cant find the first two files to put into that virus total program. also cant run sdfix without being in safe mode. i no longer have a boot.ini in msconfig and like i said earlier, F8 just asks what to boot from. not the normal screen to select safe mode. however, i did do the AVZ program like you said

0

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop. !!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!! Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd" Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

0

SmitFraudFix v2.240 Scan done at 16:18:59.39, Mon 10/15/2007 Run from E:\Documents and Settings\Mike\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.exe E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe E:\WINDOWS\CTHELPER.exe E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe E:\PROGRA~1\Grisoft\AVG7\avgcc.exe E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe E:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe E:\Program Files\UltraMon\UltraMon.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe E:\Program Files\iTunes\iTunesHelper.exe E:\PROGRA~1\Grisoft\AVG7\avgemc.exe E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\System32\nvsvc32.exe E:\Program Files\UltraMon\UltraMonTaskbar.exe E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Nikon\PictureProject\NkbMonitor.exe E:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe E:\Program Files\iPod\bin\iPodService.exe e:\program files\common files\aol\1156714696\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe e:\program files\common files\aol\1156714696\ee\aolsoftware.exe E:\Program Files\Common Files\Teleca Shared\Generic.exe E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe E:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe E:\Program Files\America Online 9.0\waol.exe E:\Program Files\America Online 9.0\shellmon.exe E:\PROGRA~1\MOZILL~1\FIREFOX.exe E:\WINDOWS\system32\cmd.exe E:\WINDOWS\notepad.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» E:\ »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Mike »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Mike\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\Mike\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 12.183.168.5 DNS Server Search Order: 12.127.16.67 DNS Server Search Order: 12.127.17.71 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCDFA58E-FF3D-4542-A3BC-2559B5910AAC}: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCDFA58E-FF3D-4542-A3BC-2559B5910AAC}: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71 HKLM\SYSTEM\CS3\Services\Tcpip\..\{FCDFA58E-FF3D-4542-A3BC-2559B5910AAC}: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

0

First you must uninstall one of the antivirus progarms you have. Chooose AVG or Avast and uninstall the other as they will conflict. Next go to start> control panel> add/remove programs and uninstall this program if found: LimeWire Please download the Sophos Anti-Rootkit Scanner and save it to your desktop from the following link. Sophos-Anti-Rootkit You will need to enter your name, e-mail address and location in order to access the download page. Once you have downloaded the file, double click the sarsfx icon Review the licence agreement and click on the Accept button The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui. Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan Allow the program to scan your computer - please be patient as it may take some time Once the scan has completed a window will pop-up with the results of the scan - click OK to this. In the main window, you will see each of the entries found by the scan (if any) If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review. Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you. If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry To clean up these entries click on the Clean up checked items button. If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so. Pst a new Hijack This log and a new Combofix log please.

0

here are the warnings... Warning: Error parsing raw registry hive S-1-5-18. Registry scan may not be supported on this version of Windows. here is hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:16:17 PM, on 10/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe E:\WINDOWS\Explorer.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe E:\WINDOWS\CTHELPER.exe E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe E:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\Program Files\UltraMon\UltraMon.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe e:\program files\common files\aol\1156714696\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe e:\program files\common files\aol\1156714696\ee\aolsoftware.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\UltraMon\UltraMonTaskbar.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe E:\WINDOWS\System32\nvsvc32.exe E:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe E:\Program Files\America Online 9.0\waol.exe E:\Program Files\Nikon\PictureProject\NkbMonitor.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe E:\Program Files\iPod\bin\iPodService.exe E:\Program Files\Common Files\Teleca Shared\Generic.exe E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe E:\Program Files\America Online 9.0\shellmon.exe E:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe E:\PROGRA~1\MOZILL~1\FIREFOX.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Pure Networks Port Magic] "E:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [CTDVDDET] "E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe" O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [RCSystem] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Program Files\Browser Mouse\MOffice.exe O4 - HKLM\..\Run: [UltraMon] "E:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Multimedia keyboard utility\KbdAp32A.exe O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [343763395] D:\Reg\Pentax_Win_GM_12062004.exe /r "D:\Reg\Pentax_Win_GM_12062004.rpd" O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [AOL Fast Start] "E:\Program Files\America Online 9.0\AOL.exe" -b O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Post-it® Software Notes.lnk = E:\Program Files\3M\PSNotes2\Psn2.exe O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe -- End of file - 8441 bytes here is combofix ComboFix 07-10-11.5 - Mike 2007-10-15 22:16:59.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.592 [GMT -7:00] Running from: E:\Documents and Settings\Mike\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))) . 2007-10-15 22:04 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Avg7 2007-10-15 22:00 <DIR> d-------- E:\Program Files\Sophos 2007-10-15 16:39 <DIR> d-------- E:\FEAR_AND_LOATHING 2007-10-15 16:18 4,500 --a------ E:\WINDOWS\system32\tmp.reg 2007-10-10 19:35 51,200 --a------ E:\WINDOWS\NirCmd.exe 2007-10-10 19:29 <DIR> d-------- E:\Program Files\Trend Micro 2007-10-09 21:54 584,192 -----c--- E:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-09 21:31 <DIR> d-------- E:\Program Files\Alwil Software 2007-10-09 21:31 801,144 --a------ E:\WINDOWS\system32\aswBoot.exe 2007-10-09 21:31 95,608 --a------ E:\WINDOWS\system32\AvastSS.scr 2007-10-09 21:31 94,416 --a------ E:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-09 21:31 92,848 --a------ E:\WINDOWS\system32\drivers\aswmon.sys 2007-10-09 21:31 42,912 --a------ E:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-09 21:31 26,624 --a------ E:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-09 21:31 23,152 --a------ E:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-09 14:41 <DIR> d-------- E:\Documents and Settings\Mike\.housecall6.6 2007-10-02 23:09 <DIR> d-------- E:\Program Files\Nero 2007-10-02 15:18 <DIR> d-------- E:\Program Files\DVD Shrink 2007-09-26 02:02 3,441,296 --a------ E:\WINDOWS\Swordfish Screensaver 1.exe 2007-09-26 02:02 238,232 --a------ E:\WINDOWS\Swordfish Screensaver 1.scr 2007-09-26 02:02 40,960 --a------ E:\WINDOWS\Swordfish Screensaver 1.dll 2007-09-26 02:02 18,192 --a------ E:\WINDOWS\Swordfish Screensaver 1.dat 2007-09-26 01:43 <DIR> d-------- E:\Program Files\UltraMon 2007-09-26 01:43 <DIR> d-------- E:\Program Files\Common Files\Realtime Soft 2007-09-26 01:43 <DIR> d-------- E:\Documents and Settings\Mike\Application Data\Realtime Soft 2007-09-26 01:43 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Realtime Soft 2007-09-24 01:01 <DIR> d-------- E:\Documents and Settings\Mike\Application Data\DivX 2007-09-17 11:23 823,296 --a------ E:\WINDOWS\system32\divx_xx0c.dll 2007-09-17 11:23 823,296 --a------ E:\WINDOWS\system32\divx_xx07.dll 2007-09-17 11:22 802,816 --a------ E:\WINDOWS\system32\divx_xx11.dll 2007-09-17 11:22 739,840 --a------ E:\WINDOWS\system32\DivX.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-16 04:47 --------- d-----w E:\Program Files\Java 2007-10-15 23:32 --------- d-----w E:\Program Files\Common Files\Ahead 2007-10-15 23:23 --------- d-----w E:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-10-03 23:45 --------- d-----w E:\Program Files\Winamp 2007-10-02 20:56 --------- d--h--w E:\Program Files\InstallShield Installation Information 2007-09-24 03:31 --------- d-----w E:\Program Files\DivX 2007-09-14 00:31 --------- d-----w E:\Program Files\WinMPG VideoConvert 2007-09-14 00:30 --------- d-----w E:\Program Files\Avi2Dvd 2007-09-11 23:14 156,992 ----a-w E:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-09-10 22:23 --------- d-----w E:\Program Files\Common Files\Blizzard Entertainment 2007-08-31 02:33 --------- d-----w E:\Program Files\Ares 2007-08-21 06:15 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll 2007-08-21 00:26 81,920 ----a-w E:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w E:\WINDOWS\system32\dtu100.dll 2007-08-15 22:33 524,288 ----a-w E:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 129,784 ------w E:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ------w E:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ------w E:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w E:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w E:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w E:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w E:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w E:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w E:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 12,288 ----a-w E:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-31 02:19 92,504 ----a-w E:\WINDOWS\system32\cdm.dll 2007-07-31 02:19 549,720 ----a-w E:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19 53,080 ----a-w E:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19 43,352 ----a-w E:\WINDOWS\system32\wups2.dll 2007-07-31 02:19 325,976 ----a-w E:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19 203,096 ----a-w E:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19 1,712,984 ----a-w E:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:18 33,624 ----a-w E:\WINDOWS\system32\wups.dll 2007-07-30 23:46 20 ---h--w E:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT . ((((((((((((((((((((((((((((( snapshot@2007-10-10_19.41.29.07 ))))))))))))))))))))))))))))))))))))))))) . + 2007-10-15 23:33:51 25,214 ----a-r E:\WINDOWS\Installer\{2F351A97-7BAC-4045-80A4-3527805E1033}\ARPPRODUCTICON.exe + 2005-08-15 19:08:26 5,888 ----a-w E:\WINDOWS\system32\drivers\imagedrv.sys + 2005-08-15 19:08:26 127,488 ----a-w E:\WINDOWS\system32\drivers\imagesrv.sys + 2004-07-27 00:16:10 1,568,768 ----a-w E:\WINDOWS\system32\imagX7.dll + 2004-07-27 00:16:10 476,320 ----a-w E:\WINDOWS\system32\imagXpr7.dll + 2004-07-27 00:16:10 262,144 ----a-w E:\WINDOWS\system32\imagXR7.dll + 2004-07-27 00:16:10 471,040 ----a-w E:\WINDOWS\system32\imagXRA7.dll - 2007-07-12 08:22:00 135,168 ----a-w E:\WINDOWS\system32\java.exe + 2007-09-25 05:30:28 135,168 ----a-w E:\WINDOWS\system32\java.exe - 2007-07-12 08:22:04 135,168 ----a-w E:\WINDOWS\system32\javaw.exe + 2007-09-25 05:30:30 135,168 ----a-w E:\WINDOWS\system32\javaw.exe - 2007-07-12 09:22:38 139,264 ----a-w E:\WINDOWS\system32\javaws.exe + 2007-09-25 06:31:42 139,264 ----a-w E:\WINDOWS\system32\javaws.exe + 2005-02-16 22:18:04 90,184 ----a-w E:\WINDOWS\system32\NeroCo.dll + 2004-07-09 16:43:56 364,544 ----a-w E:\WINDOWS\system32\TwnLib4.dll + 2007-10-16 05:05:44 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat + 2005-09-12 23:13:46 233,472 ----a-w E:\WINDOWS\UNNeroBackItUp.exe + 2005-09-12 23:13:46 233,472 ----a-w E:\WINDOWS\UNNeroMediaHome.exe + 2005-09-12 23:13:46 233,472 ----a-w E:\WINDOWS\UNNeroShowTime.exe + 2005-09-12 23:13:46 233,472 ----a-w E:\WINDOWS\UNNeroVision.exe + 2005-09-12 23:13:46 233,472 ----a-w E:\WINDOWS\UNRecode.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HostManager"="E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe" [2006-09-25 17:52] "AOLDialer"="E:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50] "Pure Networks Port Magic"="E:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 14:33] "CTDVDDET"="E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe" [2003-06-18 01:00] "CTSysVol"="E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10] "RCSystem"="E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25] "AudioDrvEmulator"="E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25] "CTHelper"="CTHELPER.EXE" [2005-06-17 23:01 E:\WINDOWS\CTHELPER.EXE] "UpdReg"="E:\WINDOWS\UpdReg.exe" [2000-05-11 01:00] "NvCplDaemon"="E:\WINDOWS\System32\NvCpl.dll" [2006-03-13 19:58] "NvMediaCenter"="E:\WINDOWS\System32\NvMcTray.dll" [2006-03-13 19:58] "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2006-11-02 20:50] "TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-21 18:25] "FLMOFFICE4DMOUSE"="E:\Program Files\Browser Mouse\MOffice.exe" [2007-01-13 23:22] "UltraMon"="E:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27] "avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06] "FLMK08KB"="E:\Program Files\Multimedia keyboard utility\KbdAp32A.exe" [2007-01-13 23:24] "iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 12:58] "nwiz"="nwiz.exe" [2006-03-13 19:58 E:\WINDOWS\system32\nwiz.exe] "343763395"="D:\Reg\Pentax_Win_GM_12062004.exe" [] "NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "Sony Ericsson PC Suite"="E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-08-09 19:14] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52] "ares"="C:\Program Files\Ares\Ares.exe" [] "AOL Fast Start"="E:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17] E:\Documents and Settings\All Users\Start Menu\Programs\Startup\ NkbMonitor.exe.lnk - E:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-07-30 16:47:15] Post-itr Software Notes.lnk - E:\Program Files\3M\PSNotes2\Psn2.exe [2002-01-21 08:00:24] R2 UltraMonUtility;UltraMon Utility Driver;\??\E:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys R3 MEMSWEEP2;MEMSWEEP2;\??\E:\WINDOWS\system32\113.tmp R3 moufiltr;Mouse Filter Driver;E:\WINDOWS\system32\DRIVERS\moufiltr.sys R3 UltraMonMirror;UltraMonMirror;E:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys R3 w600bus;Sony Ericsson W600 driver (WDM);E:\WINDOWS\system32\DRIVERS\w600bus.sys R3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\w600mdfl.sys R3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;E:\WINDOWS\system32\DRIVERS\w600mdm.sys R3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;E:\WINDOWS\system32\DRIVERS\w600mgmt.sys R3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;E:\WINDOWS\system32\DRIVERS\w600obex.sys S3 PciCon;PciCon;\??\D:\PciCon.sys . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-15 22:17:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-15 22:18:26 E:\ComboFix2.txt ... 2007-10-10 19:42 . --- E O F ---

