Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bagle Worm, cant access Antivirus/hijackthis!plz help [RESOLVED]


  • This topic is locked This topic is locked

#46
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Well done Dave, can you check each of them, and delete them if they contain:

[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21787

  • 0

Advertisements


#47
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
guess you're still in bed mate, hope to hear from you later...



david.
  • 0

#48
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
im such an idiot.. didnt notice the new page so thought you were still gone...


im back withyou
  • 0

#49
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
only one of them had it...

some had similar ones but not the same.


next step?
  • 0

#50
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Are you still having issues with the Desktop.ini files?

If not, plug your backup drive in, and run Flash Disinfector again as detailed before. When that has run, run combofix normally, and post me the logs.

Regards,
RatHat
  • 0

#51
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
bear with me. gonna restart real quick
  • 0

#52
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
No problem Dave. I'm not going anywhere!
  • 0

#53
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
hello rathat.

no more desktop.ini issues.


here's the log.


ComboFix 08-03-24.1 - dave 2008-03-25 20:35:47.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1631 [GMT 0:00]
Running from: C:\Documents and Settings\dave\Desktop\ComboFix.exe
.
TimedOut: progfile.dat
-- Script messages for sUBs --
VFind -td "C:\WINDOWS\system32\baiso*"
CF19661.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\*
CF19661.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF19661.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ sursen
CF19661.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF19661.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF19661.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
CF19661.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-24 22:18 . 2008-03-24 22:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-24 22:18 . 2008-03-24 22:18 <DIR> d-------- C:\Documents and Settings\dave\Application Data\Malwarebytes
2008-03-24 22:18 . 2008-03-24 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-24 21:00 . 2004-08-03 23:56 24,576 --a------ C:\WINDOWS\system32\CF_init.exe
2008-03-24 19:45 . 2008-03-24 19:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-24 19:42 . 2008-03-24 19:42 <DIR> d-------- C:\Deckard
2008-03-24 12:39 . 2008-03-24 12:43 <DIR> d-------- C:\Combo-Fix
2008-03-21 16:05 . 2008-03-22 11:34 <DIR> d-------- C:\Program Files\WH GBP Casino
2008-03-21 16:05 . 2007-06-22 17:02 107,520 --a------ C:\WINDOWS\system32\UnCasino5.exe
2008-03-21 16:04 . 2008-03-22 18:26 <DIR> d-------- C:\Program Files\William Hill Poker
2008-03-19 19:10 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-03-19 19:10 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-03-19 19:10 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-03-19 19:10 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-03-19 19:10 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-03-19 19:10 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2008-03-19 19:10 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-19 19:10 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-03-19 19:10 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-19 19:10 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-03-19 19:07 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-03-19 19:07 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-03-19 18:56 . 2008-03-19 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Vara Software
2008-03-19 18:50 . 2008-03-19 18:50 <DIR> d-------- C:\Documents and Settings\dave\Application Data\Vara Software
2008-03-19 18:29 . 2005-08-13 02:11 61,312 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-03-19 18:29 . 2005-08-13 02:11 61,312 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-03-19 18:29 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-03-19 18:29 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-03-19 18:29 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-03-19 18:29 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
2008-03-16 14:31 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-03-16 14:31 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-03-16 14:31 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-03-16 14:31 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-03-16 14:31 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-03-16 14:31 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-03-05 18:38 . 2008-03-24 21:50 54,156 --a------ C:\WINDOWS\QTFont.qfn
2008-03-05 18:38 . 2008-03-05 18:38 1,409 --a------ C:\WINDOWS\system32\tmp10298.FOT
2008-03-05 18:38 . 2008-03-05 18:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 20:05 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-03 19:45 . 2008-03-03 23:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-03 19:45 . 2008-03-03 23:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-03 17:58 . 2008-03-03 17:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 17:58 . 2008-03-03 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-03 15:31 . 2007-08-01 10:03 93,184 --a------ C:\WINDOWS\system32\UnPoker.exe
2008-03-02 17:07 . 2007-11-28 14:03 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1803.ROM
2008-03-02 17:05 . 2008-03-02 17:07 606,107 --a------ C:\WINDOWS\P5B-ASUS-1803.zip
2008-03-02 16:51 . 2007-11-02 09:29 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1705.ROM
2008-03-02 16:48 . 2008-03-02 16:51 603,850 --a------ C:\WINDOWS\P5B1705.zip
2008-03-02 16:31 . 2007-01-30 15:40 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1102.ROM
2008-03-02 16:31 . 2008-03-02 16:31 583,607 --a------ C:\WINDOWS\P5B-1102.zip
2008-03-02 16:16 . 2006-10-26 20:35 1,048,576 --a------ C:\WINDOWS\P5B-0806.ROM
2008-03-02 16:15 . 2008-03-02 16:16 579,246 --a------ C:\WINDOWS\P5B-0806.zip
2008-03-02 16:01 . 2006-10-02 17:42 1,048,576 --a------ C:\WINDOWS\P5B-0701.ROM
2008-03-02 16:00 . 2008-03-02 16:01 577,571 --a------ C:\WINDOWS\P5B-0701.zip
2008-03-02 15:46 . 2006-09-06 20:32 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-0509.ROM
2008-03-02 15:41 . 2008-03-02 15:46 575,646 --a------ C:\WINDOWS\P5B-0509.zip
2008-03-02 14:11 . 2008-03-02 14:36 <DIR> d-------- C:\Program Files\ASUS
2008-03-02 14:11 . 2006-01-10 08:50 24,576 --a------ C:\WINDOWS\system32\AsIO.dll
2008-03-02 14:11 . 2005-12-22 02:22 5,685 --a------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-03-02 14:11 . 2005-07-05 10:43 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-03-02 14:11 . 2005-07-05 10:43 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-03-02 14:09 . 2008-03-02 14:09 <DIR> dr------- C:\WINDOWS\AsDmiHtm
2008-02-29 21:34 . 2008-02-29 21:34 <DIR> d-------- C:\Program Files\Classic Menu for Office
2008-02-29 21:34 . 2008-03-23 01:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 16:48 . 2008-02-29 16:48 <DIR> d-------- C:\Documents and Settings\dave\Application Data\GridIron
2008-02-29 16:47 . 2008-02-29 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GridIron Software
2008-02-29 15:51 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-29 15:49 . 2008-02-29 15:49 <DIR> d-------- C:\Program Files\MSBuild
2008-02-29 15:49 . 2008-02-29 15:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-29 15:48 . 2008-02-29 15:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-29 15:40 . 2008-03-12 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 15:39 . 2008-02-29 15:39 <DIR> dr-h----- C:\MSOCache
2008-02-29 15:18 . 2008-03-04 00:10 <DIR> d-------- C:\Program Files\PowerISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 15:44 --------- d-----w C:\Program Files\XoftSpySE
2008-03-20 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 09:54 --------- d-----w C:\Documents and Settings\dave\Application Data\BSplayer Pro
2008-03-12 00:03 --------- d-----w C:\Documents and Settings\dave\Application Data\Ahead
2008-03-04 00:14 --------- d-----w C:\Program Files\Vtune
2008-03-04 00:08 --------- d-----w C:\Program Files\MagicISO
2008-03-04 00:06 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-04 00:05 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-03 23:58 --------- d-----w C:\Program Files\Bonjour
2008-03-03 23:58 --------- d-----w C:\Program Files\Avant Browser
2008-02-22 14:24 --------- d-----w C:\Program Files\GenArts
2008-02-14 15:42 --------- d-----w C:\Program Files\Disc2Phone
