Okay, the script on the originally infected machine (again, I typed it carefully by hand) resulted in:
Fri 04/11/2008 14:48:29.16
And here is the OTscanIT log from the laptop. (BTW, I got internet back on the laptop, using ethernet. My wireless is still down--I cannot get WZC service to start):
[code=auto:0]OTScanIt logfile created on: 2008-04-11 14:59:41
OTScanIt by OldTimer - Version 1.0.9.0 Folder = C:\Documents and Settings\David Olsson\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
958.42 Mb Total Physical Memory | 564.92 Mb Available Physical Memory | 58.94% Memory free
2.26 Gb Paging File | 1.99 Gb Available in Paging File | 87.85% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.26 Gb Total Space | 41.77 Gb Free Space | 58.61% Space Free | Partition Type: NTFS
Drive D: | 4.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GOAPPEALSDCO
Current User Name: David Olsson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
[Processes - Non-Microsoft Only]
schedul2.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> MD5 = D5A40B566B6BF947B2E643DE621B1BDE | Acronis [Ver = 1,0,0,214 | Size = 172032 bytes | Modified Date = 2005-11-28 15:02:54 | Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -> MD5 = E42F7B36B4D8866184E8DF9776CA4226 | [Ver = | Size = 98304 bytes | Modified Date = 2004-10-04 04:47:04 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> MD5 = 73686FE0B2E0469F89FD2075BE724704 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 13:42:38 | Attr = ]
idrivee service.exe -> %ProgramFiles%\IDrive\IDriveE Service.exe -> MD5 = 31CBD5D8F05C4352C4462166508A083B | Pro Softnet Corporation [Ver = 1, 0, 0, 5 | Size = 128464 bytes | Modified Date = 2007-12-19 15:41:08 | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> MD5 = 0FEBE37DB6650FAA5965C00545009D1D | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 13:22:00 | Attr = ]
photoshopelementsdeviceconnect.exe -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -> MD5 = D0F9F362023BF94CF58A1C3CDBBEBE06 | [Ver = | Size = 118784 bytes | Modified Date = 2004-10-04 03:40:50 | Attr = ]
qbdbmgrn.exe -> %ProgramFiles%\Intuit\QuickBooks 2006\QBDBMgrN.exe -> MD5 = CE48E6270962C3D1FAF787B609D11241 | Intuit, Inc. [Ver = 8.0.3.5307 | Size = 126976 bytes | Modified Date = 2005-10-20 10:54:16 | Attr = ]
tsschbkpservice.exe -> %SystemRoot%\system32\TSSchBkpService.exe -> MD5 = 4FEDBC885A5DE3C6AD4D5A3535D420C1 | [Ver = | Size = 705024 bytes | Modified Date = 2006-02-02 16:42:50 | Attr = ]
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> MD5 = 906B35ED797CDE6A59D5798118CC225D | [Ver = | Size = 98304 bytes | Modified Date = 2006-05-03 03:12:00 | Attr = ]
dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> MD5 = CEFD0E35B35AFD9D1C2FEC9AF81AFDB8 | Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 2005-09-08 03:20:00 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> MD5 = 8A71139A5CD86AC55CF0E4383AB4AE33 | RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 185784 bytes | Modified Date = 2006-10-07 06:53:47 | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> MD5 = 289BDC9E5681BD1BE0FB871C460BD254 | SigmaTel, Inc. [Ver = 1.0.5143.0 nd491 cp1 | Size = 282624 bytes | Modified Date = 2006-08-15 07:38:14 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> MD5 = 836DC47E6CAD975304D1D3EB2F516A1C | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2008-02-22 05:25:21 | Attr = ]
trueimagemonitor.exe -> %ProgramFiles%\Acronis\TrueImage\TrueImageMonitor.exe -> Unable to obtain MD5 | Acronis [Ver = 9,0,0,2323 | Size = 988701 bytes | Modified Date = 2005-11-28 15:02:56 | Attr = ]
schedhlp.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> MD5 = B1423F4A808192F09026375AEA25952B | Acronis [Ver = 1,0,0,214 | Size = 118784 bytes | Modified Date = 2005-11-28 15:02:54 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> MD5 = C74C7963EEC07AF49DCE44D64819B2BF | Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2007-12-14 15:03:21 | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> MD5 = E558CDE2913DAA077D4E25732D1AA176 | Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 2004-09-13 16:49:00 | Attr = ]
dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> MD5 = 04361EE0F0D95CDE6432D0A2B23ABAC1 | Gteko Ltd. [Ver = 2, 1, 3, 173 | Size = 389120 bytes | Modified Date = 2006-07-16 19:29:54 | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> MD5 = C519CEC624CF9BCBA3059F32266C8FFF | Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 2004-11-04 20:28:24 | Attr = ]