0

Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Then post a new Combofix log, hope fully the last one needed. Is your computer operating any better?

0

my computer is operating better but still crashes while trying to burn anything (cd/dvd) and i still cannot get my computer into safe mode. when i hit f8 it asks which i want to boot from, not safe mode, normal mode, etc. and i still do not have a safe mode boot.ini option in msconfig to start in safe mode that way. any thoughts on how to boot in safe mode?

0

Do you have an xp cd?

0

yes. my computer kept freezing when trying to load it...

0

This may fix the dvd drive. 1. Click on START button, the click on RUN. 2. Enter REGEDIT and press Enter. 3. When REGEDIT starts, open up the following folders by clicking the plus (+)sign to the left of these folders. HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class Then click on this folder (not the + sign) {4D36E965-E325 -11CE-BFC1-08002BE10318}. 4. After clicking on {4D36E965-E325 -11CE-BFC1-08002BE10318} you should see two settings on the right pane: "Upperfilters" "Lowerfilters" Right click on each of them, press DELETE and click YES then restart the computer.

0

did that. still crashed while trying to burn anything. i would just reformat my hard drive except that i cant burn to even back anything up

0

also. now it is popping up with lovgate.f like every two hours as a virus...

0

so i take it you gave up or ran out of ideas?

0

It sounds as though the cd/dvd burner may need the drivers replaced, this program may at least expose the offending files. Please download Dr Web CureIt to your desktop from this link ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable. This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log on your desktop.

0

so the first scan found 16 files. but on 99% my computer rebooted. so i didnt get a chance to save the files. i tried to run the program again and it crashed on 1% so im gonna try again, but thought i would give you the heads up

0

i just found the log in the autolog function. here is what it gave me e:\program files\common files\scanner\ppctl.dll - incurable - moved [Scan path] C:\ [Scan path] E:\ >E:\AOL Instant Messenger\AIM.exe\data041 is an adware program Adware.Aws E:\AOL Instant Messenger\AIM.exe - archive contains infected objects >E:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP1F2.tmp\asprtpup.exe\data007 probably infected with BACKDOOR.Trojan E:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP1F2.tmp\asprtpup.exe - archive contains infected objects E:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP54.tmp\aspapp\setup.exe probably infected with BACKDOOR.Trojan >E:\Documents and Settings\Mike\Desktop\SDFix.exe\SDFix\apps\Process.exe is a hacktool program Tool.Prockill - ignored E:\Documents and Settings\Mike\Desktop\SmitfraudFix\restart.exe is a hacktool program Tool.ShutDown.11 - ignored E:\Mike\Documents\Random Again\SmitfraudFix\restart.exe is a hacktool program Tool.ShutDown.11 - ignored >>E:\Program Files\AOL\Installers\ASP 2.0\ocpinst.exe\data179 probably infected with DLOADER.Trojan E:\Program Files\AOL\Installers\ASP 2.0\ocpinst.exe - archive contains infected objects E:\Program Files\AOL\Installers\ASP 2.0\setup.exe probably infected with BACKDOOR.Trojan E:\Program Files\ComcastToolbar\register.exe is an adware program Adware.Xbarre E:\Program Files\ComcastToolbar\uninstall.exe is an adware program Adware.VMN >>>E:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate\data014\data179 probably infected with DLOADER.Trojan >E:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate\data014 - archive contains infected objects >E:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate\data017 probably infected with BACKDOOR.Trojan E:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate - archive contains infected objects >E:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe\data010 probably infected with BACKDOOR.Trojan E:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe - archive contains infected objects >E:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe\core.cab\GTDOWNAO_106.ocx is an adware program Adware.Gdown E:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe - archive contains infected objects >E:\Program Files\Common Files\aolback\Comps\tpspd\TSSetup.exe\data002 probably infected with DLOADER.Trojan E:\Program Files\Common Files\aolback\Comps\tpspd\TSSetup.exe - archive contains infected objects E:\Program Files\Common Files\AolCoach\en_en\GTDownAO_106.ocx is an adware program Adware.Gdown >E:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL\lib/zi/ZoneInfoMappings>E:\Program Files\DivX\DivX Web Player\npdivx32.dll - decompression error >E:\Program Files\Mozilla Firefox\plugins\npdivx32.dll - decompression error E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP11\A0002744.exe is a hacktool program Tool.Prockill - ignored >E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP16\A0003098.dll probably infected with DLOADER.Trojan >E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP16\A0003099.dll probably infected with DLOADER.Trojan E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP2\A0000072.exe is a hacktool program Tool.Prockill - ignored im gonna try and run it again so it will move these files or cure them for me. let me know the next step

0

got it to run a full scan without rebooting by doing a custom scan without folders i knew didnt have problems. it found 15. these are them. i was also able to move them to a folder. and when it found the lovgate worm it said it cured it (this was done separately from the scan) my computer seems to be running slow now E:\AOL Instant Messenger\AIM.exe - moved E:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP1F2.tmp\asprtpup.exe - moved E:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP54.tmp\aspapp\setup.exe - moved E:\Program Files\AOL\Installers\ASP 2.0\ocpinst.exe - moved E:\Program Files\AOL\Installers\ASP 2.0\setup.exe - moved E:\Program Files\ComcastToolbar\register.exe - moved E:\Program Files\ComcastToolbar\uninstall.exe - moved E:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate - moved E:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe - moved E:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe - moved E:\Program Files\Common Files\aolback\Comps\tpspd\TSSetup.exe - moved E:\Program Files\Common Files\AolCoach\en_en\GTDownAO_106.ocx - moved E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP16\A0003098.dll - moved E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP16\A0003099.dll - moved ============================================================================= Total session statistics ============================================================================= Objects scanned: 278435 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 10 Adware programs found: 5 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 14 Ignored: 5 Scan speed: 437 Kb/s Scan time: 01:21:32

0

Please download SilentRunners from this link http://www.silentrunners.org/Silent%20Runners.zip. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.