2008-02-14 15:30 --------- d-----w C:\Documents and Settings\dave\Application Data\Teleca
2008-02-14 15:29 --------- d-----w C:\Documents and Settings\dave\Application Data\Sony Ericsson
2008-02-14 15:27 --------- d-----w C:\Program Files\Sony Ericsson
2008-02-14 15:27 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-14 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-14 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-12 23:56 --------- d-----w C:\Program Files\Vertus Fluid Mask 3
2008-02-12 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\VertusTech
2008-01-31 19:25 --------- d-----w C:\Program Files\DivX
2008-01-31 13:57 --------- d-----w C:\Program Files\THQ
2008-01-31 13:37 --------- d-----w C:\Program Files\Ulead Systems
2008-01-17 00:49 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-15 15:40 3,727,360 ----a-w C:\WINDOWS\system32\sapphire_ae.dll
2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-09 11:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-09 11:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-09 11:16 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2006-06-23 06:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( [email protected]_21.06.04.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-05 15:21:36 6,656 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-03-25 20:26:50 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-01-05 15:21:34 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-03-25 20:26:52 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-01-05 15:21:29 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-03-25 20:26:57 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-01-05 15:21:29 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-03-25 20:26:52 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-01-05 15:21:35 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-03-25 20:26:57 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2008-01-05 15:21:36 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-03-25 20:26:55 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
- 2008-01-05 15:21:35 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-03-25 20:26:53 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-01-05 15:21:35 1,175,552 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
+ 2008-03-25 20:26:55 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
- 2008-01-05 15:21:35 1,691,648 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-03-25 20:26:51 1,695,744 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-01-05 15:21:35 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-03-25 20:26:56 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-01-05 15:21:35 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-03-25 20:26:58 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-01-05 15:21:35 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-03-25 20:26:55 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-01-05 15:21:35 208,896 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-03-25 20:26:52 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-01-05 15:21:35 47,104 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-03-25 20:26:52 48,640 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2008-01-05 15:21:35 344,064 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-03-25 20:26:54 352,256 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-01-05 15:21:35 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-03-25 20:26:57 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-01-05 15:21:35 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-03-25 20:26:54 311,296 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-01-05 15:21:35 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-03-25 20:26:53 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-01-05 15:21:35 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-03-25 20:26:54 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-01-05 15:21:35 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-03-25 20:26:56 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-01-05 15:21:35 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-03-25 20:26:52 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-01-05 15:21:35 503,808 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-03-25 20:26:51 507,904 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-01-05 15:21:35 1,183,744 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-03-25 20:26:56 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-01-05 15:21:35 1,982,464 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-03-25 20:26:53 2,002,944 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-01-05 15:21:36 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
+ 2008-03-25 20:26:54 1,302,528 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.XML.dll
- 2008-01-05 15:21:35 1,163,264 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-03-25 20:26:58 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-03-25 20:30:26 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_8efbf226\CustomMarshalers.dll
+ 2008-03-25 20:27:05 3,301,376 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_eb16ffbd\mscorlib.dll
+ 2008-03-25 20:27:10 1,454,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_fe600452\System.Design.dll
+ 2008-03-25 20:30:25 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_5563e228\System.Drawing.Design.dll
+ 2008-03-25 20:27:07 847,872 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_c378510a\System.Drawing.dll
+ 2008-03-25 20:30:24 2,953,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_b7c09e60\System.Windows.Forms.dll
+ 2008-03-25 20:30:19 2,027,520 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_06d4a87e\System.Xml.dll
+ 2008-03-25 20:27:03 1,855,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_847464ba\System.dll
- 2002-01-05 02:55:46 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\vbc7ui.dll
+ 2004-07-15 02:41:06 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\vbc7ui.dll
- 2002-01-04 21:42:26 192,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2004-07-14 23:36:08 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2002-01-04 21:42:26 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
+ 2004-07-14 23:36:08 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
- 2002-01-04 21:42:28 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2004-07-14 23:36:10 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2002-01-05 08:38:38 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CasPol.exe
+ 2004-07-15 11:05:24 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CasPol.exe
- 2002-01-04 21:32:16 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CORPerfMonExt.dll
+ 2004-07-14 22:50:22 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CORPerfMonExt.dll
- 2002-01-05 04:49:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe
+ 2004-07-15 04:45:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe
- 2002-01-05 08:01:14 589,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cscomp.dll
+ 2004-07-15 10:27:20 589,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cscomp.dll
- 2002-01-04 21:40:40 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\EventLogMessages.dll
+ 2004-07-14 23:33:28 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\EventLogMessages.dll
- 2002-01-04 21:30:26 212,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\fusion.dll
+ 2004-07-14 22:48:20 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\fusion.dll
+ 2003-10-08 14:30:14 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
- 2002-01-05 08:41:22 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2004-07-15 11:04:44 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2002-01-05 08:41:48 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExecRemote.dll
+ 2004-07-15 11:05:18 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExecRemote.dll
- 2002-01-05 08:42:16 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEHost.dll
+ 2004-07-15 11:04:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEHost.dll
- 2002-01-04 21:32:50 180,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe
+ 2004-07-14 22:50:54 184,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe
- 2002-01-05 08:43:54 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtil.exe
+ 2004-07-15 11:05:28 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtil.exe
- 2002-01-05 08:44:46 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe
+ 2004-07-15 11:05:00 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe
- 2002-01-05 08:45:30 712,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.dll