clsidle.exe -> %ProgramFiles%\IDrive\ClsIdle.exe -> MD5 = 6C50327E235A44C0F69EF03DA0E8453F | Pro Softnet Corporation [Ver = 1, 0, 0, 4 | Size = 50744 bytes | Modified Date = 2007-11-29 17:50:50 | Attr = ]
hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> MD5 = 6B2B9B46D7DA5C67397412DEA6CF9A14 | Hewlett-Packard Co. [Ver = 045.004.157.000 | Size = 425984 bytes | Modified Date = 2004-11-04 20:36:46 | Attr = ]
idriveebackground.exe -> %ProgramFiles%\IDrive\IDriveEBackground.exe -> MD5 = 1E30DD6FAA8319250F59FBAD20EAC135 | Pro Softnet Corp. [Ver = 1.00.0004 | Size = 34256 bytes | Modified Date = 2007-12-19 15:41:50 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> MD5 = F6A57C651C4B28B87125A3DA39DCF448 | OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 2008-04-04 12:24:38 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> MD5 = D5A40B566B6BF947B2E643DE621B1BDE | Acronis [Ver = 1,0,0,214 | Size = 172032 bytes | Modified Date = 2005-11-28 15:02:54 | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> MD5 = F3463E6967C3C396921551C0CDC633C1 | Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2006-10-22 12:21:47 | Attr = ]
(AdobeActiveFileMonitor) Adobe Active File Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -> MD5 = E42F7B36B4D8866184E8DF9776CA4226 | [Ver = | Size = 98304 bytes | Modified Date = 2004-10-04 04:47:04 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> MD5 = 4D070B4341AE2DEF0A257E67C1112ADD | Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 2008-04-10 18:20:58 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> MD5 = 73686FE0B2E0469F89FD2075BE724704 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 13:42:38 | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> MD5 = DBBCD3702D684395DC5D63BEA87AE483 | COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 2008-04-10 18:35:05 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> MD5 = 554C7CB178FE3BD12450B81AD63ADBC3 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> MD5 = 227846995AFEEFA70D328BF5334A86A5 | Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2007-12-12 22:03:47 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> MD5 = 751C1D2CA2ABF4A9F5A6B8D7D45B907C | Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-01-12 18:05:55 | Attr = ]
(IDriveE Service) IDriveE Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IDrive\IDriveE Service.exe -> MD5 = 31CBD5D8F05C4352C4462166508A083B | Pro Softnet Corporation [Ver = 1, 0, 0, 5 | Size = 128464 bytes | Modified Date = 2007-12-19 15:41:08 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> MD5 = DAF66902F08796F9C694901660E5A64A | Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 2005-11-14 02:06:04 | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> MD5 = 963806548BC93F0D0189B631A68A7452 | Network Associates, Inc. [Ver = 3.1.2.266 | Size = 102463 bytes | Modified Date = 2004-04-07 03:12:00 | Attr = ]
(McShield) Network Associates McShield [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Network Associates\VirusScan\Mcshield.exe -> MD5 = 260D285091722D801E5FDD6E1F5AC2D9 | Network Associates, Inc. [Ver = 7.1.0.116 | Size = 237657 bytes | Modified Date = 2008-04-10 18:35:06 | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Network Associates\VirusScan\VsTskMgr.exe -> MD5 = 184078283F0ED17E2CB86A1C8262F53B | Network Associates, Inc. [Ver = 7.1.0.187 | Size = 69706 bytes | Modified Date = 2003-09-29 07:10:00 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> MD5 = 0FEBE37DB6650FAA5965C00545009D1D | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 13:22:00 | Attr = ]
(PhotoshopElementsDeviceConnect) Photoshop Elements Device Connect [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -> MD5 = D0F9F362023BF94CF58A1C3CDBBEBE06 | [Ver = | Size = 118784 bytes | Modified Date = 2004-10-04 03:40:50 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> MD5 = 2D091A99624FB9E7EEF0A86D872EC0C3 | HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 2007-08-09 00:27:52 | Attr = ]
(QuickBooksDB) QuickBooksDB [Win32_Own | Auto | Running] -> %ProgramFiles%\Intuit\QuickBooks 2006\QBDBMgrN.exe -> MD5 = CE48E6270962C3D1FAF787B609D11241 | Intuit, Inc. [Ver = 8.0.3.5307 | Size = 126976 bytes | Modified Date = 2005-10-20 10:54:16 | Attr = ]