0

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "E:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Sony Ericsson PC Suite" = ""E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized" ["Sony Ericsson Mobile Communications AB"] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] "ares" = ""C:\Program Files\Ares\Ares.exe" -h" [file not found] "AOL Fast Start" = ""E:\Program Files\America Online 9.0\AOL.exe" -b" ["America Online, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "HostManager" = "E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe" ["America Online, Inc."] "AOLDialer" = "E:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ["AOL LLC"] "Pure Networks Port Magic" = ""E:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run" ["Pure Networks, Inc."] "CTDVDDET" = ""E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe"" ["Creative Technology Ltd"] "CTSysVol" = "E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"] "RCSystem" = ""E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup" ["Creative Technology Ltd."] "AudioDrvEmulator" = ""E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"" ["Creative Technology Ltd."] "CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"] "UpdReg" = "E:\WINDOWS\UpdReg.exe" ["Creative Technology Ltd."] "NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "SunJavaUpdateSched" = ""E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "TkBellExe" = ""E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "FLMOFFICE4DMOUSE" = "E:\Program Files\Browser Mouse\MOffice.exe" [empty string] "UltraMon" = ""E:\Program Files\UltraMon\UltraMon.exe" /auto" ["Realtime Soft"] "FLMK08KB" = "E:\Program Files\Multimedia keyboard utility\KbdAp32A.exe" [empty string] "iTunesHelper" = ""E:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "343763395" = "D:\Reg\Pentax_Win_GM_12062004.exe /r "D:\Reg\Pentax_Win_GM_12062004.rpd"" [file not found] "NeroFilterCheck" = "E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "SpIDerNT" = "E:\PROGRA~1\DrWeb\spiderui.exe /agent" ["Doctor Web, Ltd."] "SpIDerMail" = ""E:\Program Files\DrWeb\spiderml.exe"" ["Doctor Web, Ltd."] "DrWebScheduler" = ""E:\Program Files\DrWeb\DRWEBSCD.exe"" ["Doctor Web, Ltd."] "KernelFaultCheck" = "E:\WINDOWS\system32\dumprep 0 -k" HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\(Default) = (no title provided) -> {HKLM...CLSID} = "Comcast Toolbar" \InProcServer32\(Default) = "E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL" [empty string] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "E:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "E:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "E:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{e7593602-124b-47c9-9f73-a69308edc973}" = "Shell Extension for DrWeb" -> {HKLM...CLSID} = "Shell Extension for DrWeb" \InProcServer32\(Default) = "E:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ DrWMenuHandlers\(Default) = "{e7593602-124b-47c9-9f73-a69308edc973}" -> {HKLM...CLSID} = "Shell Extension for DrWeb" \InProcServer32\(Default) = "E:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."] MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "E:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "E:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ DrWMenuHandlers\(Default) = "{e7593602-124b-47c9-9f73-a69308edc973}" -> {HKLM...CLSID} = "Shell Extension for DrWeb" \InProcServer32\(Default) = "E:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."] MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "E:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data] Default executables: -------------------- HKCU\Software\Classes\piffile\ Group Policies {GPedit.msc branch and setting}: ------------------ Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "E:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "Mike" & "All Users" startup folders: ------------------------- E:\Documents and Settings\All Users\Start Menu\Programs\Startup "NkbMonitor.exe" -> shortcut to: "E:\Program Files\Nikon\PictureProject\NkbMonitor.exe" ["Nikon Corporation"] "Post-it® Software Notes" -> shortcut to: "E:\Program Files\3M\PSNotes2\Psn2.exe -RegRun" ["3M"] Winsock2 Service Provider DLLs: -- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: E:\WINDOWS\system32\DRWEBSP.DLL ["Doctor Web, Ltd."], 01 - 05, 30 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 29 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------- Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{4982D40A-C53B-4615-B15B-B5B5E98D167C}" -> {HKLM...CLSID} = "AOL Toolbar" \InProcServer32\(Default) = "E:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"] "{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" -> {HKLM...CLSID} = "Comcast Toolbar" \InProcServer32\(Default) = "E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL" [empty string] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{4982D40A-C53B-4615-B15B-B5B5E98D167C}" = (no title provided) -> {HKLM...CLSID} = "AOL Toolbar" \InProcServer32\(Default) = "E:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"] "{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" = (no title provided) -> {HKLM...CLSID} = "Comcast Toolbar" \InProcServer32\(Default) = "E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL" [empty string] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "E:\WINDOWS\System32\Shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {4982D40A-C53B-4615-B15B-B5B5E98D167C}\ "ButtonText" = "AOL Toolbar" "MenuText" = "AOL Toolbar" "CLSIDExtension" = "{4982D40A-C53B-4615-B15B-B5B5E98D167C}" -> {HKLM...CLSID} = "AOL Toolbar" \InProcServer32\(Default) = "E:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): -------- AOL Connectivity Service, AOL ACS, ""E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["AOL LLC"] AOL TopSpeed Monitor, AOL TopSpeedMonitor, "E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" ["America Online, Inc"] iPodService, iPodService, "E:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] Machine Debug Manager, MDM, ""E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] SpIDer Guard for Windows, SPIDERNT, "E:\PROGRA~1\DrWeb\spidernt.exe" ["Doctor Web, Ltd."] Windows User Mode Driver Framework, UMWdf, "E:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor i900D\Driver = "CNMLM5e.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2007-10-25 06:17:44) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 54 seconds, including 25 seconds for message boxes)

0

i gonna be out of town till sunday night. thats what i got though. thanks for all your help. hopefully we can get this taken care of soon

0

im back in town and ready to try more stuff. let me know what all those 16 things it found were. maybe the problem is in there. thanks. hope to hear from you soon

0

The log produced by the following scan will be extemely long so if needed make two post to get all the log posted. Please download WinPFind3u.exe by oldtimer to your desktop and extract all files. It will create a folder named WinPFind3u on your desktop. Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. In the Processes group click ALL In the Win32 Services group click ALL In the Driver Services group click ALL In the Registry group click ALL In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED In the File String Search group select ALL in the Additional scans sections please press select ALL Now click the Run Scan button on the toolbar. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it. Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. Copy and paste the information in the quote box below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes. Post the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log) back here