+ 2004-07-15 11:05:48 712,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.dll
- 2002-01-05 08:47:44 286,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.dll
+ 2004-07-15 11:05:16 286,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.dll
- 2002-01-05 08:56:40 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorcfg.dll
+ 2004-07-15 11:05:52 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorcfg.dll
- 2002-01-04 21:32:38 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbc.dll
+ 2004-07-14 22:50:28 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbc.dll
- 2002-01-04 21:32:38 221,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
+ 2004-07-14 22:50:28 221,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
- 2002-01-04 21:32:40 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-07-14 22:50:30 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2002-01-04 21:30:30 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-07-14 22:48:28 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2002-01-04 21:32:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-07-14 22:50:30 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2002-01-05 08:57:34 1,953,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-07-15 11:05:34 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2002-01-04 21:31:46 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorpe.dll
+ 2004-07-14 22:50:32 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorpe.dll
- 2002-01-04 21:32:38 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
+ 2004-07-14 22:50:32 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
- 2002-01-04 21:32:38 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
+ 2004-07-14 22:50:34 46,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
- 2002-01-04 21:32:40 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsn.dll
+ 2004-07-14 22:50:34 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsn.dll
- 2002-01-04 21:31:42 2,256,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-14 22:49:06 2,265,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2002-01-04 21:32:44 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscortim.dll
+ 2004-07-14 22:50:40 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscortim.dll
- 2002-01-04 21:31:08 2,256,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-07-14 22:49:54 2,269,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-08-10 16:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2002-01-04 21:32:52 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe
+ 2004-07-14 22:50:58 147,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe
- 2002-01-04 21:40:42 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\PerfCounter.dll
+ 2004-07-14 23:33:30 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\PerfCounter.dll
- 2002-01-05 08:59:06 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegAsm.exe
+ 2004-07-15 11:05:12 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegAsm.exe
- 2002-01-05 08:59:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegCode.dll
+ 2004-07-15 11:04:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegCode.dll
- 2002-01-05 09:00:14 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegSvcs.exe
+ 2004-07-15 11:04:12 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegSvcs.exe
- 2002-01-05 09:03:04 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Configuration.Install.dll
+ 2004-07-15 11:05:10 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Configuration.Install.dll
- 2002-01-05 09:03:48 1,175,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Data.dll
+ 2004-07-15 11:05:50 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Data.dll
- 2002-01-05 09:04:38 1,691,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Design.dll
+ 2004-07-15 11:05:22 1,695,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Design.dll
- 2002-01-05 09:05:22 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.DirectoryServices.dll
+ 2004-07-15 11:05:40 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.DirectoryServices.dll
- 2002-01-05 09:05:54 1,163,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
+ 2004-07-15 11:05:20 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
- 2002-01-05 09:06:30 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.Design.dll
+ 2004-07-15 11:05:20 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.Design.dll
- 2002-01-05 09:07:26 462,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll
+ 2004-07-15 11:05:18 462,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll
- 2002-01-05 09:08:02 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.dll
+ 2004-07-15 11:05:46 212,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.dll
- 2002-01-04 21:32:44 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.Thunk.dll
+ 2004-07-14 22:50:50 48,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.Thunk.dll
- 2002-01-05 09:08:58 344,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Management.dll
+ 2004-07-15 11:05:18 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Management.dll
- 2002-01-05 09:09:58 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Messaging.dll
+ 2004-07-15 11:05:28 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Messaging.dll
- 2002-01-05 09:11:04 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Remoting.dll
+ 2004-07-15 11:05:30 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Remoting.dll
- 2002-01-05 09:11:58 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 11:05:14 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Serialization.Formatters.Soap.dll
- 2002-01-05 09:12:50 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
+ 2004-07-15 11:05:22 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
- 2002-01-05 09:13:56 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.ServiceProcess.dll
+ 2004-07-15 11:05:26 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.ServiceProcess.dll
- 2002-01-05 09:15:12 1,183,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-07-15 11:05:34 1,200,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2002-01-05 09:15:52 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.RegularExpressions.dll
+ 2004-07-15 11:05:38 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.RegularExpressions.dll
- 2002-01-05 09:16:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.Services.dll
+ 2004-07-15 11:05:30 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.Services.dll
- 2002-01-05 09:17:22 1,982,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll
+ 2004-07-15 11:05:22 2,002,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll
- 2002-01-05 09:18:14 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
+ 2004-07-15 11:05:22 1,302,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
+ 2004-06-22 13:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe
- 2002-01-05 08:00:58 712,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe
+ 2004-07-15 10:27:02 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe
- 2002-01-05 04:39:32 999,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\VsaVb7rt.dll
+ 2004-07-15 04:36:38 999,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\VsaVb7rt.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 08:45 385024]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 10:07 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51 57344]
"P17Helper"="P17.dll" [2005-05-03 11:38 64512 C:\WINDOWS\system32\P17.dll]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 02:43 53340]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 15:40 1884160]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-04 19:25 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-23 23:44 79224]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42 165416]
"atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-06-02 13:22 28160 C:\WINDOWS\KHALMNPR.Exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 14:57 582144]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 15:49 1093632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 21:34 155648]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-01-02 21:14 258048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-11 16:55:20 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\William Hill Poker\\UA.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 20:34:20 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-07 16:23:56 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 20:39:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-25 20:40:38
ComboFix-quarantined-files.txt 2008-03-25 20:40:17
ComboFix2.txt 2008-03-25 01:40:15
ComboFix3.txt 2008-03-24 21:39:28
ComboFix4.txt 2008-03-24 21:06:16
.
2008-03-25 20:27:02 --- E O F ---
  • 0