(TSScheduleBackup) TimeslipsBackup [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TSSchBkpService.exe -> MD5 = 4FEDBC885A5DE3C6AD4D5A3535D420C1 | [Ver = | Size = 705024 bytes | Modified Date = 2006-02-02 16:42:50 | Attr = ]
[Driver Services - Non-Microsoft Only]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> MD5 = 1140AB9938809700B46BB88E46D72A96 | Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> MD5 = 675C16A3C1F8482F85EE4A97FC0DDE3D | Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 2004-08-03 21:07:44 | Attr = ]
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> MD5 = 0A4D13B388C814560BD69C3A496ECFA8 | Advanced Micro Devices [Ver = 1.3.2 (dnsrv(wmbla).060618-2337) | Size = 36864 bytes | Modified Date = 2006-06-19 02:37:34 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> MD5 = 62D318E9A0C8FC9B780008E724283707 | Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> MD5 = 5D8DE112AA0254B907861E9E9C31D597 | Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> MD5 = ED8CEE58C1E4C5893F5B2FD686A272BF | Adaptec [Ver = 4.71 (0001) | Size = 17005 bytes | Modified Date = 2002-08-14 16:03:36 | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> MD5 = 7D78B7FD0EBE00F177B053A08C78E35B | [Ver = | Size = 4096 bytes | Modified Date = 2006-09-28 07:13:34 | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> MD5 = 6D4A1DA6E6D522B3EBBCBFF4A3589EC5 | GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 2006-09-05 09:03:16 | Attr = ]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> MD5 = 78E7B52DA292FA90BAD2F887BBF22159 | Broadcom Corporation [Ver = 4.47.0.0 built by: WinDDK | Size = 44544 bytes | Modified Date = 2006-08-14 11:29:44 | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\DAVIDO~1\LOCALS~1\Temp\catchme.sys -> File not found
(cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\cercsr6.sys -> MD5 = 84853B3FD012251690570E9E7E43343F | Adaptec, Inc. [Ver = 4.1.0.7405 | Size = 39904 bytes | Modified Date = 2004-12-13 14:14:00 | Attr = ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> MD5 = E5DCB56C533014ECBC556A8357C929D5 | CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(CmdMon) Comodo Application Engine [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cmdmon.sys -> MD5 = 7399B62C07D2340826CCAD5B4D661D35 | Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Modified Date = 2007-02-07 10:25:20 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> MD5 = E550E7418984B65A78299D248F0A7F36 | Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLABOIOM.SYS -> MD5 = E2D0DE31442390C35E3163C87CB6A9EB | Sonic Solutions [Ver = 5.20.08a | Size = 25628 bytes | Modified Date = 2005-09-08 03:20:00 | Attr = ]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLACDBHM.SYS -> MD5 = D979BEBCF7EDCC9C9EE1857D1A68C67B | Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 2005-08-25 10:16:52 | Attr = ]
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLADResN.SYS -> MD5 = 83545593E297F50A8E2524B4C071A153 | Sonic Solutions [Ver = 5.20.08a | Size = 2496 bytes | Modified Date = 2005-09-08 03:20:00 | Attr = ]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAIFS_M.SYS -> MD5 = 96E01D901CDC98C7817155CC057001BF | Sonic Solutions [Ver = 5.20.08a | Size = 86524 bytes | Modified Date = 2005-09-08 03:20:00 | Attr = ]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAOPIOM.SYS -> MD5 = 0A60A39CC5E767980A31CA5D7238DFA9 | Sonic Solutions [Ver = 5.20.08a | Size = 14684 bytes | Modified Date = 2005-09-08 03:20:00 | Attr = ]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAPoolM.SYS -> MD5 = 9FE2B72558FC808357F427FD83314375 | Sonic Solutions [Ver = 5.20.08a | Size = 6364 bytes | Modified Date = 2005-09-08 03:20:00 | Attr = ]