0

my computer is randomly rebooting now for no reason. the last program you wanted me to run, winpfind3u, freezes when i copy the text into the fix box here is what it showed up though [Processes - All] smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] svchost.exe -> %System32%\svchost.exe [E:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] -> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:50 PM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] svchost.exe -> %System32%\svchost.exe [E:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] -> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:50 PM | Attr = ] svchost.exe -> %System32%\svchost.exe [E:\WINDOWS\SYSTEM32\SVCHOST.exe -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] -> %System32%\appmgmts.dll [AppMgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 167936 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] -> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] -> C:\WINDOWS\system32\qmgr.dll [BITS] -> File not found -> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] -> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] -> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 5:59:42 AM | Attr = ] -> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] -> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] -> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 9:39:46 PM | Attr = ] -> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ] -> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found -> %System32%\hidserv.dll [HidServ] -> File not found -> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 12:32:34 PM | Attr = ] -> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 5:28:28 AM | Attr = ] -> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] -> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 11:29:46 AM | Attr = ] -> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] -> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] -> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] -> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 3:47:18 AM | Attr = ] -> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] -> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] -> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] -> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] -> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] -> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ] -> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] -> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 9:27:56 AM | Attr = ] -> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ] -> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] -> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] -> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] -> %System32%\mspmsnsv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 10.0.3790.3802 | Size = 25088 bytes | Modified Date = 1/28/2005 1:44:28 PM | Attr = ] -> %System32%\advapi32.dll [Wmi] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 616960 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] -> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] -> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] -> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] -> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] svchost.exe -> %System32%\svchost.exe [E:\WINDOWS\SYSTEM32\SVCHOST.exe -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] -> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] svchost.exe -> %System32%\svchost.exe [E:\WINDOWS\SYSTEM32\SVCHOST.exe -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] -> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] -> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] -> %System32%\regsvc.dll [RemoteRegistry] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] -> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] -> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 2/5/2007 1:17:02 PM | Attr = ] -> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 8:35:06 PM | Attr = ] spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 4:53:32 PM | Attr = ] explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:23:08 AM | Attr = ] aolsoftware.exe -> %CommonProgramFiles%\AOL\1156714696\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 5:52:48 PM | Attr = ] ctdvddet.exe -> %ProgramFiles%\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/18/2003 1:00:00 AM | Attr = ] ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.2.0 | Size = 57344 bytes | Modified Date = 2/15/2005 4:10:16 PM | Attr = ] dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 6/16/2005 6:25:28 PM | Attr = ] cthelper.exe -> %SystemRoot%\CTHELPER.exe -> Creative Technology Ltd [Ver = 2, 0, 0, 29 | Size = 16384 bytes | Modified Date = 6/17/2005 11:01:42 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 5:50:36 AM | Attr = R ] aolsp scheduler.exe -> %CommonProgramFiles%\AOL\1156714696\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe -> [Ver = | Size = 1536 bytes | Modified Date = 10/23/2006 12:04:42 PM | Attr = ] aolsoftware.exe -> %CommonProgramFiles%\AOL\1156714696\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 5:52:48 PM | Attr = ] aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 1:54:14 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/21/2006 6:25:08 PM | Attr = ] mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.exe -> Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Modified Date = 6/20/2003 5:00:00 AM | Attr = ] aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 1:54:12 PM | Attr = ] nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 131139 bytes | Modified Date = 3/13/2006 7:58:38 PM | Attr = ] spiderui.exe -> %ProgramFiles%\DrWeb\spiderui.exe -> Doctor Web, Ltd. [Ver = 4.44.4.09260 | Size = 214552 bytes | Modified Date = 10/1/2007 5:17:46 PM | Attr = ] spiderml.exe -> %ProgramFiles%\DrWeb\spiderml.exe -> Doctor Web, Ltd. [Ver = 4.44.0.09131 | Size = 361712 bytes | Modified Date = 9/19/2007 5:07:12 PM | Attr = ] drwebscd.exe -> %ProgramFiles%\DrWeb\drwebscd.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 4090 | Size = 130552 bytes | Modified Date = 9/19/2007 5:04:22 PM | Attr = ] spidernt.exe -> %ProgramFiles%\DrWeb\spidernt.exe -> Doctor Web, Ltd. [Ver = 4.44.4.09260 | Size = 218648 bytes | Modified Date = 10/1/2007 5:17:44 PM | Attr = ] ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] svchost.exe -> %System32%\svchost.exe [E:\WINDOWS\SYSTEM32\SVCHOST.exe -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] -> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/19/2006 11:16:48 AM | Attr = ] wdfmgr.exe -> %System32%\wdfmgr.exe -> Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Modified Date = 1/28/2005 1:44:28 PM | Attr = ] nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 2, 0, 23 | Size = 94208 bytes | Modified Date = 8/22/2006 9:52:02 AM | Attr = ] nkbmonitor.exe -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 7, 5, 3000 | Size = 118784 bytes | Modified Date = 11/29/2006 5:48:22 PM | Attr = ] generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> Teleca Software Solutions [Ver = 1, 0, 3, 2 | Size = 385024 bytes | Modified Date = 8/10/2005 8:54:34 AM | Attr = R ] alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] epmworker.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -> Sony Ericsson Mobile Communications AB [Ver = 1, 2, 0,1164 | Size = 860160 bytes | Modified Date = 7/7/2005 10:45:10 PM | Attr = R ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.8: 2007100816 | Size = 7648616 bytes | Modified Date = 10/20/2007 11:27:30 AM | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ] [Win32 Services - All] (Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 5:50:36 AM | Attr = R ] (AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 1:54:14 PM | Attr = ] (AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> Microsoft Corporation [Ver = 1.1.4322.2032 | Size = 32768 bytes | Modified Date = 7/15/2004 1:49:26 AM | Attr = ] (AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (Browser) Computer Browser [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5632 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] (ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] (COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] (CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] (dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] (EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150016 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 323584 bytes | Modified Date = 10/18/2005 12:58:40 PM | Attr = ] (lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.exe -> Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Modified Date = 6/20/2003 5:00:00 AM | Attr = ] (Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 32768 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 6144 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] (MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 5/4/2005 2:45:36 PM | Attr = ] (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 2, 10, 0 | Size = 208896 bytes | Modified Date = 8/8/2006 9:15:50 PM | Attr = ] (NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] (NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] (Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 131139 bytes | Modified Date = 3/13/2006 7:58:38 PM | Attr = ] (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.exe -> Microsoft Corporation [Ver = 11.0.5525 | Size = 89136 bytes | Modified Date = 6/20/2003 5:00:00 AM | Attr = ] (PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] (PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] (RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95744 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] (Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (SPIDERNT) SpIDer Guard for Windows [Win32_Own | Auto | Running] -> %ProgramFiles%\DrWeb\spidernt.exe -> Doctor Web, Ltd. [Ver = 4.44.4.09260 | Size = 218648 bytes | Modified Date = 10/1/2007 5:17:44 PM | Attr = ] (Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 4:53:32 PM | Attr = ] (srservice) System Restore Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] (SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89600 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] (TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %System32%\tlntsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %System32%\wdfmgr.exe -> Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Modified Date = 1/28/2005 1:44:28 PM | Attr = ] (upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18432 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 289792 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 126464 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (wscsvc) Security Center [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] (xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] [Driver Services - All] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 187776 bytes | Modified Date = 8/3/2004 11:07:38 PM | Attr = ] (ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %System32%\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.2180 | Size = 142464 bytes | Modified Date = 2/14/2006 5:22:26 PM | Attr = ] (AFD) AFD Networking Support Environment [Kernel | System | Running] -> %System32%\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 138496 bytes | Modified Date = 8/3/2004 11:14:14 PM | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\arp1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/3/2004 10:58:30 PM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:05:04 PM | Attr = ] (atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95360 bytes | Modified Date = 8/3/2004 10:59:42 PM | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/3/2004 10:58:30 PM | Attr = ] (audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 8/17/2001 6:59:44 AM | Attr = ] (Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (Bridge) MAC Bridge [Kernel | On_Demand | Stopped] -> %System32%\drivers\bridge.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71552 bytes | Modified Date = 8/3/2004 10:59:58 PM | Attr = ] (BridgeMP) MAC Bridge Miniport [Kernel | On_Demand | Stopped] -> %System32%\drivers\bridge.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71552 bytes | Modified Date = 8/3/2004 10:59:58 PM | Attr = ] (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Mike\LOCALS~1\Temp\catchme.sys -> File not found (cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63744 bytes | Modified Date = 8/3/2004 11:14:10 PM | Attr = ] (Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:52 PM | Attr = ] (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %System32%\drivers\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.1161-2.08.0070 | Size = 501760 bytes | Modified Date = 6/17/2005 10:53:04 PM | Attr = R ] (ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1161-2.08.0070 | Size = 438784 bytes | Modified Date = 6/17/2005 10:53:28 PM | Attr = R ] (ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ctdvda2k.sys -> Creative Technology Ltd [Ver = 5.13.01.0461-1.56.0910 | Size = 340176 bytes | Modified Date = 6/7/2005 6:00:16 AM | Attr = R ] (ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1161-2.08.0070 | Size = 7168 bytes | Modified Date = 6/17/2005 10:53:28 PM | Attr = R ] (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1161-2.08.0070 | Size = 142336 bytes | Modified Date = 6/17/2005 10:53:08 PM | Attr = R ] (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36352 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:16 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\dmusic.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52864 bytes | Modified Date = 8/3/2004 11:07:38 PM | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2944 bytes | Modified Date = 8/3/2004 11:07:58 PM | Attr = ] (emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %System32%\drivers\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1161-2.08.0070 | Size = 77824 bytes | Modified Date = 6/17/2005 10:53:08 PM | Attr = R ] (Fastfat) Fastfat [File_System | Disabled | Stopped] -> %System32%\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/3/2004 11:14:16 PM | Attr = ] (Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27392 bytes | Modified Date = 8/3/2004 10:59:28 PM | Attr = ] (Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %System32%\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/3/2004 10:59:28 PM | Attr = ] (FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\drivers\fltmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2978 (xpsp_sp2_gdr.060821-0039) | Size = 128896 bytes | Modified Date = 8/21/2006 2:14:58 AM | Attr = ] (Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Stopped] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 2:21:04 AM | Attr = ] (Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %System32%\drivers\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35072 bytes | Modified Date = 8/3/2004 11:04:12 PM | Attr = ] (ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ha10kx2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1161-2.08.0070 | Size = 751104 bytes | Modified Date = 6/17/2005 10:53:16 PM | Attr = R ] (hap16v2k) Creative P16V HAL Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\haP16v2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1161-2.08.0070 | Size = 153088 bytes | Modified Date = 6/17/2005 10:53:16 PM | Attr = R ] (hap17v2k) Creative P17V HAL Driver [Kernel | On_Demand | Running] -> %System32%\drivers\haP17v2k.sys -> Creative Technology Ltd [Ver = 5.12.01.1161-2.08.0070 | Size = 178688 bytes | Modified Date = 6/17/2005 10:53:16 PM | Attr = R ] (hidusb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> %System32%\drivers\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (HTTP) HTTP [Kernel | On_Demand | Running] -> %System32%\drivers\http.sys -> Microsoft Corporation [Ver = 5.1.2600.2869 (xpsp_sp2_gdr.060316-1512) | Size = 262784 bytes | Modified Date = 3/16/2006 5:33:10 PM | Attr = ] (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\drivers\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52736 bytes | Modified Date = 8/3/2004 11:14:36 PM | Attr = ] (Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %System32%\drivers\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41856 bytes | Modified Date = 8/3/2004 11:00:16 PM | Attr = ] (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found (intelppm) Intel Processor Driver [Kernel | System | Running] -> %System32%\drivers\intelppm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36096 bytes | Modified Date = 8/3/2004 10:59:20 PM | Attr = ] (ip6fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ip6fw.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29056 bytes | Modified Date = 8/3/2004 11:00:06 PM | Attr = ] (IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/3/2004 11:04:46 PM | Attr = ] (IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %System32%\drivers\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.2524 (xpsp_sp2_gdr.040919-1056) | Size = 134912 bytes | Modified Date = 9/29/2004 3:28:38 PM | Attr = ] (IPSec) IPSEC driver [Kernel | System | Running] -> %System32%\drivers\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74752 bytes | Modified Date = 8/3/2004 11:14:28 PM | Attr = ] (IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11264 bytes | Modified Date = 8/3/2004 11:00:46 PM | Attr = ] (isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\isapnp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\drivers\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/3/2004 10:58:32 PM | Attr = ] (kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Stopped] -> %System32%\drivers\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 172416 bytes | Modified Date = 6/14/2006 1:47:46 AM | Attr = ] (KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92032 bytes | Modified Date = 8/3/2004 10:59:48 PM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (MEMSWEEP2) MEMSWEEP2 [Kernel | On_Demand | Stopped] -> %System32%\113.tmp -> File not found (mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\mnmdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (Modem) Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30080 bytes | Modified Date = 8/3/2004 11:08:06 PM | Attr = ] (Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\drivers\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/3/2004 10:58:32 PM | Attr = ] (moufiltr) Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\moufiltr.sys -> Chic Tech. [Ver = 1.00 | Size = 62592 bytes | Modified Date = 1/13/2007 11:22:14 PM | Attr = ] (mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mouhid.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (MountMgr) Mount Point Manager [Kernel | Boot | Running] -> %System32%\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/3/2004 10:58:30 PM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %System32%\drivers\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 181248 bytes | Modified Date = 8/3/2004 11:00:56 PM | Attr = ] (MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\drivers\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 453120 bytes | Modified Date = 5/5/2006 2:41:46 AM | Attr = ] (Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19072 bytes | Modified Date = 8/3/2004 11:00:42 PM | Attr = ] (MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mskssrv.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 7552 bytes | Modified Date = 8/3/2004 10:58:42 PM | Attr = ] (MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspclock.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5376 bytes | Modified Date = 8/3/2004 10:58:38 PM | Attr = ] (MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspqm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4992 bytes | Modified Date = 8/3/2004 10:58:40 PM | Attr = ] (mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mssmbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/3/2004 11:07:48 PM | Attr = ] (Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 107904 bytes | Modified Date = 8/3/2004 11:15:20 PM | Attr = ] (NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 182912 bytes | Modified Date = 8/3/2004 11:14:28 PM | Attr = ] (NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndistapi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12928 bytes | Modified Date = 8/3/2004 11:03:12 PM | Attr = ] (NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 91776 bytes | Modified Date = 8/3/2004 11:14:32 PM | Attr = ] (NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\ndproxy.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (NetBIOS) NetBIOS Interface [File_System | System | Running] -> %System32%\drivers\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/3/2004 11:03:22 PM | Attr = ] (NetBT) NetBios over Tcpip [Kernel | System | Running] -> %System32%\drivers\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162816 bytes | Modified Date = 8/3/2004 11:14:38 PM | Attr = ] (NIC1394) 1394 Net Driver [Kernel | On_Demand | Running] -> %System32%\drivers\nic1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61824 bytes | Modified Date = 8/3/2004 10:58:30 PM | Attr = ] (Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30848 bytes | Modified Date = 8/3/2004 11:00:44 PM | Attr = ] (Ntfs) Ntfs [File_System | Disabled | Running] -> %System32%\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.3081 (xpsp_sp2_gdr.070209-0028) | Size = 574464 bytes | Modified Date = 2/9/2007 4:10:36 AM | Attr = ] (Null) Null [Kernel | System | Running] -> %System32%\drivers\null.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8185 | Size = 3530432 bytes | Modified Date = 3/13/2006 7:58:34 PM | Attr = ] (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (NwlnkIpx) NWLink IPX/SPX/NetBIOS Compatible Transport Protocol [Kernel | Auto | Running] -> %System32%\drivers\nwlnkipx.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 88448 bytes | Modified Date = 8/3/2004 11:03:36 PM | Attr = ] (NwlnkNb) NWLink NetBIOS [Kernel | Auto | Running] -> %System32%\drivers\nwlnknb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 63232 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (NwlnkSpx) NWLink SPX/SPXII Protocol [Kernel | Auto | Running] -> %System32%\drivers\nwlnkspx.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 55936 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (ohci1394) VIA OHCI Compliant IEEE 1394 Host Controller [Kernel | Boot | Running] -> %System32%\drivers\ohci1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61056 bytes | Modified Date = 8/3/2004 11:10:08 PM | Attr = ] (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.1161-2.08.0070 | Size = 114688 bytes | Modified Date = 6/17/2005 10:53:14 PM | Attr = R ] (Parport) Parallel port driver [Kernel | On_Demand | Running] -> %System32%\drivers\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80128 bytes | Modified Date = 8/3/2004 10:59:06 PM | Attr = ] (PartMgr) Partition Manager [Kernel | Boot | Running] -> %System32%\drivers\partmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (ParVdm) ParVdm [Kernel | Auto | Running] -> %System32%\drivers\parvdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6784 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68224 bytes | Modified Date = 8/3/2004 11:07:46 PM | Attr = ] (PciCon) PciCon [Kernel | On_Demand | Stopped] -> D:\PciCon.sys -> File not found (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PCIIde) PCIIde [Kernel | Boot | Running] -> %System32%\drivers\pciide.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3328 bytes | Modified Date = 8/17/2001 1:51:52 PM | Attr = ] (Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %System32%\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119936 bytes | Modified Date = 8/3/2004 11:07:46 PM | Attr = ] (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (pfc) Padus ASPI Shell [Kernel | On_Demand | Stopped] -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 202 | Size = 9856 bytes | Modified Date = 9/10/2006 12:22:58 PM | Attr = ] (PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\drivers\pfmodnt.sys -> Creative Technology Ltd. [Ver = 3.0.0.11 | Size = 9216 bytes | Modified Date = 6/17/2005 11:06:28 PM | Attr = R ] (PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %System32%\drivers\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48384 bytes | Modified Date = 8/3/2004 11:14:26 PM | Attr = ] (Processor) Processor Driver [Kernel | System | Stopped] -> %System32%\drivers\processr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35328 bytes | Modified Date = 8/3/2004 10:59:18 PM | Attr = ] (PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %System32%\drivers\psched.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:04:20 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/7/2007 4:51:00 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql128