#54
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Looking good!

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
  • Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take a while, so please be patient


When it has completed post me the report and let me know how the computer is behaving now.
  • 0

#55
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
no can do... it stops at pretty much the same stop after about an hour of scanning and says close some programs, not enough memory. which is rediculous... nothing else is open...
  • 0

Advertisements


#56
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
the pc isnt as bad as it was yesterday but still nothing that is meant to run at startup is actually starting. especially avast...
  • 0

#57
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, sometimes these online scans will cause problems. It may be that we are going to have to reinstall some programs as bagle could have damaged them.

Now can you check out some files for me:

Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\u1xi0qt.dll
  • Click on the submit button
  • When the scan is complete, highlight all the results and copy them into Notepad
  • Save the Notepad file to your desktop as u1xi0qt.txt
  • Please post the contents in your next reply.

Now repeat the process with the following files:

C:\WINDOWS\system32\grcauth2.dll
C:\WINDOWS\system32\grcauth1.dll
C:\WINDOWS\system32\clauth2.dll
C:\WINDOWS\system32\clauth1.dll


Save each result using the filename, then post all the results back here letting me know which result belongs to which file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now I would also like you to run OTScanIt.

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the box that says Include MD5
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Check the radio button under Drivers for Non Microsoft
  • Check the radio button under Rootkit Search for Yes
  • Under Additional Scans check the following:
    • Reg - Disabled MS Config Items
    • Reg - File Associations
    • Reg - Security Settings
    • Reg - Software Policy Settings
    • File - Additional Folder Scans
    • File - Lop Check
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

If the log is too large to post, please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post


Regards,
RatHat
  • 0

#58
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
File: u1xi0qt.dll
Status: OK
MD5: 7c9061fe02ef2814685f1d350565915f
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 26 Mar 2008 00:29:21 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

------------------------------------------------------------------


File: grcauth2.dll
Status: OK
MD5: 6962ad1c39677d84be2c434e825930fb
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 26 Mar 2008 00:35:25 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

------------------------------------------------------------



File: grcauth1.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 6962ad1c39677d84be2c434e825930fb
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 26 Mar 2008 00:40:23 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

-------------------------------------------------------------------------


File: clauth2.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: c62c3bc9ba776302ba0bcadfb082bd65
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 26 Mar 2008 00:52:05 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