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLARTL_N.SYS -> MD5 = 7EE0852AE8907689DF25049DCD2342E8 | Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 2005-08-25 10:16:16 | Attr = ]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDFAM.SYS -> MD5 = F08E1DAFAC457893399E03430A6A1397 | Sonic Solutions [Ver = 5.20.08a | Size = 94332 bytes | Modified Date = 2005-09-08 03:20:00 | Attr = ]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDF_M.SYS -> MD5 = E7D105ED1E694449D444A9933DF8E060 | Sonic Solutions [Ver = 5.20.08a | Size = 87036 bytes | Modified Date = 2005-09-08 03:20:00 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> MD5 = C0FBB516E06E243F0CF31F597E7EBF7D | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> MD5 = F5E7B358A732D09F4BCF2824B88B9E28 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> MD5 = E9317282A63CA4D188C0DF5E09C6AC5F | Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\DRVMCDB.SYS -> MD5 = FD0F95981FEF9073659D8EC58E40AA3C | Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 2005-09-12 01:30:00 | Attr = ]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\DRVNDDM.SYS -> MD5 = B4869D320428CDC5EC4D7F5E808E99B5 | Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 2005-08-12 03:20:00 | Attr = ]
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Dell Support\GTAction\triggers\DSproct.sys -> MD5 = 2AC2372FFAD9ADC85672CC8E8AE14BE9 | GTek Technologies Ltd. [Ver = 1, 0, 0, 28 | Size = 4864 bytes | Modified Date = 2006-01-10 10:07:58 | Attr = ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> MD5 = 3FCA03CBCA11269F973B70FA483C88EF | Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 2001-08-17 10:12:10 | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> MD5 = E31363D186B3E1D7C4E9117884A6AEE5 | Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 2004-08-12 15:45:54 | Attr = ]
(Inspect) Comodo Network Engine [Kernel | Boot | Stopped] -> %SystemRoot%\System32\DRIVERS\inspect.sys -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> MD5 = 3F4BB95E5A44F3BE34824E8E7CAF0737 | American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(NaiAvFilter1) NaiAvFilter1 [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\naiavf5x.sys -> MD5 = 93941B922810F9DFA68DFFFC6AD67A77 | Network Associates, Inc. [Ver = 7.1.0.111 | Size = 83008 bytes | Modified Date = 2003-09-29 07:10:00 | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> MD5 = BA1B732C1A70CFEA0C1B64F2850BF44F | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 3994624 bytes | Modified Date = 2006-10-22 13:22:00 | Attr = ]
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> MD5 = 2C1EB94C24A6A1D3434481B0A5FA9C08 | Padus, Inc. [Ver = 2, 5, 0, 201 | Size = 9856 bytes | Modified Date = 2003-11-11 19:55:00 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> MD5 = 80D317BD1C3DBC5D4FE7B1678C60CADD | Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> MD5 = 86724469CD077901706854974CD13C3E | Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 2005-04-25 00:03:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> MD5 = 0A63FB54039EB5662433CABA3B26DBA7 | QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> MD5 = 156ED0EF20C15114CA097A34A30D8A01 | QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> MD5 = 907F0AEEA6BC451011611E732BD31FCF | QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> MD5 = D96686FCA1F9F6B06F7490553CBDA6DE | [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 2006-10-10 13:53:48 | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> MD5 = 7F1085895E499907F68DF7731924122B | SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2006-02-16 17:51:08 | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> MD5 = 16251201EFB144DEE6525C0CB26B86C1 | [Ver = 1, 0, 0, 1024 | Size = 29184 bytes | Modified Date = 2006-09-19 16:06:52 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> MD5 = D26E26EA516450AF9D072635C60387F4 | [Ver = | Size = 27440 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> MD5 = 732D859B286DA692119F286B21A2A114 | Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 2004-08-03 21:07:44 | Attr = ]
(snapman) Acronis Snapshots Manager [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\snapman.sys -> MD5 = 90257773F4B4065BD0C6CC2164FD52E5 | Acronis [Ver = 1.09 build 158 | Size = 96320 bytes | Modified Date = 2007-01-12 18:08:33 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> MD5 = 83C0F71F86D3BDAF915685F3D568B20E | Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> MD5 = 8990440E4B2A7CA5A56A1833B03741FD | SigmaTel, Inc. [Ver = 5.10.5143.0 nd491 cp1 | Size = 1171464 bytes | Modified Date = 2006-08-15 07:38:14 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> MD5 = 1FF3217614018630D0A6758630FC698C | Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> MD5 = 070E001D95CF725186EF8B20335F933C | LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> MD5 = 80AC1C4ABBE2DF3B738BF15517A51F2C | LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> MD5 = BF4FAB949A382A8E105F46EBB4937058 | LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
