looks fine. Good job! How are things running? Any more issues? If not, then run the system for a couple of days to make sure that all is well. Then get back to me and we'll do some final cleanup.

Cheers.

OT

[Mi-Chan]

Hey OT!

Goodness, could this really be true??? Thank you so so so much for
all of your time and help! I'm just flabbergasted that it's actually gone!
I just did a spybot scan and it came up clean - that's amazing!

If you don't mind, can you please tell me what programs I ought to
have on my computer to effectively avoid such trojans in the future?
I would love to be more informed on this sort of thing as well - on GTG
is there a forum where I can learn more? It'd be great if one day I
could help someone just like you helped me! ^^

Thanks so much OT, you're the best!

[OldTimer]

Hi Mi-Chan. That's great news.

can you please tell me what programs I ought to
have on my computer to effectively avoid such trojans in the future?

You seem to be pretty well protected. The things that are a must are one good anti-virus application and one good firewall. AVG and Comodo are both very good. Anti-spyware applications are based on the user's preference but CounterSpy is an excellent choice.

The problem today is that these infections are becoming too smart. They can now shutdown and disable protection software if they really know what they are doing (and there are many that do). The best thing you can do to protect a system is use good judgement. Do not click on links in emails or instant messenger programs that you are not familiar with or have not asked for (even if you know the person that sent them to you). Don't go to unfamiliar sites without first getting a little backgound on them to make sure that they are reputable. And never, never, never use file sharing programs. I know that they are very popular but this seems to also be the most popular place to pickup an infection. You don't know where the files are coming from that you are downloading and so do not know what someone else may have done to them before you get them. I deal with these infection everyday and fully 98% of infected machine have at least one or more file sharing programs installed and I just do not believe in coincidences.

If you are interested in learning about how to analyze and remove computer infections then we have a training program to do just that. You can apply by going to this link. It takes time, effort, and dedication but it is a great program and you will learn alot. And helping others is a great reward.

Now let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:

• Start OTScanIt
  Click the CleanUp button
  
• OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
• OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.

After that you are good to go.

Cheers.

OT

[Mi-Chan]

Hi OT,

Thank you so much for all your advice and help!
I did those three steps and I feel free at last ^^
I applied for Geek U so hopefully this won't be the last time I see you around.

Thank you so much for all your help once again :]
Definitely hanging around Geeks To Go!

Kind regards,
Natsumi (Mi-Chan)

[OldTimer]

You are very welcome Mi-Chan, I'm glad that we could help. And congratulations on applying for the training program. If accepted, you will definitely have a wonderful experience. Drop me a PM if you get into the program, I will be interested in hearing about it.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

OT B)