------------------------------------------------------------------------


File: clauth1.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: c62c3bc9ba776302ba0bcadfb082bd65
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 26 Mar 2008 00:47:29 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
  • 0

#59
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
[code=auto:0]OTScanIt logfile created on: 26/03/2008 00:57:51
OTScanIt by OldTimer - Version 1.0.6.1 Folder = C:\Documents and Settings\dave\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.23% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 85.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 111.15 Gb Free Space | 47.73% Space Free | Partition Type: NTFS
Drive D: | 3.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 298.08 Gb Total Space | 195.14 Gb Free Space | 65.46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PISSOFF
Current User Name: dave
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> MD5 = 0629361FAC4576BA48AB39F4903DCE9E | Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 17/01/2008 00:49:34 | Attr = ]
smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> MD5 = 5A25A52B38E8406AAFD2E04325321165 | Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10/04/2006 08:19:46 | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> MD5 = 1BE6FBEE744B1F35A8A57D7468DAA686 | Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 01/05/2006 10:07:44 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> MD5 = 73686FE0B2E0469F89FD2075BE724704 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ]
devsvc.exe -> %CommonProgramFiles%\InterVideo\DeviceService\DevSvc.exe -> MD5 = 3014CA345E8AD68587BABFB162DDDEC5 | InterVideo Inc. [Ver = 1.0.0.1 | Size = 200704 bytes | Modified Date = 11/08/2006 11:15:36 | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> MD5 = 06DE1310E3F1EA208B3C3B3C3ADE6B55 | Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 31/10/2005 09:51:52 | Attr = ]
iviregmgr.exe -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> MD5 = 213822072085B5BBAD9AF30AB577D817 | InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 04/01/2007 19:48:52 | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> MD5 = 6E5DAC168D1FF9843E84A59D51D31107 | Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 19/10/2006 13:52:24 | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> MD5 = 8D64B827A6709C3D18F855619D7D89E9 | NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
ctsched.exe -> %ProgramFiles%\Creative\Shared Files\CTSched.exe -> MD5 = C9E32D5C6944192E7676E2EE2B859779 | Creative Technology Ltd [Ver = 1.0.6.0 | Size = 53340 bytes | Modified Date = 09/01/2006 02:43:42 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> MD5 = B8E684DF9A97497EDD2F87444A6307FB | RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 04/12/2007 19:25:55 | Attr = ]
caissdt.exe -> %ProgramFiles%\CA\eTrust Internet Security Suite\caissdt.exe -> MD5 = D236A482C9AE97B3BB9B9689A4A3796D | Computer Associates International, Inc. [Ver = Version 2.0.1.1 | Size = 165416 bytes | Modified Date = 21/04/2006 14:42:24 | Attr = ]
atwtusb.exe -> %SystemRoot%\system32\ATWTUSB.EXE -> MD5 = 36004224CDAFF02A5FD7F7556D72C2CD | WALTOP International Corp. [Ver = 2, 47, 2, 0 | Size = 290816 bytes | Modified Date = 21/09/2005 18:08:48 | Attr = ]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> MD5 = 2BAD84B393AF47006D80BA2F03B18029 | Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 20/03/2006 17:34:50 | Attr = ]
aacenter.exe -> %ProgramFiles%\ASUS\AASP\1.00.01\aaCenter.exe -> MD5 = 375EA64D23A32BA7DD388D04B43DC855 | [Ver = 0.1.0.1 | Size = 582144 bytes | Modified Date = 30/06/2006 14:57:04 | Attr = ]
ainap.exe -> %ProgramFiles%\ASUS\Ai Suite\AiNap\AiNap.exe -> MD5 = 6E425E653CCD6283149F169EB0BFA924 | [Ver = | Size = 1093632 bytes | Modified Date = 10/07/2006 15:49:34 | Attr = ]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> MD5 = FDB3E1F204626A0B4F3E7E2A9CCF91E0 | Logitech Inc. [Ver = 2.41.309 | Size = 450560 bytes | Modified Date = 16/06/2005 02:41:00 | Attr = ]
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KHAL\KHALMNPR.EXE -> MD5 = CCB0B7A1DD8BC5A38FB9AE2C1298A2D9 | Logitech Inc. [Ver = 2.41.305 | Size = 28160 bytes | Modified Date = 16/06/2005 02:41:00 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> MD5 = B78DBE162680C940D168421C29905694 | OldTimer Tools [Ver = 1.0.6.1 | Size = 310784 bytes | Modified Date = 24/03/2008 02:11:08 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> MD5 = 0629361FAC4576BA48AB39F4903DCE9E | Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 17/01/2008 00:49:34 | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> MD5 = 303C174A7303A7702A68653152FC65A0 | Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 14/11/2007 21:48:04 | Attr = ]