(tifsfilter) Acronis TrueImage FS Filter [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\tifsfilt.sys -> MD5 = 7369F74DD9172C6527A8ACEB010E28F1 | Acronis [Ver = 1.1 build 327 | Size = 30688 bytes | Modified Date = 2007-01-12 18:08:36 | Attr = ]
(timounter) Acronis TrueImage Backup Archive Explorer [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\timntr.sys -> MD5 = 53FEC95B844C46489F6683DC0A606E01 | Acronis [Ver = 1.1 build 327 | Size = 249152 bytes | Modified Date = 2007-01-12 18:08:36 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> MD5 = 1B698A51CD528D8DA4FFAED66DFC51B9 | Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 2004-08-04 03:00:00 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Acronis Scheduler2 Service -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe ["C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"] -> MD5 = B1423F4A808192F09026375AEA25952B | Acronis [Ver = 1,0,0,214 | Size = 118784 bytes | Modified Date = 2005-11-28 15:02:54 | Attr = ]
Comodo Firewall -> %ProgramFiles%\Comodo\Firewall\cpf.exe ["C:\Program Files\Comodo\Firewall\CPF.exe" /background] -> MD5 = 1F5882037BAD07E9926F47A3A32F0931 | COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 2007-02-07 10:24:22 | Attr = ]
DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> MD5 = CEFD0E35B35AFD9D1C2FEC9AF81AFDB8 | Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 2005-09-08 03:20:00 | Attr = ]
DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> MD5 = 906B35ED797CDE6A59D5798118CC225D | [Ver = | Size = 98304 bytes | Modified Date = 2006-05-03 03:12:00 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe ["c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"] -> MD5 = E558CDE2913DAA077D4E25732D1AA176 | Hewlett-Packard Company [Ver = 5, 0, 0, 0 | Size = 49152 bytes | Modified Date = 2004-09-13 16:49:00 | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> MD5 = 9E109B03018763FDCB075CE74547BE22 | InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 2005-06-10 08:44:02 | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> MD5 = 583B7D111304BE63D7D9CB65482D2187 | InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 2005-06-10 08:44:02 | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe ["C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey] -> MD5 = 9451DBB2652E814E9B8C93C019183568 | Network Associates, Inc. [Ver = 3.1.2.266 | Size = 135224 bytes | Modified Date = 2008-04-10 19:08:30 | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> MD5 = C1EA489DD8B5E57B03E2FD5A1500621B | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 2006-10-22 13:22:00 | Attr = ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> MD5 = 1FF171FBAF6E5A29C07B1F8D318B607A | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 2006-10-22 13:22:00 | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> MD5 = 0294E2A5E89BF786F24A9CC2FD753191 | [Ver = | Size = 1622016 bytes | Modified Date = 2006-10-22 13:22:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> MD5 = C74C7963EEC07AF49DCE44D64819B2BF | Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2007-12-14 15:03:21 | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe ["C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE] -> MD5 = 270A26E0F3C08944A9E91BBE5B5CABCE | Network Associates, Inc. [Ver = 7.1.0.187 | Size = 81990 bytes | Modified Date = 2008-04-10 19:08:30 | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe [stsystra.exe] -> MD5 = 289BDC9E5681BD1BE0FB871C460BD254 | SigmaTel, Inc. [Ver = 1.0.5143.0 nd491 cp1 | Size = 282624 bytes | Modified Date = 2006-08-15 07:38:14 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> MD5 = 836DC47E6CAD975304D1D3EB2F516A1C | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2008-02-22 05:25:21 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> MD5 = 8A71139A5CD86AC55CF0E4383AB4AE33 | RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 185784 bytes | Modified Date = 2006-10-07 06:53:47 | Attr = ]
TrueImageMonitor.exe -> %ProgramFiles%\Acronis\TrueImage\TrueImageMonitor.exe [C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe] -> Unable to obtain MD5 | Acronis [Ver = 9,0,0,2323 | Size = 988701 bytes | Modified Date = 2005-11-28 15:02:56 | Attr = ]