0

< Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11655 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\BitLord\BitLord.exe -> E:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FCDFA58E-FF3D-4542-A3BC-2559B5910AAC} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{BA161D57-0846-4CFD-9EA7-A74D9AF34034} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> E:\WINDOWS\System32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> BootExecute -> autocheck autochk *; -> < Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> ComSpec -> E:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> TMP -> %SystemRoot%\TEMP -> windir -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %systemroot%\system32 -> -> %systemroot% -> -> %systemroot%\system32\wbem -> -> E:\Program Files\Common Files\Teleca Shared -> -> E:\Program Files\QuickTime\QTSystem -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> .EXE -> -> .BAT -> -> .CMD -> -> .VBS -> -> .VBE -> -> .JS -> -> .JSE -> -> .WSF -> -> .WSH -> -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> batfile [edit] -> %SystemRoot%\System32\NOTEPAD.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] batfile [open] -> "%1" %* -> batfile [print] -> %SystemRoot%\System32\NOTEPAD.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 5/26/2005 4:22:02 PM | Attr = ] cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] cmdfile [open] -> "%1" %* -> cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] comfile [open] -> "%1" %* -> cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ] exefile [open] -> "%1" %* -> helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/23/2001 2:00:00 PM | Attr = ] htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] htmlfile [edit] -> Reg Data - Key not found -> htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 3058176 bytes | Modified Date = 8/22/2007 6:12:18 AM | Attr = ] http [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.exe -requestPending -osint -url "%1" -> Mozilla Corporation [Ver = 1.8.1.8: 2007100816 | Size = 7648616 bytes | Modified Date = 10/20/2007 11:27:30 AM | Attr = ] https [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.exe -requestPending -osint -url "%1" -> Mozilla Corporation [Ver = 1.8.1.8: 2007100816 | Size = 7648616 bytes | Modified Date = 10/20/2007 11:27:30 AM | Attr = ] inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] inffile [open] -> %SystemRoot%\System32\NOTEPAD.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] inffile [print] -> %SystemRoot%\System32\NOTEPAD.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] inifile [open] -> %SystemRoot%\System32\NOTEPAD.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] inifile [print] -> %SystemRoot%\System32\NOTEPAD.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 1494528 bytes | Modified Date = 8/22/2007 6:12:18 AM | Attr = ] InternetShortcut [print] -> rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 3058176 bytes | Modified Date = 8/22/2007 6:12:18 AM | Attr = ] jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] piffile [open] -> "%1" %* -> regfile [edit] -> %SystemRoot%\system32\NOTEPAD.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] regfile [merge] -> Reg Data - Key not found -> regfile [print] -> %SystemRoot%\system32\NOTEPAD.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] scrfile [open] -> "%1" /S -> txtfile [edit] -> Reg Data - Key not found -> txtfile [open] -> %SystemRoot%\system32\NOTEPAD.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] txtfile [print] -> %SystemRoot%\system32\NOTEPAD.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 12:56:54 AM | Attr = ] wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ] Directory [ACDBrowse] -> "%ProgramFiles%\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" -> ACD Systems Ltd. [Ver = 6,0,24,11 | Size = 5644288 bytes | Modified Date = 6/23/2005 5:18:46 PM | Attr = ] Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:23:08 AM | Attr = ] Directory [Winamp.Bookmark] -> "%ProgramFiles%\Winamp\winamp.exe" /BOOKMARK "%1" -> Nullsoft [Ver = 5,3,5,1305 | Size = 1137664 bytes | Modified Date = 5/14/2007 3:23:58 PM | Attr = ] Directory [Winamp.Enqueue] -> "%ProgramFiles%\Winamp\winamp.exe" /ADD "%1" -> Nullsoft [Ver = 5,3,5,1305 | Size = 1137664 bytes | Modified Date = 5/14/2007 3:23:58 PM | Attr = ] Directory [Winamp.Play] -> "%ProgramFiles%\Winamp\winamp.exe" "%1" -> Nullsoft [Ver = 5,3,5,1305 | Size = 1137664 bytes | Modified Date = 5/14/2007 3:23:58 PM | Attr = ] Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:23:08 AM | Attr = ] Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:23:08 AM | Attr = ] Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:23:08 AM | Attr = ] Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> File not found < Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> < Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> < Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {0384D907-8F5A-48ad-9FFE-55196F6B4E1B} -> Tenomichi 3D Edit -> {18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate -> {2F351A97-7BAC-4045-80A4-3527805E1033} -> Nero 7 Ultra Edition -> {3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6 -> {3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java(TM) 6 Update 2 -> {3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3 -> {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP -> {3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} -> QuickTime -> {45534579-B75B-4A42-953B-2EF8E1DEB4F3} -> Microsoft XML Parser -> {5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB} -> Disc2Phone -> {716E0306-8318-4364-8B8F-0CC4E9376BAC} -> MSXML 4.0 SP2 Parser and SDK -> {7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec -> {8338BA06-E527-491B-9400-F51708FEE695} -> iPod for Windows 2005-11-17 -> {872653C6-5DDC-488B-B7C2-CF9E4D9335E5} -> iTunes -> {8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player -> {90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 -> {94FB906A-CF42-4128-A509-D353026A607E} -> REALTEK Gigabit and Fast Ethernet NIC Driver -> {A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE} -> Sound Blaster Audigy 4 -> {B13A7C41581B411290FBC0395694E2A9} -> DivX Converter -> {B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player -> {BBE2F69C-4338-11D7-8F0C-00A0244F4E2D} -> Dr.Web -> {BCE72AED-3332-4863-9567-C5DCB9052CA2} -> Netflix Movie Viewer -> {BF6C70DB-7E1E-4A85-B668-F4E80C3CA349} -> Condemned - Criminal Origins Demo -> {C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181) -> {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 -> {D050D7362D214723AD585B541FFB6C11} -> DivX Content Uploader -> {D2FCC1AE-6311-47C5-8130-C6C66D77DD71} -> Nikon Message Center -> {D8320DD6-FE47-41DE-B116-4158B7AE3F37} -> ACDSee for PENTAX 2.0 -> {E67FF1A2-23C1-4102-84E9-42115F77AD32} -> UltraMon -> {EE28E1DC-A319-4DFE-B8ED-BEE329D377A4} -> Sony Ericsson PC Suite 1.10.21 -> {FF3999BE-1A7B-4738-88AA-97BF14094A4A} -> PictureProject -> Ad-Aware SE Personal -> Ad-Aware SE Personal -> Adobe Acrobat 5.0 -> Adobe Acrobat 5.0 -> Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX -> Adobe Flash Player Plugin -> Adobe Flash Player Plugin -> Adobe Shockwave Player -> Adobe Shockwave Player -> All ATI Software -> ATI - Software Uninstall Utility -> AOL Deskbar -> AOL Deskbar -> AOL Toolbar -> AOL Toolbar -> AOL Uninstaller -> AOL Uninstaller (Choose which Products to Remove) -> AOL YGP Screensaver -> AOL You've Got Pictures Screensaver -> AolCoach2_en -> AOL Coach Version 2.0(Build:20041026.5 en) -> AviSynth -> AviSynth 2.5 -> BitLord -> BitLord 1.1 -> Browser Mouse -> Browser Mouse -> CANONBJ_Deinstall_CNMCP5e.DLL -> Canon i900D -> ComcastHSI -> Comcast High-Speed Internet Install Wizard -> ComcastToolbar -> Comcast Toolbar -> DVD Decrypter -> DVD Decrypter (Remove Only) -> DVD Shrink_is1 -> DVD Shrink 3.2 -> HijackThis -> HijackThis 2.0.2 -> InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} -> QuickTime -> InstallShield_{8338BA06-E527-491B-9400-F51708FEE695} -> iPod for Windows 2005-11-17 -> InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} -> iTunes -> KB873339 -> Windows XP Hotfix - KB873339 -> KB885835 -> Windows XP Hotfix - KB885835 -> KB885836 -> Windows XP Hotfix - KB885836 -> KB886185 -> Windows XP Hotfix - KB886185 -> KB887472 -> Windows XP Hotfix - KB887472 -> KB888302 -> Windows XP Hotfix - KB888302 -> KB890046 -> Security Update for Windows XP (KB890046) -> KB890859 -> Windows XP Hotfix - KB890859 -> KB891781 -> Windows XP Hotfix - KB891781 -> KB893756 -> Security Update for Windows XP (KB893756) -> KB893803v2 -> Windows Installer 3.1 (KB893803) -> KB896358 -> Security Update for Windows XP (KB896358) -> KB896423 -> Security Update for Windows XP (KB896423) -> KB896424 -> Security Update for Windows XP (KB896424) -> KB896428 -> Security Update for Windows XP (KB896428) -> KB898461 -> Update for Windows XP (KB898461) -> KB899587 -> Security Update for Windows XP (KB899587) -> KB899589 -> Security Update for Windows XP (KB899589) -> KB899591 -> Security Update for Windows XP (KB899591) -> KB900485 -> Update for Windows XP (KB900485) -> KB900725 -> Security Update for Windows XP (KB900725) -> KB901017 -> Security Update for Windows XP (KB901017) -> KB901214 -> Security Update for Windows XP (KB901214) -> KB902400 -> Security Update for Windows XP (KB902400) -> KB904706 -> Security Update for Windows XP (KB904706) -> KB905414 -> Security Update for Windows XP (KB905414) -> KB905749 -> Security Update for Windows XP (KB905749) -> KB908519 -> Security Update for Windows XP (KB908519) -> KB908531 -> Update for Windows XP (KB908531) -> KB910437 -> Update for Windows XP (KB910437) -> KB911280 -> Update for Windows XP (KB911280) -> KB911562 -> Security Update for Windows XP (KB911562) -> KB911564 -> Security Update for Windows Media Player (KB911564) -> KB911565 -> Security Update for Windows Media Player 9 (KB911565) -> KB911927 -> Security Update for Windows XP (KB911927) -> KB912919 -> Security Update for Windows XP (KB912919) -> KB913580 -> Security Update for Windows XP (KB913580) -> KB914388 -> Security Update for Windows XP (KB914388) -> KB914389 -> Security Update for Windows XP (KB914389) -> KB916595 -> Update for Windows XP (KB916595) -> KB917344 -> Security Update for Windows XP (KB917344) -> KB917422 -> Security Update for Windows XP (KB917422) -> KB917734_WMP8 -> Security Update for Windows Media Player 8 (KB917734) -> KB917953 -> Security Update for Windows XP (KB917953) -> KB918118 -> Security Update for Windows XP (KB918118) -> KB919007 -> Security Update for Windows XP (KB919007) -> KB920213 -> Security Update for Windows XP (KB920213) -> KB920670 -> Security Update for Windows XP (KB920670) -> KB920683 -> Security Update for Windows XP (KB920683) -> KB920685 -> Security Update for Windows XP (KB920685) -> KB920872 -> Update for Windows XP (KB920872) -> KB921398 -> Security Update for Windows XP (KB921398) -> KB921503 -> Security Update for Windows XP (KB921503) -> KB921883 -> Security Update for Windows XP (KB921883) -> KB922582 -> Update for Windows XP (KB922582) -> KB922616 -> Security Update for Windows XP (KB922616) -> KB922819 -> Security Update for Windows XP (KB922819) -> KB923191 -> Security Update for Windows XP (KB923191) -> KB923414 -> Security Update for Windows XP (KB923414) -> KB923689 -> Security Update for Windows XP (KB923689) -> KB923980 -> Security Update for Windows XP (KB923980) -> KB924191 -> Security Update for Windows XP (KB924191) -> KB924270 -> Security Update for Windows XP (KB924270) -> KB924496 -> Security Update for Windows XP (KB924496) -> KB924667 -> Security Update for Windows XP (KB924667) -> KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) -> KB925902 -> Security Update for Windows XP (KB925902) -> KB926255 -> Security Update for Windows XP (KB926255) -> KB926436 -> Security Update for Windows XP (KB926436) -> KB927779 -> Security Update for Windows XP (KB927779) -> KB927802 -> Security Update for Windows XP (KB927802) -> KB927891 -> Update for Windows XP (KB927891) -> KB928255 -> Security Update for Windows XP (KB928255) -> KB928843 -> Security Update for Windows XP (KB928843) -> KB929123 -> Security Update for Windows XP (KB929123) -> KB930178 -> Security Update for Windows XP (KB930178) -> KB930916 -> Update for Windows XP (KB930916) -> KB931261 -> Security Update for Windows XP (KB931261) -> KB931784 -> Security Update for Windows XP (KB931784) -> KB932168 -> Security Update for Windows XP (KB932168) -> KB933360 -> Update for Windows XP (KB933360) -> KB933729 -> Security Update for Windows XP (KB933729) -> KB935839 -> Security Update for Windows XP (KB935839) -> KB935840 -> Security Update for Windows XP (KB935840) -> KB936021 -> Security Update for Windows XP (KB936021) -> KB936357 -> Update for Windows XP (KB936357) -> KB936782_WMP9 -> Security Update for Windows Media Player 9 (KB936782) -> KB937143 -> Security Update for Windows XP (KB937143) -> KB938127 -> Security Update for Windows XP (KB938127) -> KB938828 -> Update for Windows XP (KB938828) -> KB938829 -> Security Update for Windows XP (KB938829) -> KB939653 -> Security Update for Windows XP (KB939653) -> KB941202 -> Security Update for Windows XP (KB941202) -> M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366) -> Magic ISO Maker v5.3 (build 0216) -> Magic ISO Maker v5.3 (build 0216) -> Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 -> Mozilla Firefox (2.0.0.8) -> Mozilla Firefox (2.0.0.8) -> Multimedia keyboard utility -> Multimedia keyboard utility -> NVIDIA Drivers -> NVIDIA Drivers -> PCFriendly -> PCFriendly -> Port Magic -> Pure Networks Port Magic -> PSN2 -> Post-it® Software Notes Version 2 -> RealPlayer 6.0 -> RealPlayer -> Sophos-AntiRootkit -> Sophos Anti-Rootkit 1.3.1 -> SysInfo -> Creative System Information -> ViewpointMediaPlayer -> Viewpoint Media Player -> Winamp -> Winamp (remove only) -> Windows Media Format Runtime -> Windows Media Format Runtime -> Windows XP Service Pack -> Windows XP Service Pack 2 -> WinRAR archiver -> WinRAR archiver -> Xilisoft 3GP Video Converter -> Xilisoft 3GP Video Converter -> < WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW -> cmdline -> %SystemRoot%\system32\ntvdm.exe -> wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 -> < EventViewer Logs > -> Errors and Warnings -> Description System - Error - 10/24/2007 5:48:37 PM -> Computer Name = DONS - User Name = (blank) - Source = System Error -> Description = Error code 10000050 parameter1 e6450000 parameter2 00000001 parameter3 ba519d1c parameter4 00000001 System - Error - 10/25/2007 9:29:57 AM -> Computer Name = DONS - User Name = (blank) - Source = System Error -> Description = Error code 10000050 parameter1 e15ce000 parameter2 00000001 parameter3 ba519d1c parameter4 00000001 System - Error - 10/25/2007 9:30:11 AM -> Computer Name = DONS - User Name = (blank) - Source = Service Control Manager -> Description = The Background Intelligent Transfer Service service terminated with the following error 126 System - Error - 10/25/2007 9:30:41 AM -> Computer Name = DONS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 10/25/2007 9:30:41 AM -> Computer Name = DONS - User Name = (blank) - Source = Service Control Manager -> Description = The Background Intelligent Transfer Service service terminated with the following error 126 System - Error - 10/25/2007 9:31:11 AM -> Computer Name = DONS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 10/25/2007 9:31:11 AM -> Computer Name = DONS - User Name = (blank) - Source = Service Control Manager -> Description = The Background Intelligent Transfer Service service terminated with the following error 126 System - Error - 10/25/2007 9:31:41 AM -> Computer Name = DONS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 10/25/2007 11:08:17 PM -> Computer Name = DONS - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized System - Error - 10/28/2007 5:52:57 PM -> Computer Name = - User Name = DONS\Guest - Source = Print -> Description = System - Warning - 10/28/2007 9:25:26 PM -> Computer Name = DONS - User Name = (blank) - Source = Tcpip -> Description = System - Error - 10/29/2007 8:54:51 AM -> Computer Name = - User Name = DONS\Mike - Source = Print -> Description = System - Error - 10/29/2007 4:29:37 PM -> Computer Name = DONS - User Name = DONS\Mike - Source = DCOM -> Description = System - Error - 10/29/2007 4:29:37 PM -> Computer Name = DONS - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the iPodService service to connect System - Error - 10/29/2007 4:29:37 PM -> Computer Name = DONS - User Name = (blank) - Source = Service Control Manager -> Description = The iPodService service failed to start due to the following error 1053 System - Error - 10/29/2007 4:29:51 PM -> Computer Name = DONS - User Name = (blank) - Source = System Error -> Description = Error code 10000050 parameter1 e3fc4000 parameter2 00000001 parameter3 ba519d1c parameter4 00000001 System - Error - 10/29/2007 4:30:11 PM -> Computer Name = DONS - User Name = (blank) - Source = Service Control Manager -> Description = The Background Intelligent Transfer Service service terminated with the following error 126 System - Error - 10/29/2007 4:30:41 PM -> Computer Name = DONS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 10/29/2007 4:30:41 PM -> Computer Name = DONS - User Name = (blank) - Source = Service Control Manager -> Description = The Background Intelligent Transfer Service service terminated with the following error 126 System - Error - 10/29/2007 4:31:11 PM -> Computer Name = DONS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 10/29/2007 4:31:11 PM -> Computer Name = DONS - User Name = (blank) - Source = Service Control Manager -> Description = The Background Intelligent Transfer Service service terminated with the following error 126 System - Error - 10/29/2007 4:31:41 PM -> Computer Name = DONS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 10/29/2007 8:01:54 PM -> Computer Name = - User Name = DONS\Guest - Source = Print -> Description = System - Warning - 10/29/2007 8:02:40 PM -> Computer Name = DONS - User Name = (blank) - Source = Srv -> Description = The server was unable to allocate a work item 1 times in the last 60 seconds [Files/Folders - Created Within 60 days] ComboFix.txt -> %SystemDrive%\ComboFix.txt -> [Ver = | Size = 11201 bytes | Created Date = 10/15/2007 9:18:30 PM | Attr = ] ComboFix2.txt -> %SystemDrive%\ComboFix2.txt -> [Ver = | Size = 9858 bytes | Created Date = 10/10/2007 6:42:01 PM | Attr = ] FEAR_AND_LOATHING -> %SystemDrive%\FEAR_AND_LOATHING -> [Folder | Created Date = 10/15/2007 3:39:12 PM | Attr = ] FRACTURE_WIDESCREEN.ISO -> %SystemDrive%\FRACTURE_WIDESCREEN.ISO -> [Ver = | Size = -1331886080 bytes | Created Date = 10/18/2007 12:18:44 PM | Attr = ] FRACTURE_WIDESCREEN.MDS -> %SystemDrive%\FRACTURE_WIDESCREEN.MDS -> [Ver = | Size = 8432 bytes | Created Date = 10/18/2007 12:29:04 PM | Attr = ] qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 10/10/2007 6:36:04 PM | Attr = ] THE_BIG_LEBOWSKI.ISO -> %SystemDrive%\THE_BIG_LEBOWSKI.ISO -> [Ver = | Size = -429305856 bytes | Created Date = 10/18/2007 12:05:14 PM | Attr = ] THE_BIG_LEBOWSKI.MDS -> %SystemDrive%\THE_BIG_LEBOWSKI.MDS -> [Ver = | Size = 8429 bytes | Created Date = 10/18/2007 12:16:33 PM | Attr = ] THE_REAPING.ISO -> %SystemDrive%\THE_REAPING.ISO -> [Ver = | Size = 259805184 bytes | Created Date = 10/24/2007 7:36:54 PM | Attr = ] THE_REAPING.MDS -> %SystemDrive%\THE_REAPING.MDS -> [Ver = | Size = 4324 bytes | Created Date = 10/24/2007 7:42:41 PM | Attr = ] TRANSFORMERS_VANILLA.ISO -> %SystemDrive%\TRANSFORMERS_VANILLA.ISO -> [Ver = | Size = -486688768 bytes | Created Date = 10/24/2007 7:55:36 PM | Attr = ] TRANSFORMERS_VANILLA.MDS -> %SystemDrive%\TRANSFORMERS_VANILLA.MDS -> [Ver = | Size = 8433 bytes | Created Date = 10/24/2007 8:06:48 PM | Attr = ] $NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 8/31/2007 10:35:38 AM | Attr = H ] $NtUninstallKB887472$ -> %SystemRoot%\$NtUninstallKB887472$ -> [Folder | Created Date = 8/31/2007 10:38:31 AM | Attr = H ] $NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 8/31/2007 10:39:32 AM | Attr = H ] $NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 8/31/2007 10:35:33 AM | Attr = H ] $NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 8/31/2007 10:36:10 AM | Attr = H ] $NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 8/31/2007 10:35:54 AM | Attr = H ] $NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 8/31/2007 10:36:35 AM | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 8/31/2007 10:38:40 AM | Attr = H ] $NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 8/31/2007 10:36:17 AM | Attr = H ] $NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Created Date = 8/31/2007 10:35:22 AM | Attr = H ] $NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Created Date = 8/31/2007 10:39:58 AM | Attr = H ] $NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 8/31/2007 10:39:24 AM | Attr = H ] $NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 8/31/2007 10:39:38 AM | Attr = H ] $NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 8/31/2007 10:38:17 AM | Attr = H ] $NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 8/31/2007 10:37:51 AM | Attr = H ] $NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 8/31/2007 10:36:05 AM | Attr = H ] $NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 8/31/2007 10:36:41 AM | Attr = H ] $NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 8/31/2007 10:40:41 AM | Attr = H ] $NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 8/31/2007 10:40:34 AM | Attr = H ] $NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 8/31/2007 10:38:55 AM | Attr = H ] $NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 8/31/2007 10:40:20 AM | Attr = H ] $NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 8/31/2007 10:34:31 AM | Attr = H ] $NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 8/31/2007 10:37:41 AM | Attr = H ] $NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 8/31/2007 10:36:28 AM | Attr = H ] $NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 8/31/2007 10:35:28 AM | Attr = H ] $NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 8/31/2007 10:39:19 AM | Attr = H ] $NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 8/31/2007 10:40:06 AM | Attr = H ] $NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 8/31/2007 10:36:23 AM | Attr = H ] $NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 8/31/2007 10:35:48 AM | Attr = H ] $NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/10/2007 2:01:41 AM | Attr = H ] $NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 8/31/2007 10:34:38 AM | Attr = H ] $NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 8/31/2007 10:35:43 AM | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 8/31/2007 10:39:51 AM | Attr = H ] $NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Created Date = 8/31/2007 10:38:49 AM | Attr = H ] $NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 8/31/2007 10:39:12 AM | Attr = H ] $NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 8/31/2007 10:34:51 AM | Attr = H ] $NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 8/31/2007 10:36:00 AM | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 8/31/2007 10:39:45 AM | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 8/31/2007 10:38:24 AM | Attr = H ] $NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Created Date = 10/10/2007 2:01:27 AM | Attr = H ] $NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/10/2007 2:00:26 AM | Attr = H ] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 135168 bytes | Created Date = 10/10/2007 6:35:40 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 10/10/2007 6:35:56 PM | Attr = ] KB886185.log -> %SystemRoot%\KB886185.log -> [Ver = | Size = 13730 bytes | Created Date = 8/31/2007 10:35:38 AM | Attr = ] KB887472.log -> %SystemRoot%\KB887472.log -> [Ver = | Size = 24666 bytes | Created Date = 8/31/2007 9:52:38 AM | Attr = ] KB900485.log -> %SystemRoot%\KB900485.log -> [Ver = | Size = 28390 bytes | Created Date = 8/31/2007 9:52:49 AM | Attr = ] KB916595.log -> %SystemRoot%\KB916595.log -> [Ver = | Size = 18538 bytes | Created Date = 8/31/2007 9:51:50 AM | Attr = ] KB918118.log -> %SystemRoot%\KB918118.log -> [Ver = | Size = 21338 bytes | Created Date = 8/31/2007 9:52:04 AM | Attr = ] KB920213.log -> %SystemRoot%\KB920213.log -> [Ver = | Size = 20611 bytes | Created Date = 8/31/2007 9:51:59 AM | Attr = ] KB920872.log -> %SystemRoot%\KB920872.log -> [Ver = | Size = 24177 bytes | Created Date = 8/31/2007 9:52:11 AM | Attr = ] KB921503.log -> %SystemRoot%\KB921503.log -> [Ver = | Size = 25830 bytes | Created Date = 8/31/2007 9:52:39 AM | Attr = ] KB922582.log -> %SystemRoot%\KB922582.log -> [Ver = | Size = 17338 bytes | Created Date = 8/31/2007 10:36:16 AM | Attr = ] KB923689.log -> %SystemRoot%\KB923689.log -> [Ver = | Size = 16013 bytes | Created Date = 8/31/2007 10:35:02 AM | Attr = ] KB923980.log -> %SystemRoot%\KB923980.log -> [Ver = | Size = 29272 bytes | Created Date = 8/31/2007 9:52:59 AM | Attr = ] KB924270.log -> %SystemRoot%\KB924270.log -> [Ver = | Size = 27970 bytes | Created Date = 8/31/2007 9:52:48 AM | Attr = ] KB924667.log -> %SystemRoot%\KB924667.log -> [Ver = | Size = 25465 bytes | Created Date = 8/31/2007 9:52:54 AM | Attr = ] KB925398.log -> %SystemRoot%\KB925398.log -> [Ver = | Size = 21858 bytes | Created Date = 8/31/2007 10:38:00 AM | Attr = ] KB925902.log -> %SystemRoot%\KB925902.log -> [Ver = | Size = 26019 bytes | Created Date = 8/31/2007 9:52:33 AM | Attr = ] KB926255.log -> %SystemRoot%\KB926255.log -> [Ver = | Size = 20616 bytes | Created Date = 8/31/2007 9:52:03 AM | Attr = ] KB926436.log -> %SystemRoot%\KB926436.log -> [Ver = | Size = 22374 bytes | Created Date = 8/31/2007 9:52:19 AM | Attr = ] KB927779.log -> %SystemRoot%\KB927779.log -> [Ver = | Size = 33153 bytes | Created Date = 8/31/2007 9:53:14 AM | Attr = ] KB927802.log -> %SystemRoot%\KB927802.log -> [Ver = | Size = 30248 bytes | Created Date = 8/31/2007 9:53:12 AM | Attr = ] KB927891.log -> %SystemRoot%\KB927891.log -> [Ver = | Size = 21395 bytes | Created Date = 8/31/2007 10:38:54 AM | Attr = ] KB928255.log -> %SystemRoot%\KB928255.log -> [Ver = | Size = 30066 bytes | Created Date = 8/31/2007 9:53:08 AM | Attr = ] KB928843.log -> %SystemRoot%\KB928843.log -> [Ver = | Size = 12389 bytes | Created Date = 8/31/2007 9:51:29 AM | Attr = ] KB929123.log -> %SystemRoot%\KB929123.log -> [Ver = | Size = 24752 bytes | Created Date = 8/31/2007 9:52:31 AM | Attr = ] KB930178.log -> %SystemRoot%\KB930178.log -> [Ver = | Size = 22677 bytes | Created Date = 8/31/2007 9:52:09 AM | Attr = ] KB930916.log -> %SystemRoot%\KB930916.log -> [Ver = | Size = 18718 bytes | Created Date = 8/31/2007 9:51:49 AM | Attr = ] KB931261.log -> %SystemRoot%\KB931261.log -> [Ver = | Size = 26184 bytes | Created Date = 8/31/2007 9:52:46 AM | Attr = ] KB931784.log -> %SystemRoot%\KB931784.log -> [Ver = | Size = 30350 bytes | Created Date = 8/31/2007 9:53:01 AM | Attr = ] KB932168.log -> %SystemRoot%\KB932168.log -> [Ver = | Size = 23506 bytes | Created Date = 8/31/2007 9:52:07 AM | Attr = ] KB933360.log -> %SystemRoot%\KB933360.log -> [Ver = | Size = 29884 bytes | Created Date = 8/31/2007 9:51:57 AM | Attr = ] KB933729.log -> %SystemRoot%\KB933729.log -> [Ver = | Size = 10631 bytes | Created Date = 10/10/2007 2:01:40 AM | Attr = ] KB935839.log -> %SystemRoot%\KB935839.log -> [Ver = | Size = 13133 bytes | Created Date = 8/31/2007 9:51:34 AM | Attr = ] KB935840.log -> %SystemRoot%\KB935840.log -> [Ver = | Size = 18891 bytes | Created Date = 8/31/2007 9:51:55 AM | Attr = ] KB936021.log -> %SystemRoot%\KB936021.log -> [Ver = | Size = 28700 bytes | Created Date = 8/31/2007 9:52:58 AM | Attr = ] KB936357.log -> %SystemRoot%\KB936357.log -> [Ver = | Size = 26078 bytes | Created Date = 8/31/2007 9:52:41 AM | Attr = ] KB936782.log -> %SystemRoot%\KB936782.log -> [Ver = | Size = 21657 bytes | Created Date = 8/31/2007 10:38:58 AM | Attr = ] KB937143.log -> %SystemRoot%\KB937143.log -> [Ver = | Size = 21520 bytes | Created Date = 8/31/2007 9:51:41 AM | Attr = ] KB938127.log -> %SystemRoot%\KB938127.log -> [Ver = | Size = 20403 bytes | Created Date = 8/31/2007 9:52:01 AM | Attr = ] KB938828.log -> %SystemRoot%\KB938828.log -> [Ver = | Size = 28205 bytes | Created Date = 8/31/2007 9:52:56 AM | Attr = ] KB938829.log -> %SystemRoot%\KB938829.log -> [Ver = | Size = 26207 bytes | Created Date = 8/31/2007 9:52:36 AM | Attr = ] KB939653.log -> %SystemRoot%\KB939653.log -> [Ver = | Size = 17731 bytes | Created Date = 10/9/2007 8:48:26 PM | Attr = ] KB941202.log -> %SystemRoot%\KB941202.log -> [Ver = | Size = 9986 bytes | Created Date = 10/9/2007 8:46:25 PM | Attr = ] msxml4-KB936181-enu.LOG -> %SystemRoot%\msxml4-KB936181-enu.LOG -> [Ver = | Size = 284032 bytes | Created Date = 8/31/2007 10:34:44 AM | Attr = ] NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 10/10/2007 6:35:40 PM | Attr = ] Swordfish Screensaver 1.dat -> %SystemRoot%\Swordfish Screensaver 1.dat -> Microsoft Corporation [Ver = 4.00 | Size = 18192 bytes | Created Date = 9/26/2007 1:02:04 AM | Attr = ] Swordfish Screensaver 1.dll -> %SystemRoot%\Swordfish Screensaver 1.dll -> MacSourcery [Ver = 1.7.1 | Size = 40960 bytes | Created Date = 9/26/2007 1:02:04 AM | Attr = ] Swordfish Screensaver 1.exe -> %SystemRoot%\Swordfish Screensaver 1.exe -> Macromedia, Inc. [Ver = 8.0r178 | Size = 3441296 bytes | Created Date = 9/26/2007 1:02:04 AM | Attr = ] Swordfish Screensaver 1.scr -> %SystemRoot%\Swordfish Screensaver 1.scr -> MacSourcery [Ver = 1.7.1 | Size = 238232 bytes | Created Date = 9/26/2007 1:02:04 AM | Attr = ] appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 10/2/2007 9:52:11 PM | Attr = ] DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 739840 bytes | Created Date = 9/17/2007 10:22:58 AM | Attr = ] DivXCodecVersionChecker.exe -> %System32%\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 6, 7, 0, 1 | Size = 156992 bytes | Created Date = 9/11/2007 3:14:30 PM | Attr = ] divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.7.0.1 | Size = 729088 bytes | Created Date = 9/18/2007 4:24:32 AM | Attr = ] divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 823296 bytes | Created Date = 9/17/2007 10:23:00 AM | Attr = ] divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 823296 bytes | Created Date = 9/17/2007 10:23:00 AM | Attr = ] divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.7.0.28 | Size = 802816 bytes | Created Date = 9/17/2007 10:22:58 AM | Attr = ] DRWEBSP.DLL -> %System32%\DRWEBSP.DLL -> Doctor Web, Ltd. [Ver = 4.44.0.07241 | Size = 73728 bytes | Created Date = 10/24/2007 9:27:25 AM | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 10/15/2007 8:47:19 PM | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 10/15/2007 8:47:19 PM | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 10/15/2007 8:47:19 PM | Attr = ] jupdate-1.6.0_03-b05.log -> %System32%\jupdate-1.6.0_03-b05.log -> [Ver = | Size = 5387 bytes | Created Date = 10/15/2007 8:47:06 PM | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 10/15/2007 9:16:51 PM | Attr = ] swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 10/15/2007 9:16:51 PM | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 10/15/2007 9:16:51 PM | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4500 bytes | Created Date = 10/15/2007 3:18:21 PM | Attr = ] tmp.txt -> %System32%\tmp.txt -> [Ver = | S