(Adobe Version Cue CS3) Adobe Version Cue CS3 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> MD5 = 14C23516C990DCD6052152CF034DDE40 | Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 153792 bytes | Modified Date = 20/03/2007 15:41:24 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> MD5 = 60BEE95B4AE6369F0F41881049E5B87D | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 23/03/2008 23:38:25 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> MD5 = 74C35302FCA1B1891F4E255A4A773D4B | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 23/03/2008 23:38:24 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> MD5 = EEC7FA91D3C4C3C05FEEBAA9F06CFC48 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 23/03/2008 23:38:24 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> MD5 = 013AED3D00B99EEDBF7A42E92A1118B1 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 23/03/2008 23:38:25 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> MD5 = 73686FE0B2E0469F89FD2075BE724704 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ]
(Capture Device Service) Capture Device Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\DeviceService\DevSvc.exe -> MD5 = 3014CA345E8AD68587BABFB162DDDEC5 | InterVideo Inc. [Ver = 1.0.0.1 | Size = 200704 bytes | Modified Date = 11/08/2006 11:15:36 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> MD5 = 554C7CB178FE3BD12450B81AD63ADBC3 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 03/08/2004 23:56:50 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> MD5 = 227846995AFEEFA70D328BF5334A86A5 | Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 17/10/2007 11:11:42 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> MD5 = DAF66902F08796F9C694901660E5A64A | Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 00:06:04 | Attr = ]
(IviRegMgr) IviRegMgr [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> MD5 = 213822072085B5BBAD9AF30AB577D817 | InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 04/01/2007 19:48:52 | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> MD5 = 6E5DAC168D1FF9843E84A59D51D31107 | Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 19/10/2006 13:52:24 | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> MD5 = F1534ACA143CA86CD57672953754FAB0 | Sony Corporation [Ver = 4.5.01.04270 | Size = 53337 bytes | Modified Date = 27/04/2006 16:35:16 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> MD5 = F46070DDADA5C396B1F2EBF1C46DBB08 | Nero AG [Ver = 2, 7, 3, 2 | Size = 779824 bytes | Modified Date = 14/03/2007 19:19:10 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> MD5 = 433049770B810D7C83C5C94CDB3E09D2 | Nero AG [Ver = 2,0,5,0 | Size = 271920 bytes | Modified Date = 12/03/2007 13:49:46 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> MD5 = 8D64B827A6709C3D18F855619D7D89E9 | NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> MD5 = 17BB6B38DE8C2BDA692CA1DB0CEA7325 | Sony Corporation [Ver = 4.5.01.04270 | Size = 49241 bytes | Modified Date = 27/04/2006 16:27:06 | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> MD5 = 3980B48DFF300A7E4139F5C64DA65F5C | Sony Corporation [Ver = 4.5.01.04270 | Size = 69718 bytes | Modified Date = 27/04/2006 16:16:28 | Attr = ]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> MD5 = 3DBADE5B4AA47C245A69E99D72B8E73B | Sony Corporation [Ver = 4.0.00.05080 | Size = 69632 bytes | Modified Date = 08/05/2006 03:24:54 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aavmker4.sys -> MD5 = D301F57713A0F6F8A3295AE6EBB69617 | ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 04/12/2007 14:49:02 | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> MD5 = AB0D9669BAB1009E48CC91117E59912B | Analog Devices, Inc. [Ver = 5.10.01.4530 built by: WinDDK | Size = 229376 bytes | Modified Date = 02/05/2006 17:12:06 | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(AEAudio) AE Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> MD5 = 03BE587E90C8B37C7FF1FE2E9C1D1C90 | Andrea Electronics Corporation [Ver = 4.2.32.3 | Size = 93824 bytes | Modified Date = 27/04/2006 06:42:40 | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(aiptektp) HyperPen [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\aiptektp.sys -> MD5 = D4944A84245F67094FD4867F2C1B6993 | AIPTEK International Inc. [Ver = 2.34.00 | Size = 22272 bytes | Modified Date = 07/07/2004 16:02:14 | Attr = ]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(AsIO) AsIO [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AsIO.sys -> MD5 = 19A1DAC5BC607C212E8A94C05886ED52 | [Ver = | Size = 5685 bytes | Modified Date = 22/12/2005 02:22:20 | Attr = ]
(aswMon2) avast! Standard Shield Support [File_System | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aswmon2.sys -> MD5 = 71785F529C7B251B188245843BBF85DB | ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 04/12/2007 14:55:46 | Attr = ]
(aswRdr) aswRdr [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aswRdr.sys -> MD5 = 7BAB4923CABB4404BF05FD111E75E49B | ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 04/12/2007 14:53:39 | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aswTdi.sys -> MD5 = E8A2678EAB78C2060D5EB26803667DC2 | ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 04/12/2007 14:51:52 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(Cardex) Cardex [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TBPanel.sys -> MD5 = 175418424B0973AE9004257EBC60431C | Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 5306 bytes | Modified Date = 27/07/2002 17:01:06 | Attr = ]