UnlockerAssistant -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe ["C:\Program Files\Unlocker\UnlockerAssistant.exe"] -> MD5 = 3FFE8752B77382C5050006C31781D05A | [Ver = | Size = 15872 bytes | Modified Date = 2006-09-07 10:19:27 | Attr = ]
UserFaultCheck -> [%systemroot%\system32\dumprep 0 -u] -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> MD5 = 04361EE0F0D95CDE6432D0A2B23ABAC1 | Gteko Ltd. [Ver = 2, 1, 3, 173 | Size = 389120 bytes | Modified Date = 2006-07-16 19:29:54 | Attr = ]
IDriveE Startup -> %ProgramFiles%\IDrive\IDrvieEStartup.exe ["C:\Program Files\IDrive\IDrvieEStartup.exe" Hide] -> MD5 = B1D733B903951D010A3C8E89005D6699 | Pro Softnet Corporation [Ver = 1.00.0007 | Size = 194000 bytes | Modified Date = 2007-11-29 18:02:40 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> MD5 = B1E3C1282DF184C22DCD3D2CE4214EE8 | [Ver = | Size = 688128 bytes | Modified Date = 2006-05-26 02:01:00 | Attr = H ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> MD5 = 43F3F6D33C793089A7C32B45DA16094B | Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 2006-03-30 17:45:08 | Attr = R ]
< Run [HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\] > -> HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> MD5 = 04361EE0F0D95CDE6432D0A2B23ABAC1 | Gteko Ltd. [Ver = 2, 1, 3, 173 | Size = 389120 bytes | Modified Date = 2006-07-16 19:29:54 | Attr = ]
IDriveE Startup -> %ProgramFiles%\IDrive\IDrvieEStartup.exe ["C:\Program Files\IDrive\IDrvieEStartup.exe" Hide] -> MD5 = B1D733B903951D010A3C8E89005D6699 | Pro Softnet Corporation [Ver = 1.00.0007 | Size = 194000 bytes | Modified Date = 2007-11-29 18:02:40 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> MD5 = B1E3C1282DF184C22DCD3D2CE4214EE8 | [Ver = | Size = 688128 bytes | Modified Date = 2006-05-26 02:01:00 | Attr = H ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> MD5 = 43F3F6D33C793089A7C32B45DA16094B | Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 2006-03-30 17:45:08 | Attr = R ]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> MD5 = C2FF17734176CD15221C10044EF0BA1A | Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 2004-10-04 01:12:18 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> MD5 = 43362B96870CE8649F4F2EC893DA93F0 | Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 2005-09-23 23:05:26 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> MD5 = C519CEC624CF9BCBA3059F32266C8FFF | Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 2004-11-04 20:28:24 | Attr = ]
< David Olsson Startup Folder > -> C:\Documents and Settings\David Olsson\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> MD5 = C2FF17734176CD15221C10044EF0BA1A | Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 2004-10-04 01:12:18 | Attr = ]
%UserProfile%\Start Menu\Programs\Startup\E-mail.lnk -> -> File not found
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> MD5 = E00DE20F0F6BED5CD2160247DDC9443B | [Ver = | Size = 38912 bytes | Modified Date = 2005-10-20 13:04:08 | Attr = ]
%UserProfile%\Start Menu\Programs\Startup\Password Safe.lnk -> %ProgramFiles%\Password Safe\pwsafe.exe -> MD5 = D10654679F54D0736CF8A8B9466010F2 | SourceForge.net [Ver = 3, 7, 0, 1332 | Size = 1032192 bytes | Modified Date = 2007-03-29 14:06:22 | Attr = ]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< QBDataServiceUser Startup Folder > -> C:\Documents and Settings\QBDataServiceUser\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> MD5 = 4C7F099B3FFDE9805AE290DE3E593397 | Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 2006-09-28 07:13:28 | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> MD5 = 4C8C7AB29C2447E1906A4D9A87468C15 | SuperAdBlocker.com [Ver = 1, 0, 0, 1006 | Size = 77824 bytes | Modified Date = 2006-09-28 12:22:36 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006] > -> HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1007] > -> HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1007\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> MD5 = 878BD80FDC51F6074D7B664C253EDE4C | SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 2006-10-19 10:12:20 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\EnableLUA -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006] > -> HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1007] > -> HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SU
Edited by d_Oregon, 11 April 2008 - 04:08 PM.