0

These are the two files that constantly show up on spider guard E:\Documents and Settings\All Users\Documents\Shared Wallpapers\MoviezChannelsInstaler.exe - infected with Win32.HLLM.Lovgate.2 E:\WINDOWS\System32\spool\PRINTERS\00012.SPL - infected with Win32.HLLM.Lovgate.2 Recovered from serious error: Files included …\Temp\WERc891.dir00\Mini110707-02.dmp …\Temp\WERc891.dir00\sysdata.xml This is what Microsoft told me the problem was Problem caused by Device Driver You received this message because a device driver installed on your computer caused the Windows operating system to stop unexpectedly. This type of error is referred to as a "stop error." A stop error requires you to restart your computer. More information ________________________________________ Problem report summary Problem type Windows stop error (a message appears on a blue screen with error code information) Solution available? No What does this problem mean? Windows has encountered a problem it cannot recover from and it needs to be restarted Cause Unknown Computer symptoms A message appears on a blue screen with error code information (for example: 0x0000001E, KMODE_EXCEPTION_NOT_HANDLED) Additional steps for you to take Please continue to send problem reports so analysts at Microsoft can study and try to correct the problem as quickly as possible these are the things i have noticed outside of the scans you have had me do

0

any thoughts??

0

now this keeps popping up... E:\aolconnfix.exe - infected with Trojan.PWS.Gamania.origin still need help with everything if you could

0

E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP36\A0023395.exe - infected with Trojan.PWS.Gamania.origin

0