(catchme) catchme [Kernel | On_Demand | Running] -> %SystemDrive%\DOCUME~1\dave\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> MD5 = 8DB84DE3AAB34A8B4C2F644EFF41CD76 | Creative Technology Ltd [Ver = 5.12.01.1081-2.04.0050 | Size = 138752 bytes | Modified Date = 10/01/2005 10:15:24 | Attr = ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> MD5 = C0FBB516E06E243F0CF31F597E7EBF7D | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 03/08/2004 22:07:18 | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> MD5 = F5E7B358A732D09F4BCF2824B88B9E28 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 03/08/2004 22:07:18 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> MD5 = E9317282A63CA4D188C0DF5E09C6AC5F | Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> MD5 = 3FCC124B6E08EE0E9351F717DD136939 | Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 20/09/2007 04:33:16 | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(JGOGO) JMicron Hot-Plug Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\JGOGO.sys -> MD5 = C995C0E8B4503FAC38793BB0236AD246 | JMicron [Ver = 5.0.3790.1 | Size = 6912 bytes | Modified Date = 07/02/2006 11:52:58 | Attr = ]
(JRAID) JRAID [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\jraid.sys -> MD5 = F561C67E8E9C598051D4F83296FD1201 | JMicron Technology Corp. [Ver = 1.12.04.00 built by: WinDDK | Size = 43392 bytes | Modified Date = 05/07/2006 12:55:58 | Attr = ]
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042Kbd.sys -> MD5 = 0E107ABF190FBEACD1E273AFC552F7D2 | Logitech, Inc. [Ver = 2.41.305.00 | Size = 13440 bytes | Modified Date = 02/06/2005 13:34:44 | Attr = ]
(L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042mou.Sys -> MD5 = 34EB862D3CDA65F2F546BAE267EDF88E | Logitech, Inc. [Ver = 2.41.305.00 | Size = 55040 bytes | Modified Date = 02/06/2005 13:34:56 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidKE.Sys -> MD5 = 706F3EB3ADD1B6EF8815CF0EC88C1EF3 | Logitech, Inc. [Ver = 2.41.305.00 | Size = 25856 bytes | Modified Date = 02/06/2005 13:35:32 | Attr = ]
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouKE.Sys -> MD5 = C4EEB836D5596FB590F6FF538B66D092 | Logitech, Inc. [Ver = 2.41.305.00 | Size = 68864 bytes | Modified Date = 02/06/2005 13:35:28 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys -> MD5 = D48659BB24C48345D926ECB45C1EBDF5 | [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 13/08/2004 02:56:20 | Attr = ]
(NETMDUSB) Net MD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NETMDUSB.sys -> MD5 = 986ACDECE933131288F1957DC359865F | Sony Corporation [Ver = 1.2.10.08080 | Size = 38951 bytes | Modified Date = 08/08/2002 14:51:32 | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> MD5 = C190757A29A9BC0199032F353DD2557A | NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 6854464 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> MD5 = 103A9B117A7D9903111955CDAFE65AC6 | Creative Technology Ltd. [Ver = 5.12.01.1081-2.04.0050 | Size = 106496 bytes | Modified Date = 10/01/2005 10:15:30 | Attr = ]
(P17) Sound Blaster Audigy [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\P17.sys -> MD5 = 1DB419CB76493F6292CCFBDC3466F5FF | Creative Technology Ltd. [Ver = 5.12.01.512 | Size = 1389056 bytes | Modified Date = 07/07/2005 08:14:30 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> MD5 = 80D317BD1C3DBC5D4FE7B1678C60CADD | Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> MD5 = D86B4A68565E444D76457F14172C875A | Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 07/03/2007 23:51:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtenicxp.sys -> MD5 = B98455F2197FB560BDE2C13D894DB79D | Realtek Semiconductor Corporation [Ver = 5.646.0712.2006 built by: WinDDK | Size = 83712 bytes | Modified Date = 13/07/2006 12:11:04 | Attr = ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\system32\drivers\scdemu.sys -> MD5 = A73AE2510014103A44A5A58845219DCB | PowerISO Computing, Inc. [Ver = 3, 9, 0, 0 | Size = 33292 bytes | Modified Date = 20/01/2008 07:07:58 | Attr = ]
(SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SDTHOOK.SYS -> MD5 = F88D17B93621EEB8BEF33B81E3AF9207 | Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 05/06/2007 10:56:40 | Attr = ]
(se45bus) Sony Ericsson Device 069 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45bus.sys -> MD5 = 531EBC57DB331C8500C042D9F8A6AEF2 | MCCI [Ver = V4.34 | Size = 61536 bytes | Modified Date = 30/11/2006 15:13:56 | Attr = ]
(se45mdfl) Sony Ericsson Device 069 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45mdfl.sys -> MD5 = 148E7E813681D3A0A05F09826080CC2B | MCCI [Ver = V4.34 | Size = 9360 bytes | Modified Date = 30/11/2006 15:14:04 | Attr = ]
(se45mdm) Sony Ericsson Device 069 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45mdm.sys -> MD5 = B4CE022564D0D3FD7B0E5459AA12AA72 | MCCI [Ver = V4.34 | Size = 97088 bytes | Modified Date = 30/11/2006 15:14:04 | Attr = ]
(se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45mgmt.sys -> MD5 = 6D04EA9C049EBD78D64ADE447DE3F7EB | MCCI [Ver = V4.34 | Size = 88624 bytes | Modified Date = 30/11/2006 15:14:10 | Attr = ]
(se45nd5) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45nd5.sys -> MD5 = FDC74BEAA13A801FAC574BC7AF1450C4 | MCCI [Ver = V4.34 | Size = 18704 bytes | Modified Date = 30/11/2006 15:14:10 | Attr = ]
(se45obex) Sony Ericsson Device 069 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45obex.sys -> MD5 = 5E003693822460D37516D9A262DE9E11 | MCCI [Ver = V4.34 | Size = 86432 bytes | Modified Date = 30/11/2006 15:14:14 | Attr = ]
(se45unic) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45unic.sys -> MD5 = FC7021ADB632200DA591A55A35A78ACC | MCCI [Ver = V4.34 | Size = 90800 bytes | Modified Date = 30/11/2006 15:14:22 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> MD5 = 90A3935D05B494A5A39D37E71F09A677 | Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr = ]
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\senfilt.sys -> MD5 = B6A6B409FDA9D9EBD3AADB838D3D7173 | Sensaura [Ver = 5.10.00.3524 | Size = 392960 bytes | Modified Date = 17/03/2006 18:18:58 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> MD5 = A1ECEEAA5C5E74B2499EB51D38185B84 | Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 17/08/2001 13:56:16 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TBPanel) TBPanel [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\TBPanel.sys -> MD5 = 175418424B0973AE9004257EBC60431C | Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 5306 bytes | Modified Date = 27/07/2002 17:01:06 | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe_ID0EYTHM -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe -> MD5 = C1873D880786B6B03AF781E23835D925 | Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 1884160 bytes | Modified Date = 20/03/2007 15:40:44 | Attr = ]
Ai Nap -> %ProgramFiles%\ASUS\Ai Suite\AiNap\AiNap.exe -> MD5 = 6E425E653CCD6283149F169EB0BFA924 | [Ver = | Size = 1093632 bytes | Modified Date = 10/07/2006 15:49:34 | Attr = ]
AsusServiceProvider -> %ProgramFiles%\ASUS\AASP\1.00.01\aaCenter.exe -> MD5 = 375EA64D23A32BA7DD388D04B43DC855 | [Ver = 0.1.0.1 | Size = 582144 bytes | Modified Date = 30/06/2006 14:57:04 | Attr = ]
atwtusb -> %SystemRoot%\system32\ATWTUSB.EXE -> MD5 = 36004224CDAFF02A5FD7F7556D72C2CD | WALTOP International Corp. [Ver = 2, 47, 2, 0 | Size = 290816 bytes | Modified Date = 21/09/2005 18:08:48 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> MD5 = 0800F646E76D5F237A77DCDFA7DAC940 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 23/03/2008 23:44:52 | Attr = ]
CaISSDT -> %ProgramFiles%\CA\eTrust Internet Security Suite\caissdt.exe -> MD5 = D236A482C9AE97B3BB9B9689A4A3796D | Computer Associates International, Inc. [Ver = Version 2.0.1.1 | Size = 165416 bytes | Modified Date = 21/04/2006 14:42:24 | Attr = ]
CreativeTaskScheduler -> %ProgramFiles%\Creative\Shared Files\CTSched.exe -> MD5 = C9E32D5C6944192E7676E2EE2B859779 | Creative Technology Ltd [Ver = 1.0.6.0 | Size = 53340 bytes | Modified Date = 09/01/2006 02:43:42 | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> MD5 = 06DE1310E3F1EA208B3C3B3C3ADE6B55 | Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 31/10/2005 09:51:52 | Attr = ]
eTrustPPAP -> %ProgramFiles%\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe -> MD5 = 0F0BF2DB9AE8658220E832D9FCB5194F | Computer Associates [Ver = 8, 0, 0, 3 | Size = 258048 bytes | Modified Date = 02/01/2008 21:14:04 | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> MD5 = 2BAD84B393AF47006D80BA2F03B18029 | Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 20/03/2006 17:34:50 | Attr = ]
JMB36X Configure -> %SystemRoot%\system32\JMRaidTool.exe -> MD5 = EAAFD8BACFD10B6FDFE0A2E30C4DB1FC | JMicron Technology Corp. [Ver = 1.10.02 | Size = 385024 bytes | Modified Date = 02/06/2006 08:45:20 | Attr = ]
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> MD5 = CCB0B7A1DD8BC5A38FB9AE2C1298A2D9 | Logitech Inc. [Ver = 2.41.305 | Size = 28160 bytes | Modified Date = 02/06/2005 13:22:48 | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> MD5 = ECC0EF0BF0394C60CBC20D8054CED299 | NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 8491008 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> MD5 = 8F70405BB0B12D9FDDC4D39DBDF17A4D | NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 81920 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe -> MD5 = 530FA80819B092440442DFA70C1D01F6 | [Ver = | Size = 1626112 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
P17Helper -> %SystemRoot%\system32\P17.dll -> MD5 = 1AAD42336E6DB80F992F5F7B527CFD65 | [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 03/05/2005 11:38:42 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> MD5 = C74C7963EEC07AF49DCE44D64819B2BF | Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 14/11/2007 21:34:31 | Attr = ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> MD5 = 5A25A52B38E8406AAFD2E04325321165 | Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10/04/2006 08:19:46 | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> MD5 = 1BE6FBEE744B1F35A8A57D7468DAA686 | Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 01/05/2006 10:07:44 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> MD5 = B8E684DF9A97497EDD2F87444A6307FB | RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 04/12/2007 19:25:55 | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> MD5 = C419DF63E0121D72411285780C2FC6CC | Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 11/05/2000 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> MD5 = FDB3E1F204626A0B4F3E7E2A9CCF91E0 | Logitech Inc. [Ver = 2.41.309 | Size = 450560 bytes | Modified Date = 16/06/2005 02:41:00 | Attr = ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: Main\\Start Page -> http://www.msn.com ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Br
  • 0

#60
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Can you run OTScanIt now for me and post that log please.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP