|
a-squared Support
»
 English Forums
»
Malware removal help
»
Network Anywhere?
|
|
Rank: Newbie
Groups: Member
Joined: 2007/07/19
Posts: 5
|
Does anyone know anything about hte removal of Network Anywhere?
I am not sure whether or not it is a false positive, but nevertheless if anyone knows anything about removing or can point me in the right direction, please do.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2006/02/24
Posts: 1,120
Location: Australia
|
Unknown19845 wrote:Does anyone know anything about hte removal of Network Anywhere?
I am not sure whether or not it is a false positive, but nevertheless if anyone knows anything about removing or can point me in the right direction, please do. Hi, Unknown19845
It is not clear what do you want to remove and why.
Can you please provide more detailed information?
What software flagged the threat(s)?
What was detected?
Were those detections made by a-squared?
If so, please save report created by a2 and post it.
And then if you suspect FP it is better to place your request in respective Section of the Forum
(Free or Anti-Malware Suite) but probably not straight away in Malware Removal.
You may have a look at some threads where users are asking about FPs and following discussions and advices.
My regards
P.S.
Is it this Software by http://network-anywhere.com/ you are talking about?
If so, here some information by Sunbelt-Software with explanation why NA (rather its components) may be considered being a threat
http://research.sunbelt-software.com/threatdisplay.aspx?name=Network%20Anywhere%20PE&threatid=42013
XP Pro, SP3; a2-Free 3.5.0.15(betas); Firewall: Comodo 3 (Defense+ HIPS); Antimalware: Comodo BOClean (resident); Software DEP: Comodo Memory Firewall (resident); Verification Engine PlugIn (resident) AntiVirus: AVG Free (guard resident); SpyBot SD (+TeaTimer resident)
|
|
Rank: Newbie
Groups: Member
Joined: 2007/07/19
Posts: 5
|
Sorry about my last response, It was late at night and I was trying to get off to bed before I went away on vacation for a short bit.
So,
Im using Zone Alarm Pro and AVG antivirus
I built my pc so it came from a clean install of XP, and it has never been used elsewhere outside of my home, where I DO NOT run any form of VNC.
Asquared Free detected Trace.Registry.Network Anywhere PE 2.07
a-squared Free - Version 3.1
Last update: 3/23/2008 6:57:41 PM
Scan settings:
Objects: Memory, Traces, Cookies
Scan archives: On
Heuristics: On
ADS Scan: On
Scan start: 3/23/2008 7:04:39 PM
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_Deferral detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_GetUpdateRect detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_KeyPress detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_LButtonUp detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_Timer detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_Deferral detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_GetUpdateRect detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_KeyPress detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_LButtonUp detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_Timer detected: Trace.Registry.Network Anywhere PE 2.07
While it might be a false positive, I do have reason to believe it isnt. The same night it was detected, I had installed a World of Warcraft add-on which a few other users had claimed after installing their gamefiles their accounts were getting used by other people (Void Reaver Alarm if it helps any of you). I assumed it could of installed other files, due to the fact that add-ons for world of warcraft seem to have a great amount of control, and some access websites.
http://network-anywhere.com/ looks like the site where this may have come from, yet I am not sure as I did not install this.
Id like to get this off or atleast get some sense of security that this is not going to steal my WoW account before I try to log back in. I do not know whether it even has the capability to, but due to the fact that other people claimed after installing the addon their accounts were hijacked, Id like to make sure this isnt a problem.
Is there any other information you might need?
Thanks, ~Unknown
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2006/05/23
Posts: 555
Location: Northern NY
|
Some forms of malware will install VNC. Let's take a look at the system and see what we can find.
Download to your Desktop:
- HiJackThis v2.0.2 by TrendMicro http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- HiJackFree http://download5.emsisoft.com/a2HiJackFreeSetup.exe
- a-squared Free http://download5.emsisoft.com/a2FreeSetup.exe
- ATF Cleaner by Atribune (Windows 2000/XP/2003/Vista) http://www.majorgeeks.com/ATF_Cleaner_d4949.html
- Pocket Killbox http://www.majorgeeks.com/download4709.html
- ExplorerXP http://www.majorgeeks.com/ExplorerXP_d4201.html
- ISeeYouXP by ShadowPuterDude (Windows 2000/XP/2003/Vista) http://downloads.malwareteks.com/ISeeYouXP.exe
Install HijackThis
Install HiJackFree
Install a-squared Free
Put ATF Cleaner on you Desktop
Install ExplorerXP
Put Pocket Killbox on your Desktop
Run ATF Cleaner:Double-click ATF- Cleaner.exe to run the program.
Under Main choose: Select AllClick the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
NOTE: This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
Run a-squared Free and do a full system scan. Let a-squared Free fix what it finds.
Double-click ISeeYouXP.exe, ISeeYouXp will be extracted to C:\ISeeYouXP. ISeeYouXP will autorun after installation.
NOTE: Vista Users ISeeYouXP will not autorun on Vista.
Possible Error Messages
- If your ISeeYouXP.txt log appears to be empty or semi-empty or you get an error message similar to the below when running ISeeYouXP.bat and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Window applications.
To fix the above error message, choose the download below which is appropriate for your system
- For Windows XP Pro: download and run: XPproFix
- For Windows XP Home: download and run: XPHomeFix
- For Windows 2000: download and run: W2KFix
Then run ISeeYouXP.bat again and attach the log.
- A possible second type of error message may occur as shown in the quote box below! If you get either of these two messages, perform the Resolution steps given in this: Virtual Device Driver Error Message in 16-Bit MS-DOS Subsystem
16 bit MS-DOS Subsystem
drive:\program path
XXXX. An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application.
-or-
16 bit MS-DOS Subsystem
drive:\program path
SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. VDD. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application.
After attempting to fix the above errors, run ISeeYouXP.bat and attach the log.
Using Windows Explorer (right click the Start button and select Explore to open Windows Explorer) navigate to C:\ISeeYouXP and locate:
ISeeYouXP.bat
Double-click to run the script.
IMPORTANT NOTE:
Vista Users Only
UAC must be turned off to run this script.
ISeeYouXP will not autorun on Vista.
Turning Off/On UAC in Vista
1. Open the Control Panel.
2. Under User Account and Family settings click on the "Add or remove user account".
3. Click on your user account.
4. Under the user account click on the "Go to the main User Account page" link.
5. Under "Make changes to your user account" click on the "Change security settings" link.
6. In the "Turn on User Account Control (UAC) to make your computer more secure" click to unselect the "Use User Account Control (UAC) to help protect your computer". Click on the Ok button.
7. You will be prompted to reboot your computer. Do so.
In order to re-enable UAC just select the above checkbox and reboot.
To Run ISeeYouXP right-click on the batch file and select "Run as Administrator"
Post the following logs:
a-squared Free
ISeeYouXP.txt (On the Desktop) this log can get quite long.
HijackThis
This may take several posts to post post all 3 logs.
a-squared Team - www.emsisoft.com
|
|
Rank: Newbie
Groups: Member
Joined: 2007/07/19
Posts: 5
|
Ok here are all 3 logs - BTW, I DID disable all of my startup programs purposely.
Only AVG, ZA, ATICC and Spyware Guard are set to run, as for some reason if I run anything else, nothing loads for some reason (its been doing this for over 2 years now.)
a-squared Free - Version 3.1
Last update: 3/24/2008 7:31:56 AM
Scan settings:
Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: On
ADS Scan: On
Scan start: 3/24/2008 7:55:20 AM
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_Deferral detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_GetUpdateRect detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_KeyPress detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_LButtonUp detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\explorer.exe --> use_Timer detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_Deferral detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_GetUpdateRect detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_KeyPress detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_LButtonUp detected: Trace.Registry.Network Anywhere PE 2.07
Value: HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iexplore.exe --> use_Timer detected: Trace.Registry.Network Anywhere PE 2.07
C:\Documents and Settings\Myko\Desktop\Patches and Docs\mirc621.exe detected: Riskware.Client-IRC.Win32.mIRC.621
C:\Documents and Settings\Myko\Desktop\Patches and Docs\RemotejoySDLGUI.zip/cmdow.exe detected: Riskware.RiskTool.Win32.HideWindows
C:\Documents and Settings\Myko\Desktop\Patches and Docs\Unrealeted\mirc616.exe detected: Riskware.Client-IRC.Win32.mIRC.616
C:\Program Files\mIRC\mirc.exe detected: Riskware.Client-IRC.Win32.mIRC.621
Scanned
Files: 326609
Traces: 171591
Cookies: 1
Processes: 30
Found
Files: 4
Traces: 10
Cookies: 0
Processes: 0
Registry keys: 0
Scan end: 3/24/2008 10:31:14 AM
Scan time: 2:35:54
The mIRC programs I put on there, along with the Riskware.RiskTool.Win32.HideWindows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:35 AM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Myko\My Documents\HiJackthis2.02\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl<mpl=default<mplcache=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [\\FAMILY-ROOM\PRINTER4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P22 "\\FAMILY-ROOM\PRINTER4" /O22 "\\FAMILY-ROOM\PRINTER4" /M "Stylus CX4200"
O4 - HKLM\..\Run: [\\FAMILY-ROOM\PRINTER5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P22 "\\FAMILY-ROOM\PRINTER5" /O22 "\\FAMILY-ROOM\PRINTER5" /M "Stylus CX4200"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.runescape.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.mysticcolorlab.com/MysticActivia.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3718.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TA Message Agent (TAMA) (TAMA) - TA Instruments - Waters LLC - C:\PROGRAM FILES\TA INSTRUMENTS\THERMAL ADVANTAGE\QSERIES\TAMA.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 5165 bytes
************************************************************************************
ISeeYouXP v2.0 Beta 13
ISeeYouXP v1.3.0-v2.0 Beta 13 Copyright - ShadowPuterDude
ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan
------------------------------------------------------------------------------------
**** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! ****
**** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. ****
************************************************************************************
Windows/Browser/Java Versions:
Microsoft Windows XP Home Edition
Version: 5.1.2600
Service Pack: 2.0
Windows Directory: C:\WINDOWS
Internet Explorer
Version: 6.0.2900.2180
Build: 62900.2180
Language: English (United States)
Path: C:\Program Files\Internet Explorer
Boot State: Normal boot
Scan done at 10:32:54.31, Mon 03/24/2008
------------------------------------------------------------------------------------
ISeeYouXP installation folder and files
"C:\ISeeYouXP\"
bootst~1.vbs May 28 2007 359 "bootstate.vbs"
change.log Oct 17 2007 4902 "change.log"
chodefix.bat Apr 18 2007 5387 "chodefix.bat"
fixchode.reg Apr 18 2007 528 "fixChode.reg"
fixexp~1.bat Feb 24 2007 487 "FixExplorerPolicies.bat"
getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat"
grep.exe Dec 24 2004 160768 "grep.exe"
hideit.bat Oct 17 2007 1072 "HideIT.bat"
ieinfo.vbs May 28 2007 514 "ieinfo.vbs"
iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat"
iesecu~1.vbs Nov 7 2007 2399 "IESecurityZones.vbs"
iseeyo~1.bat Oct 17 2007 209237 "ISeeYouXP.bat"
libico~1.dll Mar 16 2004 898048 "libiconv2.dll"
libintl3.dll Oct 9 2004 101888 "libintl3.dll"
locate.com Jan 14 2005 11254 "locate.com"
md5sum.exe Aug 5 2007 49152 "md5sum.exe"
msconf~1.bat Feb 24 2007 578 "MSConfigFix.bat"
osinfo.vbs May 28 2007 598 "osinfo.vbs"
pcbutts.txt Mar 25 2007 5167 "PCBUTTS.TXT"
pcre.dll Nov 14 2004 183313 "pcre.dll"
pv.exe Mar 2 2006 73728 "pv.exe"
regedi~1.bat Mar 30 2007 650 "RegEditFix.bat"
regfix.bat Apr 18 2007 145 "Regfix.bat"
servic~1.vbs May 28 2007 672 "servicesinfo.vbs"
showit.bat Oct 17 2007 1013 "ShowIT.bat"
swreg.exe Apr 5 2007 139776 "swreg.exe"
system~1.bat Feb 28 2007 369 "SystemRestoreFix.bat"
taskmg~1.bat Feb 24 2007 288 "TaskMgrFix.bat"
28 items found: 28 files, 0 directories.
Total of file sizes: 1,853,842 bytes 1.77 M
3 Dir(s) 10,522,902,528 bytes free
------------------------------------------------------------------------------------
System Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Myko\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=****-WERZEN
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
GMAXLOC=C:\gmax\
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Myko
LOGONSERVER=\\****-WERZEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\;C:\PAGEMGR\IMGFOLIO;C:\PAGEMGR
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcesdk=c:\program files\steam\steamapps\unknown19845\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Myko\LOCALS~1\Temp
TMP=C:\DOCUME~1\Myko\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=****-WERZEN
USERNAME=Myko
USERPROFILE=C:\Documents and Settings\Myko
windir=C:\WINDOWS
------------------------------------------------------------------------------------
Showing any Pocket Killbox backup files
No matches found.
------------------------------------------------------------------------------------
Displaying BOOT.INI:
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
------------------------------------------------------------------------------------
Displaying SYSTEM.INI:
------------------------------------------------------------------------------------
Displaying WIN.INI:
[WAOL]
SharedPath=C:\Program Files\Common Files\AOLSHARE
AppPath=C:\Program Files\America Online 9.0
;msconfig SharedPath=C:\Program Files\Common Files\AOLSHARE
;msconfig AppPath=C:\Program Files\America Online 9.0
[SciCalc]
layout=0
;msconfig UseSep=1
;msconfig layout=0
[RAD Video Tools]
LastVersionCheckDate=2006-09-17
Path=C:\Program Files\EA GAMES\Battlefield 1942\Music
BinkComp=/d400000 /m3.0 /l4 /p8
BinkMix=
SmackComp=/l104
SmackMix=/l104
BinkPlay=
SmackPlay=
BinkConv= /v /b8 /c1
X=0
Y=105
W=1152
H=559
;msconfig LastVersionCheckDate=2006-04-30
;msconfig Path=C:\Documents and Settings\Myko\My Documents
;msconfig BinkComp=
;msconfig BinkMix=
;msconfig SmackComp=/l104
;msconfig SmackMix=/l104
;msconfig BinkPlay=
;msconfig SmackPlay=
;msconfig BinkConv= /v /b8 /c1
;msconfig X=100
;msconfig Y=100
;msconfig W=526
;msconfig H=392
[MCI Extensions.BAK]
m2v=MPEGVideo
mod=MPEGVideo
[MSUCE]
Advanced=0
CodePage=Unicode
Font=Centaur Swash MT
------------------------------------------------------------------------------------
Displaying AUTOEXEC.BAT:
PATH C:\PAGEMGR\IMGFOLIO;C:\PAGEMGR
------------------------------------------------------------------------------------
Displaying CONFIG.SYS:
------------------------------------------------------------------------------------
Displaying Running Processes:
PROCESS PID PRIO PATH
smss.exe 616 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 680 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 716 High C:\WINDOWS\system32\winlogon.exe
services.exe 760 Normal C:\WINDOWS\system32\services.exe
lsass.exe 772 Normal C:\WINDOWS\system32\lsass.exe
Ati2evxx.exe 936 Normal C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe 948 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1028 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1120 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1160 Normal C:\WINDOWS\system32\svchost.exe
Ati2evxx.exe 1228 Normal C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe 1300 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1772 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1888 Normal C:\WINDOWS\system32\spoolsv.exe
avgamsvr.exe 188 Normal C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
avgupsvc.exe 220 Normal C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
PnkBstrA.exe 392 Normal C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe 488 Normal C:\WINDOWS\system32\svchost.exe
vsmon.exe 588 Normal C:\WINDOWS\system32\ZoneLabs\vsmon.exe
wanmpsvc.exe 964 Normal C:\WINDOWS\wanmpsvc.exe
alg.exe 1700 Normal C:\WINDOWS\System32\alg.exe
Explorer.EXE 148 Normal C:\WINDOWS\Explorer.EXE
avgcc.exe 1388 Normal C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
zlclient.exe 1596 Normal C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
CLI.EXE 1516 Normal C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
sgmain.exe 896 Normal C:\Program Files\SpywareGuard\sgmain.exe
sgbhp.exe 1836 Normal C:\Program Files\SpywareGuard\sgbhp.exe
cli.exe 3016 Normal C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
cli.exe 3024 Normal C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
cmd.exe 2260 Normal C:\WINDOWS\system32\cmd.exe
ntvdm.exe 2644 Normal C:\WINDOWS\system32\ntvdm.exe
wmiprvse.exe 3060 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
pv.exe 2996 Normal C:\ISEEYO~1\pv.exe
------------------------------------------------------------------------------------
Displaying Windows Services:
Name: a2free
Display Name: a-squared Free Service
Description: Scans the PC for unwanted software and provides protection from malicious code
Path Name: c:\program files\a-squared free\a2service.exe
Start Mode: Disabled
State: Stopped
Name: Alerter
Display Name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running
Name: ALG
Display Name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Path Name: C:\WINDOWS\System32\alg.exe
Start Mode: Manual
State: Running
Name: AOL ACS
Display Name: AOL Connectivity Service
Description:
Path Name: C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Start Mode: Disabled
State: Stopped
Name: AppMgmt
Display Name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: aspnet_state
Display Name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Start Mode: Manual
State: Stopped
Name: aswUpdSv
Display Name: avast! iAVS4 Control Service
Description: Provides automatic updating for the avast! antivirus.
Path Name: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Start Mode: Disabled
State: Stopped
Name: Ati HotKey Poller
Display Name: Ati HotKey Poller
Description:
Path Name: C:\WINDOWS\system32\Ati2evxx.exe
Start Mode: Auto
State: Running
Name: ATI Smart
Display Name: ATI Smart
Description:
Path Name: C:\WINDOWS\system32\ati2sgag.exe
Start Mode: Auto
State: Stopped
Name: AudioSrv
Display Name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: avast! Antivirus
Display Name: avast! Antivirus
Description: Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Path Name: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
Start Mode: Disabled
State: Stopped
Name: avast! Mail Scanner
Display Name: avast! Mail Scanner
Description: Implements mail scanning for avast! antivirus.
Path Name: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
Start Mode: Disabled
State: Stopped
Name: avast! Web Scanner
Display Name: avast! Web Scanner
Description: Implements web (HTTP) scanning for avast! antivirus.
Path Name: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
Start Mode: Disabled
State: Stopped
Name: Avg7Alrt
Display Name: AVG7 Alert Manager Server
Description:
Path Name: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Start Mode: Auto
State: Running
Name: Avg7UpdSvc
Display Name: AVG7 Update Service
Description:
Path Name: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Start Mode: Auto
State: Running
Name: BITS
Display Name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Browser
Display Name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: CiSvc
Display Name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Path Name: C:\WINDOWS\system32\cisvc.exe
Start Mode: Manual
State: Stopped
Name: ClipSrv
Display Name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled
State: Stopped
Name: clr_optimization_v2.0.50727_32
Display Name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Start Mode: Manual
State: Stopped
Name: COMSysApp
Display Name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual
State: Stopped
Name: CryptSvc
Display Name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: DcomLaunch
Display Name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch
Start Mode: Auto
State: Running
Name: Dhcp
Display Name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: dmadmin
Display Name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Path Name: C:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual
State: Stopped
Name: dmserver
Display Name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: Dnscache
Display Name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k NetworkService
Start Mode: Auto
State: Running
Name: ERSvc
Display Name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Eventlog
Display Name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running
Name: EventSystem
Display Name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: FastUserSwitchingCompatibility
Display Name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: helpsvc
Display Name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: HidServ
Display Name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped
Name: HTTPFilter
Display Name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Start Mode: Manual
State: Stopped
Name: IDriverT
Display Name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Path Name: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Start Mode: Manual
State: Stopped
Name: ImapiService
Display Name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\imapi.exe
Start Mode: Manual
State: Stopped
Name: iPod Service
Display Name: iPod Service
Description: iPod hardware management services
Path Name: "C:\Program Files\iPod\bin\iPodService.exe"
Start Mode: Disabled
State: Stopped
Name: lanmanserver
Display Name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: lanmanworkstation
Display Name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: LmHosts
Display Name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running
Name: Messenger
Display Name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped
Name: mnmsrvc
Display Name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\mnmsrvc.exe
Start Mode: Manual
State: Stopped
Name: MSDTC
Display Name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\msdtc.exe
Start Mode: Manual
State: Stopped
Name: MSIServer
Display Name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\msiexec.exe /V
Start Mode: Manual
State: Stopped
Name: NetDDE
Display Name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped
Name: NetDDEdsdm
Display Name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped
Name: Netlogon
Display Name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped
Name: Netman
Display Name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: Nla
Display Name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: NtLmSsp
Display Name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped
Name: NtmsSvc
Display Name: Removable Storage
Description:
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: PlugPlay
Display Name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running
Name: PnkBstrA
Display Name: PnkBstrA
Description: PunkBuster Service Component [v1029] http://www.evenbalance.com
Path Name: C:\WINDOWS\system32\PnkBstrA.exe
Start Mode: Auto
State: Running
Name: PolicyAgent
Display Name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: ProtectedStorage
Display Name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: RasAuto
Display Name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: RDSessMgr
Display Name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Path Name: C:\WINDOWS\system32\sessmgr.exe
Start Mode: Manual
State: Stopped
Name: RemoteAccess
Display Name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped
Name: RpcLocator
Display Name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Path Name: C:\WINDOWS\system32\locator.exe
Start Mode: Manual
State: Stopped
Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Path Name: C:\WINDOWS\system32\svchost -k rpcss
Start Mode: Auto
State: Running
Name: RSVP
Display Name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Path Name: C:\WINDOWS\system32\rsvp.exe
Start Mode: Manual
State: Stopped
Name: SamSs
Display Name: Security Accounts Manager
Description: Stores security information for local user accounts.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: SCardSvr
Display Name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\SCardSvr.exe
Start Mode: Manual
State: Stopped
Name: Schedule
Display Name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: seclogon
Display Name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SENS
Display Name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SharedAccess
Display Name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: ShellHWDetection
Display Name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Spooler
Display Name: Print Spooler
Description: Loads files to memory for later printing.
Path Name: C:\WINDOWS\system32\spoolsv.exe
Start Mode: Auto
State: Running
Name: srservice
Display Name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SSDPSRV
Display Name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Running
Name: stisvc
Display Name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Path Name: C:\WINDOWS\system32\svchost.exe -k imgsvc
Start Mode: Auto
State: Running
Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{61977F8B-2333-4C3F-8B5B-89D8C2375FC6}
Start Mode: Manual
State: Stopped
Name: SysmonLog
Display Name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\smlogsvc.exe
Start Mode: Manual
State: Stopped
Name: TAMA
Display Name: TA Message Agent (TAMA)
Description: Enables messaging agent for TA Instruments Q Series instruments.
Path Name: C:\PROGRAM FILES\TA INSTRUMENTS\THERMAL ADVANTAGE\QSERIES\TAMA.EXE
Start Mode: Manual
State: Stopped
Name: TapiSrv
Display Name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: TermService
Display Name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Path Name: C:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Manual
State: Running
Name: Themes
Display Name: Themes
Description: Provides user experience theme management.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: TrkWks
Display Name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: upnphost
Display Name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Stopped
Name: UPS
Display Name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Path Name: C:\WINDOWS\System32\ups.exe
Start Mode: Manual
State: Stopped
Name: vsmon
Display Name: TrueVector Internet Monitor
Description: Monitors internet traffic and generates alerts for disallowed access.
Path Name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
Start Mode: Auto
State: Running
Name: VSS
Display Name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\vssvc.exe
Start Mode: Manual
State: Stopped
Name: W32Time
Display Name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WANMiniportService
Display Name: WAN Miniport (ATW) Service
Description:
Path Name: "C:\WINDOWS\wanmpsvc.exe"
Start Mode: Auto
State: Running
Name: WebClient
Display Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running
Name: winmgmt
Display Name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WmdmPmSN
Display Name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: WmiApSrv
Display Name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual
State: Stopped
Name: WMPNetworkSvc
Display Name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Path Name: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Start Mode: Manual
State: Stopped
Name: wscsvc
Display Name: Security Center
Description: Monitors system security settings and configurations.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: wuauserv
Display Name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WudfSvc
Display Name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Path Name: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Start Mode: Auto
State: Running
Name: WZCSVC
Display Name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: xmlprov
Display Name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
------------------------------------------------------------------------------------
Displaying LOG for Microsoft Windows Malicious Software Removal Tool:
Microsoft Windows Malicious Software Removal Tool v1.8, September 2005
Started On Wed Sep 21 11:54:26 2005
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 21 11:54:34 2005
Microsoft Windows Malicious Software Removal Tool v1.9, October 2005
Started On Thu Oct 20 12:56:55 2005
->Sysclean WARNING: MemScanGetImagePathFromPid(218 (Win32 Error Code: 0x00000057 (87):The parameter is incorrect.) [659]
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 20 12:57:12 2005
Microsoft Windows Malicious Software Removal Tool v1.10, November 2005
Started On Thu Nov 10 07:32:37 2005
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 10 07:32:49 2005
Microsoft Windows Malicious Software Removal Tool v1.11, December 2005
Started On Tue Dec 13 17:49:40 2005
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 13 17:49:57 2005
Microsoft Windows Malicious Software Removal Tool v1.12, January 2006
Started On Tue Jan 10 17:28:07 2006
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 10 17:28:23 2006
Microsoft Windows Malicious Software Removal Tool v1.13, February 2006
Started On Wed Feb 15 22:42:05 2006
->Sysclean WARNING: MemScanGetImagePathFromPid(1012) (Win32 Error Code: 0x00000005 (5):Access is denied.) [663]
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 15 22:42:25 2006
Microsoft Windows Malicious Software Removal Tool v1.14, March 2006
Started On Sat Mar 18 13:36:35 2006
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Mar 18 13:36:55 2006
Microsoft Windows Malicious Software Removal Tool v1.15, April 2006
Started On Wed Apr 12 15:19:09 2006
->Sysclean WARNING: MemScanGetImagePathFromPid(1260) (Win32 Error Code: 0x00000057 (87):The parameter is incorrect.) [699]
->Sysclean WARNING: MemScanGetImagePathFromPid(110 (Win32 Error Code: 0x00000057 (87):The parameter is incorrect.) [699]
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 12 15:19:25 2006
Microsoft Windows Malicious Software Removal Tool v1.16, May 2006
Started On Wed May 10 17:36:01 2006
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 10 17:36:18 2006
Microsoft Windows Malicious Software Removal Tool v1.17, June 2006
Started On Wed Jun 14 20:02:06 2006
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 14 20:02:34 2006
Microsoft Windows Malicious Software Removal Tool v1.18, July 2006
Started On Sat Jul 15 10:26:19 2006
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jul 15 10:26:39 2006
Microsoft Windows Malicious Software Removal Tool v1.19, August 2006
Started On Sat Aug 19 17:49:49 2006
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 19 17:50:16 2006
Microsoft Windows Malicious Software Removal Tool v1.20, September 2006
Started On Wed Sep 13 20:00:27 2006
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 13 20:00:53 2006
Microsoft Windows Malicious Software Removal Tool v1.21, October 2006
Started On Sat Oct 14 09:04:48 2006
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Oct 14 09:05:07 2006
Microsoft Windows Malicious Software Removal Tool v1.22, November 2006
Started On Fri Nov 17 23:41:04 2006
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 17 23:41:37 2006
Microsoft Windows Malicious Software Removal Tool v1.23, December 2006
Started On Sat Dec 16 01:36:18 2006
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Dec 16 01:36:57 2006
Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
Started On Wed Jan 10 22:19:12 2007
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 10 22:19:43 2007
Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
Started On Thu Jan 11 19:44:00 2007
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 11 19:44:32 2007
Microsoft Windows Malicious Software Removal Tool v1.25, February 2007
Started On Sat Feb 17 19:05:52 2007
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 17 19:06:33 2007
Microsoft Windows Malicious Software Removal Tool v1.27, March 2007
Started On Thu Mar 15 23:44:02 2007
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 15 23:44:43 2007
Microsoft Windows Malicious Software Removal Tool v1.28, April 2007
Started On Thu Apr 12 16:42:12 2007
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 12 16:42:48 2007
Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Tue May 08 14:59:50 2007
->Scan ERROR: resource file://C:\Program Files\MilkShape 3D 1.7.7a\ms3d.exe (code 0x0000000B (11))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 08 15:01:00 2007
Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
Started On Wed Jun 13 17:32:47 2007
->Scan ERROR: resource process://pid:440 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:440 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Documents and Settings\Myko\Desktop\Patches and Docs\utorrent.exe (code 0x0000000B (11))
->Scan ERROR: resource file://C:\Program Files\MilkShape 3D 1.7.7a\ms3d.exe (code 0x0000000B (11))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 17:34:05 2007
Microsoft Windows Malicious Software Removal Tool v1.31, July 2007
Started On Wed Jul 11 01:07:54 2007
->Scan ERROR: resource process://pid:3124 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Documents and Settings\Myko\Desktop\Patches and Docs\utorrent.exe (code 0x0000000B (11))
->Scan ERROR: resource file://C:\Program Files\MilkShape 3D 1.7.7a\ms3d.exe (code 0x0000000B (11))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 11 01:09:29 2007
Microsoft Windows Malicious Software Removal Tool v1.32, August 2007
Started On Tue Aug 14 16:58:14 2007
->Scan ERROR: resource process://pid:140 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:140 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:140 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:140 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Documents and Settings\Myko\Desktop\Patches and Docs\utorrent.exe (code 0x0000000B (11))
->Scan ERROR: resource file://C:\Program Files\MilkShape 3D 1.7.7a\ms3d.exe (code 0x0000000B (11))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 14 16:59:27 2007
Microsoft Windows Malicious Software Removal Tool v1.33, September 2007
Started On Tue Sep 11 22:26:59 2007
->Scan ERROR: resource process://pid:196 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:196 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:196 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:196 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Documents and Settings\Myko\Desktop\Patches and Docs\utorrent.exe (code 0x0000000B (11))
->Scan ERROR: resource file://C:\Program Files\MilkShape 3D 1.7.7a\ms3d.exe (code 0x0000000B (11))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 11 22:28:15 2007
Microsoft Windows Malicious Software Removal Tool v1.34, October 2007
Started On Tue Oct 09 23:08:06 2007
->Scan ERROR: resource process://pid:376 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:376 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:376 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:376 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Documents and Settings\Myko\Desktop\Patches and Docs\utorrent.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\MilkShape 3D 1.7.7a\ms3d.exe (code 0x0000000D (13))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 09 23:09:24 2007
Microsoft Windows Malicious Software Removal Tool v1.35, November 2007
Started On Tue Nov 13 20:00:40 2007
->Scan ERROR: resource process://pid:4012 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4012 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:4028 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4028 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:4028 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4028 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Documents and Settings\Myko\Desktop\Patches and Docs\utorrent.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\MilkShape 3D 1.7.7a\ms3d.exe (code 0x0000000D (13))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 13 20:02:19 2007
Microsoft Windows Malicious Software Removal Tool v1.36, December 2007
Started On Tue Dec 11 20:02:45 2007
->Scan ERROR: resource process://pid:1752 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1752 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:3924 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3924 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:3924 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3924 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Documents and Settings\Myko\Desktop\Patches and Docs\utorrent.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\MilkShape 3D 1.7.7a\ms3d.exe (code 0x0000000D (13))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 11 20:04:18 2007
Microsoft Windows Malicious Software Removal Tool v1.37, January 2008
Started On Tue Jan 08 20:01:23 2008
->Scan ERROR: resource process://pid:576 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:576 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1780 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1780 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:576 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:576 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Documents and Settings\Myko\Desktop\Patches and Docs\utorrent.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\MilkShape 3D 1.7.7a\ms3d.exe (code 0x0000000D (13))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 08 20:02:48 2008
Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
Started On Tue Feb 12 20:02:15 2008
->Scan ERROR: resource file://C:\Documents and Settings\Myko\Desktop\Patches and Docs\utorrent.exe (code 0x0000000D (13))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 12 20:03:53 2008
Microsoft Windows Malicious Software Removal Tool v1.39, March 2008
Started On Tue Mar 11 20:02:06 2008
->Scan ERROR: resource file://C:\Documents and Settings\Myko\Desktop\Patches and Docs\utorrent.exe (code 0x0000000D (13))
Results Summary:
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 11 20:06:37 2008
----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced
Hidden REG_DWORD 1 (0x1)
SuperHidden REG_DWORD 1 (0x1)
ShowSuperHidden REG_DWORD 1 (0x1)
HideFileExt REG_DWORD 0 (0x0)
************************************************************************************
Examining Select Windows Registry Keys
------------------------------------------------------------------------------------
--------------------------------------------------------------------------
Items Found in ZoneMap\Domains:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com
----------------------------------------------------------------------------
Current User ZoneMap ProtocolDefaults
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults
<NO NAME> REG_SZ
http REG_DWORD 3 (0x3)
https REG_DWORD 3 (0x3)
ftp REG_DWORD 3 (0x3)
file REG_DWORD 3 (0x3)
@ivt REG_DWORD 1 (0x1)
shell REG_DWORD 0 (0x0)
----------------------------------------------------------------------------
Default URL Prefix Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix
<NO NAME> REG_SZ http://
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes
ftp REG_SZ ftp://
gopher REG_SZ gopher://
home REG_SZ http://
mosaic REG_SZ http://
www REG_SZ http://
--------------------------------------------------------------------------
Startup Items Disabled via MSCONFIG:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
aswUpdSv REG_DWORD 2 (0x2)
WANMiniportService REG_DWORD 2 (0x2)
SandraTheSrv REG_DWORD 3 (0x3)
SandraDataSrv REG_DWORD 3 (0x3)
DCSPGSRV REG_DWORD 2 (0x2)
AOL ACS REG_DWORD 2 (0x2)
a2free REG_DWORD 2 (0x2)
iPod Service REG_DWORD 3 (0x3)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk
path REG_SZ C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup REG_SZ C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
item REG_SZ ATI CATALYST System Tray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk
path REG_SZ C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup REG_SZ C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location REG_SZ Common Startup
command REG_SZ C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
item REG_SZ InterVideo WinCinema Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Family^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk
path REG_SZ C:\Documents and Settings\Family\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup REG_SZ C:\WINDOWS\pss\Epson all-in-one Registration.lnkStartup
location REG_SZ Startup
command REG_SZ /remind /language=ENU /PRNM="00630" /PRIN="all-in-one"
item REG_SZ Epson all-in-one Registration
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Myko^Start Menu^Programs^Startup^BHODemon 2.0.lnk
path REG_SZ C:\Documents and Settings\Myko\Start Menu\Programs\Startup\BHODemon 2.0.lnk
backup REG_SZ C:\WINDOWS\pss\BHODemon 2.0.lnkStartup
location REG_SZ Startup
command REG_SZ C:\PROGRA~1\BHODEM~1\BHODemon.exe
item REG_SZ BHODemon 2.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Myko^Start Menu^Programs^Startup^PowerReg Scheduler.exe
path REG_SZ C:\Documents and Settings\Myko\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup REG_SZ C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
location REG_SZ Startup
command REG_SZ C:\Documents and Settings\Myko\Start Menu\Programs\Startup\PowerReg Scheduler.exe
item REG_SZ PowerReg Scheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_pgaccount
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ pgaccount
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\ProcessGuard\pgaccount.exe"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_ProcessGuard_Startup
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ procguard
hkey REG_SZ HKCU
command REG_SZ "C:\Program Files\ProcessGuard\procguard.exe" -minimize
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ AsusProb
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\ASUS\Probe\AsusProb.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ cli
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ ashDisp
hkey REG_SZ HKLM
command REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ daemon
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\D-Tools\daemon.exe" -lang 1033
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4200 Series
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ E_FATIAEA
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ hpztsb04
hkey REG_SZ HKLM
command REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ dumprep 0 -k
hkey REG_SZ HKLM
command REG_SZ %systemroot%\system32\dumprep 0 -k
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ mmtask
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ msmsgs
hkey REG_SZ HKCU
command REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ qttask
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ RealPlay
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ REGSHAVE
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ SOUNDMAN
hkey REG_SZ HKLM
command REG_SZ SOUNDMAN.EXE
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ THGuard
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ zlclient
hkey REG_SZ HKLM
command REG_SZ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
inimapping REG_SZ 0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\state
system.ini REG_DWORD 0 (0x0)
win.ini REG_DWORD 2 (0x2)
bootini REG_DWORD 0 (0x0)
services REG_DWORD 2 (0x2)
startup REG_DWORD 2 (0x2)
--------------------------------------------------------------------------
Select AutoRun Registry Keys:
--------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
AVG7_CC REG_SZ C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Zone Labs Client REG_SZ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
\\FAMILY-ROOM\PRINTER4 REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P22 "\\FAMILY-ROOM\PRINTER4" /O22 "\\FAMILY-ROOM\PRINTER4" /M "Stylus CX4200"
\\FAMILY-ROOM\PRINTER5 REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P22 "\\FAMILY-ROOM\PRINTER5" /O22 "\\FAMILY-ROOM\PRINTER5" /M "Stylus CX4200"
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex
HKEY_USERS\.default\software\microsoft\windows\currentversion\run
AVG7_Run REG_SZ C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
AVG7_Run REG_SZ C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run
AVG7_Run REG_SZ C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run
AVG7_Run REG_SZ C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
--------------------------------------------------------------------------
WinLogon Notify Registry Key:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent
DLLName REG_SZ Ati2evxx.dll
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 1 (0x1)
Lock REG_SZ AtiLockEvent
Logoff REG_SZ AtiLogoffEvent
Logon REG_SZ AtiLogonEvent
Disconnect REG_SZ AtiDisConnectEvent
Reconnect REG_SZ AtiReConnectEvent
Safe REG_DWORD 0 (0x0)
Shutdown REG_SZ AtiShutdownEvent
StartScreenSaver REG_SZ AtiStartScreenSaverEvent
StartShell REG_SZ AtiStartShellEvent
Startup REG_SZ AtiStartupEvent
StopScreenSaver REG_SZ AtiStopScreenSaverEvent
Unlock REG_SZ AtiUnLockEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ crypt32.dll
Logoff REG_SZ ChainWlxLogoffEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ cryptnet.dll
Logoff REG_SZ CryptnetWlxLogoffEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
DLLName REG_SZ cscdll.dll
Logon REG_SZ WinlogonLogonEvent
Logoff REG_SZ WinlogonLogoffEvent
ScreenSaver REG_SZ WinlogonScreenSaverEvent
Startup REG_SZ WinlogonStartupEvent
Shutdown REG_SZ WinlogonShutdownEvent
StartShell REG_SZ WinlogonStartShellEvent
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
DLLName REG_SZ wlnotify.dll
Logon REG_SZ SCardStartCertProp
Logoff REG_SZ SCardStopCertProp
Lock REG_SZ SCardSuspendCertProp
Unlock REG_SZ SCardResumeCertProp
Enabled REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
StartShell REG_SZ SchedStartShell
Logoff REG_SZ SchedEventLogOff
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
Logoff REG_SZ WLEventLogoff
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
DllName REG_EXPAND_SZ sclgntfy.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
DLLName REG_SZ WlNotify.dll
Lock REG_SZ SensLockEvent
Logon REG_SZ SensLogonEvent
Logoff REG_SZ SensLogoffEvent
Safe REG_DWORD 1 (0x1)
MaxWait REG_DWORD 600 (0x25
StartScreenSaver REG_SZ SensStartScreenSaverEvent
StopScreenSaver REG_SZ SensStopScreenSaverEvent
Startup REG_SZ SensStartupEvent
Shutdown REG_SZ SensShutdownEvent
StartShell REG_SZ SensStartShellEvent
PostShell REG_SZ SensPostShellEvent
Disconnect REG_SZ SensDisconnectEvent
Reconnect REG_SZ SensReconnectEvent
Unlock REG_SZ SensUnlockEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
Logoff REG_SZ TSEventLogoff
Logon REG_SZ TSEventLogon
PostShell REG_SZ TSEventPostShell
Shutdown REG_SZ TSEventShutdown
StartShell REG_SZ TSEventStartShell
Startup REG_SZ TSEventStartup
MaxWait REG_DWORD 600 (0x25
Reconnect REG_SZ TSEventReconnect
Disconnect REG_SZ TSEventDisconnect
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
Logon REG_SZ WLEventLogon
Logoff REG_SZ WLEventLogoff
Startup REG_SZ WLEventStartup
Shutdown REG_SZ WLEventShutdown
StartScreenSaver REG_SZ WLEventStartScreenSaver
StopScreenSaver REG_SZ WLEventStopScreenSaver
Lock REG_SZ WLEventLock
Unlock REG_SZ WLEventUnlock
StartShell REG_SZ WLEventStartShell
PostShell REG_SZ WLEventPostShell
Disconnect REG_SZ WLEventDisconnect
Reconnect REG_SZ WLEventReconnect
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 0 (0x0)
SafeMode REG_DWORD 1 (0x1)
MaxWait REG_DWORD -1 (0xffffffff)
DllName REG_EXPAND_SZ WgaLogon.dll
Event REG_DWORD 3 (0x3)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
Data REG_BINARY 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d255602bfecba48ba3114d23a8f0aea04000000040000005300000003660000a8000000100000001a25f825c6daf8e3148ce555d326d2310000000004800000a000000010000000fbcac81a3c5d0afe7c46008022e0974530050000fa327aa0412f52d1f0101dd079f8da46832eb2deb8a6c96e22bf42f739aba680c483dfc1a680eaf33bc6b611ae20ddde3d6a494d008826427df105a2ed5460444e47cb390d9989288c3fc991a3e06646431a6b680852fcfe16e40c007813109a46bb42021ce966158a99b40f7f27f8fb3483d3ef3611f5e8629bd751785b59671ba72bed1a4d6e6b5f05f533b228ce7d8528ec553c80cbfa4b414fcf090439048b1b95649d7474446dee6816490573b0c546087f45f8f72277d305fd873ad187eac5420b829f6b277605797dab6ba52a0955ccbf8da49ccda6977fc789bd754f86730365413ed71214412ce12fec2c4f0b85a454a7925afd22366bb944090ac3ff78547ada829759c7b197703b91853e3fa33f2a1d8ae831ebcbcdf3747055d2b0056aa32cfd1bd7bff5535f42f41ffae0ab7ad16dcc732bd6fb61bf6c7c5311d86fd14d6eeb3b76c3a0659005d8a944e67965f312e1882095703312e8bd340b466e658c3688e2f3553956dab83c9d180bc03d5c1730944b0f5f065a939df13d1fe32db306df00a7e6b34f08958cfc4b6f33789752b641bac31c90e5753b81dbf254403b5c20c4f04035a181a2ba5ef6f81176895a6f3b642ebf0666cd60175a0c390d35ed7c21c554587d96eb252006031192dbf45fac8ffcfd30c0f138404d3a63ba8dffbaccf3fe493bf9a80d50487fe5e8f38916ffec76ce8fce85fab406a2c1ae1d2df13ce6512050fcaaae6cf44106d559bcd0683a99a7afed5158f975fb307391516e70fffb0445a69bfe78afbf99d678605fff44157f07b893425a4a44dc0769030a6efbf3bd707fc3e9601a11106ab18999ab5a20103359b75357c279bf600c250390984ab54f7f6ab8044a9846d8fcaaeceb415fad73974f3806b5d7e364613b79043b7def264d1b129fa5547afe93012d99d8b2953dc1678a09026ef9fad03a204186230e98c8c85d15b81c75e19d84d434fffb857718c169500502cc581bd5ec5c481d8b0438fb4f8a649d883f655dfb496d74e91b3c57d2cbe641423d84f10a12e570422c77824a0baf5ae1202c79c0ec6d93dca191f836b12eb82239d489eb430b2b0b922fd41935863ee851bce2d7bbd782b090601368f0fe9298a73a5e62927bdfdd777fa0838247ae80c232bfbaa449abdcb695da1e066123004e1d1f0171a70a7419b81a9609149d73e0311e4843642c81371498c56d1859ce2948e9ec262275a3a871c7fd9e2e9b65ad38d83da00990de611fdadd568eff88569f241eb1f0f3753e34ada9827a8d8dca512cfa0614ec39fbfdfe1752f3518f85f7536113774972b286d394847ef25219a77cfdf9a51c1cd0995d0b32c760b7e74ceaecd95ae88c5bf3fee358908c030adc90aef5fa42e9f3c7632169a15a889db0cb78b508f206601750eb5e3c11c73057c2f334d513d8a3d05d3311d85ccecb1fd051ba3a32451f51c129e0d92543f25d26749dcf07d2e3763c2c932f6c9ac036b18cee4144483a16a02f99cf6be27e8552ee3f40ea835fdfdefb5fc2bff8a53c4636d5cc3c4baa7faa6d9b111a35a025501c0a4c8307b0b9741c017a5354e07afa003c9c50865aefdb19e913edbd5a66677b481bce8d2e771ca9a5108703ffb5e9b4dac3e8c976e5c07f1dc08b02869cf57ee8a1da2ac772728f1ca07bfb390605daf0a171c95a707c5005f171b7e8429ab305096214bd02ee3ba44b80cfeb8c88ac9fb0f019bcdad0428488b945995aaf82dcc4e9522afc4f11edd5b2e873aec829613336242cac912ebf235dd84aacb270baa79a9cf345867437dfcc587f8b9dbe4e4369d1b7cf0ba6d672f9088492d6d311cf85ab291c9099d656df474bea03437c58f44541823b670feb14000000de1a33313d190f3e6ec38076f5dda56c3edf0461
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
DLLName REG_SZ wlnotify.dll
Logon REG_SZ RegisterTicketExpiredNotificationEvent
Logoff REG_SZ UnregisterTicketExpiredNotificationEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
--------------------------------------------------------------------------
Shared Task Scheduler Registry Items:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
--------------------------------------------------------------------------
Scheduled Tasks:
--------------------------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is 6CE9-9740
Directory of C:\WINDOWS\tasks
06/06/2007 05:06 PM <DIR> .
06/06/2007 05:06 PM <DIR> ..
02/22/2008 08:32 AM 284 AppleSoftwareUpdate.job
08/04/2004 08:00 AM 65 desktop.ini
03/24/2008 07:44 AM 6 SA.DAT
3 File(s) 355 bytes
Total Files Listed:
3 File(s) 355 bytes
2 Dir(s) 10,522,787,840 bytes free
A C:\WINDOWS\tasks\AppleSoftwareUpdate.job
HR C:\WINDOWS\tasks\desktop.ini
A H C:\WINDOWS\tasks\SA.DAT
----------------------------------------------------------------------------
ShellExecuteHooks Registry Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
----------------------------------------------------------------------------
ShellServiceObjectDelayLoad Registry Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
UPnPMonitor REG_SZ {e57ce738-33e8-4c51-8354-bb4de9d215d1}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
----------------------------------------------------------------------------
ModuleUsage Registry Keys:
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/gpcontrol.dll
.Owner REG_SZ {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41}
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/hrtbeat.ocx
.Owner REG_SZ {E5D419D6-A846-4514-9FAD-97E826C84822}
{E5D419D6-A846-4514-9FAD-97E826C84822} REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/rufsi.dll
.Owner REG_SZ {644E432F-49D3-41A1-8DD5-E099162EEEC5}
{644E432F-49D3-41A1-8DD5-E099162EEEC5} REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx
.Owner REG_SZ {406B5949-7190-4245-91A9-30A17DE16AD0}
{406B5949-7190-4245-91A9-30A17DE16AD0} REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx
.Owner REG_SZ {B8BE5E93-A60C-4D26-A2DC-220313175592}
{B8BE5E93-A60C-4D26-A2DC-220313175592} REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/zsetup.exe
.Owner REG_SZ {E5D419D6-A846-4514-9FAD-97E826C84822}
{E5D419D6-A846-4514-9FAD-97E826C84822} REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LegitCheckControl.DLL
.Owner REG_SZ Unknown Owner
{17492023-C23A-453E-A040-C7C580BBF700} REG_SZ
----------------------------------------------------------------------------
BHO Registry Keys:
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
--------------------------------------------------------------------------
Select Policy Keys:
--------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
************************************************************************************
Checking File System for suspicious Files
--------------------------------------------------------------------------
Items in the Root Directory:
--------------------------------------------------------------------------
Locating all files created in C:\
"C:\"
!KILLBOX Jan 25 2006 "!KillBox"
$VAULT$.AVG Dec 13 2005 "$VAULT$.AVG"
406073~1 Nov 18 2006 "40607302a4444e7436"
AERIAG~1 Nov 29 2007 "AeriaGames"
aoedoppl.txt Mar 4 2006 2506 "aoedoppl.txt"
aoewvlog.txt Mar 4 2006 2599 "aoeWVlog.txt"
aolcon~1.exe Dec 5 2005 10920 "aolconnfix.exe"
aolcon~1.txt Dec 5 2005 1039 "aolconnfix.txt"
AOLEXT~1 Sep 16 2005 "aolextras"
AOLINS~1 Sep 16 2005 "AOL Instant Messenger"
ATI May 19 2006 "ATI"
autoexec.bat Sep 17 2005 37 "AUTOEXEC.BAT"
autoexec.old Sep 17 2005 17 "AUTOEXEC.OLD"
avg7db_f.dat Nov 24 2005 5737422 "AVG7DB_F.DAT"
avg7qt.dat Oct 21 2005 12284145 "AVG7QT.DAT"
boot.ini Jun 6 2007 211 "boot.ini"
CONFIG.MSI May 19 2006 "Config.Msi"
config.sys Sep 16 2005 0 "CONFIG.SYS"
DEV-CPP May 13 2007 "Dev-Cpp"
DOCUME~1 Sep 15 2005 "Documents and Settings"
DOWNLO~1 Sep 19 2005 "Downloads"
EPSONREG Jan 17 2006 "EPSONREG"
ffastun.ffa Sep 16 2005 4717 "ffastun.ffa"
ffastun.ffl Sep 16 2005 507904 "ffastun.ffl"
ffastun.ffo Sep 16 2005 155648 "ffastun.ffo"
ffastun0.ffx Sep 16 2005 704512 "ffastun0.ffx"
FRAPS May 30 2006 "Fraps"
GMAX Feb 2 2006 "gmax"
GRAPHICS Jan 28 2006 "Graphics"
GRAPHS Jul 20 2006 "Graphs"
hiberfil.sys Mar 24 2008 1073008640 "hiberfil.sys"
IE-SPYAD Feb 7 2006 "ie-spyad"
install.log Nov 1 2006 1535 "INSTALL.LOG"
INSTAL~1 Sep 16 2005 "Install ICQ"
INSTAL~2 Sep 16 2005 "Install Winamp"
INSTAL~3 Sep 16 2005 "Install AOL Communicator"
io.sys Sep 16 2005 0 "IO.SYS"
ISEEYO~1 Mar 24 2008 "ISeeYouXP"
KPCMS Sep 17 2005 "KPCMS"
logwme~1.bin Jun 18 2006 0 "logwmemory.bin"
medp1bck.mis Feb 13 2006 10231 "MEDP1BCK.MIS"
MMW Jan 20 2006 "mmw"
msdos.sys Sep 16 2005 0 "MSDOS.SYS"
MWASPI Sep 16 2005 "MWASPI"
MYMUSI~1 Sep 16 2005 "My Music"
net_save.dna Sep 14 2006 1157 "net_save.dna"
NEW Jan 2 2006 "NEW"
ntdetect.com Aug 4 2004 47564 "NTDETECT.COM"
ntfy_cd.log Feb 10 2006 867 "NTFY_CD.LOG"
ntldr Aug 4 2004 250032 "ntldr"
pagefile.sys Mar 24 2008 805306368 "pagefile.sys"
PAGEMGR Sep 17 2005 "PAGEMGR"
PROGRA~1 Sep 15 2005 "Program Files"
PROVW21 Jan 20 2006 "PROVW21"
RECYCLER Sep 16 2005 "RECYCLER"
RIODRI~1 Dec 11 2005 "RioDrivers"
ROUTER Sep 16 2007 "Router"
RSCACHE Jun 9 2006 "rscache"
SHARED May 11 2006 "Shared"
SYSTEM~1 Sep 15 2005 "System Volume Information"
TA Apr 4 2006 "TA"
UNZIPPED Sep 20 2005 "unzipped"
vetlog.dmp May 20 2006 88791 "VETlog.dmp"
vetlog.txt May 20 2006 1553 "VETlog.txt"
VSTASCAN Sep 17 2005 "VSTASCAN"
WINDOWS Sep 15 2005 "WINDOWS"
wizard.txt Sep 16 2007 0 "wizard.txt"
67 items found: 28 files (12 H/S), 39 directories (4 H/S).
Total of file sizes: 1,898,128,415 bytes 1.77 G
--------------------------------------------------------------------------
Locating all Backup files on C:
--------------------------------------------------------------------------
Locating all *.BAK* files
"C:\WINDOWS\"
imsins.bak Feb 12 2008 1374 "imsins.BAK"
"C:\gmax\autoback\"
maxback.bak Jul 21 2006 234496 "MaxBack.bak"
"C:\Program Files\Continuum\"
keyboard.bak Mar 23 2006 2216 "keyboard.bak"
macro.bak Jan 13 2007 266 "macro.bak"
profile.bak Jan 13 2007 401 "profile.bak"
zone.bak Nov 3 2007 2689 "zone.bak"
"C:\Program Files\Xfire\"
xfire_~1.bak Jan 16 2008 463845 "xfire_games.bak"
"C:\WINDOWS\system32\"
shdocvw.bak Aug 4 2004 1483264 "shdocvw.bak"
wpa.bak May 18 2006 12540 "wpa.bak"
"C:\Documents and Settings\All Users\DRM\"
drmv1.bak Sep 17 2005 4348 "DRMv1.bak"
drmv13.bak Dec 30 2005 401 "DRMv13.bak"
drmv16.bak Sep 17 2005 401 "DRMv16.bak"
"C:\WINDOWS\system32\NtmsData\"
ntmsdata.bak Jun 8 2007 143360 "NTMSDATA.BAK"
"C:\Program Files\Common Files\AOL\IPHSend\"
iph.bak Apr 22 2006 1064 "IPH.BAK"
"C:\Program Files\Jetico\Jetico Personal Firewall\Config\"
settin~1.bak May 10 2005 395 "settings.xml.bak"
"C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\"
brndlog.bak Sep 16 2005 113 "brndlog.bak"
"C:\Documents and Settings\Alissa\Application Data\Microsoft\Internet Explorer\"
brndlog.bak Sep 16 2005 141 "brndlog.bak"
"C:\Documents and Settings\Craig\Application Data\Microsoft\Internet Explorer\"
brndlog.bak Sep 16 2005 141 "brndlog.bak"
"C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\"
brndlog.bak Sep 16 2005 113 "brndlog.bak"
"C:\Documents and Settings\Myko\Application Data\Microsoft\Internet Explorer\"
brndlog.bak Sep 16 2005 141 "brndlog.bak"
"C:\Documents and Settings\Myko\My Documents\My Music\License Backup\"
copyof~1.bak Feb 10 2006 782 "Copy of drmv1lic.bak"
copyof~2.bak Sep 17 2005 4348 "Copy of drmv1key.bak"
copyof~3.bak Feb 10 2006 0 "Copy of drmv2lic.bak"
drmv1key.bak Sep 17 2005 4348 "drmv1key.bak"
drmv1lic.bak Feb 10 2006 782 "drmv1lic.bak"
drmv2key.bak Feb 10 2006 400 "drmv2key.bak"
drmv2lic.bak Feb 10 2006 0 "drmv2lic.bak"
"C:\Program Files\Total War\Medieval - Total War\campmap\buttons\"
coins.bak Sep 3 1998 735 "coins.Bak"
hourgl~1.bak Sep 3 1998 750 "hourglass.Bak"
"C:\WINDOWS\pchealth\helpctr\Config\Cache\"
person~1.bak Nov 22 2007 288514 "Personal_32_1033.dat.bak"
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\csdt28m4.default\"
bookma~1.bak May 1 2006 16072 "bookmarks.bak"
"C:\Documents and Settings\Alissa\Application Data\Mozilla\Firefox\Profiles\62hk5paq.default\"
bookma~1.bak Apr 30 2007 31551 "bookmarks.bak"
"C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\y2z7644z.default\"
bookma~1.bak Mar 6 2006 15980 "bookmarks.bak"
"C:\Documents and Settings\Myko\Application Data\Mozilla\Firefox\Profiles\5x7oxlnf.default\"
bookma~1.bak Mar 24 2008 159753 "bookmarks.bak"
bookma~2.bak Feb 13 2007 25664 "bookmarks.html.sbsd.bak"
"C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\"
brndlog.bak Sep 16 2005 113 "brndlog.bak"
"C:\Program Files\Steam\steamapps\SourceMods\dpb\materials\models\box\"
boxvmt~1.bak Jan 1 2007 64 "box.vmt.bak"
92 items found: 92 files (9 H/S), 0 directories.
Total of file sizes: 2,920,171 bytes 2.78 M
--------------------------------------------------------------------------
Locating all copies of Internet Explorer on C:
--------------------------------------------------------------------------
Locating all copies of Internet Explorer
"C:\Program Files\Internet Explorer\"
iexplore.exe Aug 4 2004 93184 "IEXPLORE.EXE"
"C:\WINDOWS\system32\dllcache\"
iexplore.exe Aug 4 2004 93184 "iexplore.exe"
2 items found: 2 files, 0 directories.
Total of file sizes: 186,368 bytes 182.00 K
--------------------------------------------------------------------------
Locating all copies of Windows Explorer on C:
--------------------------------------------------------------------------
Locating all copies of Windows Explorer
"C:\WINDOWS\"
explorer.exe Jun 13 2007 1033216 "explorer.exe"
"C:\WINDOWS\$NtUninstallKB938828$\"
explorer.exe Aug 4 2004 1032192 "explorer.exe"
"C:\WINDOWS\system32\dllcache\"
explorer.exe Jun 13 2007 1033216 "explorer.exe"
"C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\"
explorer.exe Jun 13 2007 1033216 "explorer.exe"
4 items found: 4 files, 0 directories.
Total of file sizes: 4,131,840 bytes 3.94 M
Items in Document and Settings:
Listing contents of C:\Documents and Settings
"C:\Documents and Settings\"
ADMINI~1 Feb 7 2006 "Administrator"
ALISSA Sep 16 2005 "Alissa"
ALLUSE~1 Sep 15 2005 "All Users"
areyou~1.doc May 25 2007 24576 "Are You Ready to Wear Blue and Green.doc"
CRAIG Sep 16 2005 "Craig"
DEFAUL~1 Sep 15 2005 "Default User"
LOCALS~1 Sep 16 2005 "LocalService"
MYK Jan 11 2006 "Myk"
MYKO Sep 16 2005 "Myko"
NETWOR~1 Sep 16 2005 "NetworkService"
10 items found: 1 file, 9 directories (3 H/S).
Total of file sizes: 24,576 bytes 24.00 K
--------------------------------------------------------------------------
Desktop Items:
--------------------------------------------------------------------------
Locating all files created in C:\Documents and Settings\Myko\Desktop within the last 90 days.
"C:\Documents and Settings\Myko\Desktop\"
007.txt Feb 3 2008 1486 "007.txt"
a2scan~1.txt Mar 24 2008 4706 "a2scan_080324-075520.txt"
atf-cl~1.exe Mar 24 2008 50688 "ATF-Cleaner.exe"
guitar.jpg Jan 13 2008 265421 "Guitar.jpg"
guitar.txt Jan 17 2008 466 "guitar.txt"
hm.txt Feb 2 2008 6365 "hm.txt"
iseeyo~1.exe Mar 24 2008 1125845 "ISeeYouXP.exe"
iseeyo~1.lnk Mar 24 2008 534 "ISeeYouXP.lnk"
kjkj.txt Feb 4 2008 7121 "kjkj.txt"
midter~1.zip Jan 14 2008 466795 "MidTermReviewQuestionsMaterial.zip"
mystery.txt Feb 4 2008 440 "mystery.txt"
trillian.lnk Mar 16 2008 1622 "Trillian.lnk"
12 items found: 12 files, 0 directories.
Total of file sizes: 1,931,489 bytes 1.84 M
Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days.
"C:\Documents and Settings\All Users\Desktop\"
worldo~1.lnk Jan 18 2008 793 "World of Warcraft.lnk"
1 item found: 1 file, 0 directories.
Total of file sizes: 793 bytes 0.77 K
--------------------------------------------------------------------------
Start Menu Items:
--------------------------------------------------------------------------
Locating all files created inC:\Documents and Settings\Myko\Start Menu within the last 90 days.
No matches found.
Locating all files created in C:\Documents and Settings\Myko\Start Menu\Programs\Startup within the last 90 days.
No matches found.
Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days.
No matches found.
Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
Application Data Items:
--------------------------------------------------------------------------
Locating all files created in C:\Documents and Settings\Myko\Application Data\ within the last 90 days.
"C:\Documents and Settings\Myko\Application Data\"
INTUIT Mar 6 2008 "Intuit"
1 item found: 0 files, 1 directory.
Locating all files created in C:\Documents and Settings\Myko\Local Settings\Application Data\ within the last 90 days.
"C:\Documents and Settings\Myko\Local Settings\Application Data\"
iconca~1.db Mar 12 2008 5304166 "IconCache.db"
1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 5,304,166 bytes 5.05 M
Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
C:\Documents and Settings\Myko\Local Settings\TEMP:
--------------------------------------------------------------------------
Locating all files created in C:\Documents and Settings\Myko\Local Settings\TEMP within the last 90 days.
--------------------------------------------------------------------------
Items in Templates Folder:
--------------------------------------------------------------------------
Locating all files created in C:\Documents and Settings\Myko\Templates
"C:\Documents and Settings\Myko\Templates\"
amipro.sam Aug 4 2004 4570 "amipro.sam"
excel.xls Aug 4 2004 5632 "excel.xls"
excel4.xls Aug 4 2004 1518 "excel4.xls"
lotus.wk4 Aug 4 2004 2448 "lotus.wk4"
powerpnt.ppt Aug 4 2004 12288 "powerpnt.ppt"
presenta.shw Aug 4 2004 461 "presenta.shw"
quattro.wb2 Aug 4 2004 4017 "quattro.wb2"
sndrec.wav Aug 4 2004 58 "sndrec.wav"
winword.doc Aug 4 2004 4608 "winword.doc"
winword2.doc Aug 4 2004 1769 "winword2.doc"
wordpfct.wpd Aug 4 2004 30 "wordpfct.wpd"
wordpfct.wpg Aug 4 2004 57 "wordpfct.wpg"
12 items found: 12 files, 0 directories.
Total of file sizes: 37,456 bytes 36.58 K
Items in Program Files:
Locating all files created in C:\Program Files\ within the last 90 days.
No matches found.
Locating all files created in C:\Program Files\Common Files\ within the last 90 days.
No matches found.
Locating all files created in C:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days.
No matches found.
Items in the Windows Directory:
Locating all files created in C:\WINDOWS\ within the last 90 days.
"C:\WINDOWS\"
$N40DC~1 Feb 12 2008 "$NtUninstallKB943055$"
$N44C0~1 Feb 12 2008 "$NtUninstallKB944533$"
$N50CC~1 Jan 8 2008 "$NtUninstallKB941644$"
$N54C4~1 Feb 12 2008 "$NtUninstallKB946026$"
$N58EC~1 Jan 8 2008 "$NtUninstallKB943485$"
0.log Mar 24 2008 0 "0.log"
bootstat.dat Mar 24 2008 2048 "bootstat.dat"
comsetup.log Feb 12 2008 328259 "comsetup.log"
episme00.swb Jan 21 2008 9662 "EPISME00.SWB"
faxsetup.log Feb 12 2008 952789 "FaxSetup.log"
iis6.log Feb 12 2008 149528 "iis6.log"
imsins.bak Feb 12 2008 1374 "imsins.BAK"
imsins.log Feb 12 2008 1374 "imsins.log"
kb941644.log Jan 8 2008 10574 "KB941644.log"
kb943055.log Feb 12 2008 10870 "KB943055.log"
kb943485.log Jan 8 2008 10735 "KB943485.log"
kb944533.log Feb 12 2008 17926 "KB944533.log"
kb946026.log Feb 12 2008 14284 "KB946026.log"
msgsocm.log Feb 12 2008 49337 "msgsocm.log"
myko.acl Feb 21 2008 35830 "Myko.acl"
ntbtlog.txt Mar 13 2008 1108144 "ntbtlog.txt"
ntdtcs~1.log Feb 12 2008 200613 "ntdtcsetup.log"
ocgen.log Feb 12 2008 491476 "ocgen.log"
ocmsn.log Feb 12 2008 54042 "ocmsn.log"
schedlgu.txt Mar 24 2008 32606 "SchedLgU.Txt"
setupapi.log Feb 20 2008 11405 "setupapi.log"
tsoc.log Feb 12 2008 378343 "tsoc.log"
updspapi.log Feb 12 2008 69084 "updspapi.log"
wiadebug.log Mar 24 2008 157 "wiadebug.log"
wiaservc.log Mar 24 2008 49 "wiaservc.log"
win.ini Mar 6 2008 990 "win.ini"
window~1.log Mar 24 2008 1911250 "WindowsUpdate.log"
wmsetup.log Mar 17 2008 210992 "wmsetup.log"
33 items found: 28 files (1 H/S), 5 directories (5 H/S).
Total of file sizes: 6,063,741 bytes 5.78 M
--------------------------------------------------------------------------
C:\WINDOWS\Downloaded Program Files:
--------------------------------------------------------------------------
Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
C:\WINDOWS\PCHealth\HelpCtr\Binaries:
--------------------------------------------------------------------------
Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries
"C:\WINDOWS\pchealth\helpctr\binaries\"
brpinfo.dll Aug 4 2004 21504 "brpinfo.dll"
hcappres.dll Aug 4 2004 6656 "HCAppRes.dll"
helpctr.exe Aug 4 2004 768512 "HelpCtr.exe"
helphost.exe Aug 4 2004 99840 "HelpHost.exe"
helpsvc.exe Aug 4 2004 743936 "HelpSvc.exe"
hscsp_p3.cab Aug 4 2004 286777 "hscsp_p3.cab"
hscupd.exe Aug 4 2004 18944 "HscUpd.exe"
msconfig.exe Aug 4 2004 158208 "msconfig.exe"
msinfo.dll Aug 4 2004 376320 "msinfo.dll"
notiflag.exe Aug 4 2004 35328 "notiflag.exe"
pchdt_p3.cab Aug 4 2004 2334260 "pchdt_p3.cab"
pchshell.dll Aug 4 2004 102400 "pchshell.dll"
pchsvc.dll Aug 4 2004 38912 "pchsvc.dll"
13 items found: 13 files, 0 directories.
Total of file sizes: 4,991,597 bytes 4.76 M
--------------------------------------------------------------------------
C:\WINDOWS\system:
--------------------------------------------------------------------------
Locating all files created in C:\WINDOWS\system within the last 90 days.
No matches found.
--------------------------------------------------------------------------
C:\WINDOWS\system32:
--------------------------------------------------------------------------
Locating all files created in C:\WINDOWS\system32 within the last 90 days.
"C:\WINDOWS\system32\"
mrt.exe Mar 5 2008 19148408 "MRT.exe"
perfc009.dat Mar 9 2008 58596 "perfc009.dat"
perfh009.dat Mar 9 2008 392296 "perfh009.dat"
perfst~1.ini Mar 9 2008 458340 "PerfStringBackup.INI"
vsconfig.xml Mar 24 2008 35981 "vsconfig.xml"
wpa.dbl Mar 24 2008 12598 "wpa.dbl"
xfcodec.dll Jan 16 2008 54608 "xfcodec.dll"
zllictbl.dat Mar 8 2008 4212 "zllictbl.dat"
8 items found: 8 files (2 H/S), 0 directories.
Total of file sizes: 20,165,039 bytes 19.23 M
--------------------------------------------------------------------------
C:\WINDOWS\system32\com:
--------------------------------------------------------------------------
Locating all files created in C:\WINDOWS\system32\com within the last 90 days.
No matches found.
--------------------------------------------------------------------------
C:\WINDOWS\system32\components:
--------------------------------------------------------------------------
Locating all files created in C:\WINDOWS\system32\components within the last 90 days.
No matches found.
--------------------------------------------------------------------------
C:\WINDOWS\system32\drivers:
--------------------------------------------------------------------------
Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days.
No matches found.
--------------------------------------------------------------------------
C:\WINDOWS\system32\drivers\etc:
--------------------------------------------------------------------------
Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days.
No matches found.
--------------------------------------------------------------------------
C:\WINDOWS\TEMP:
--------------------------------------------------------------------------
Locating all files created in C:\WINDOWS\TEMP within the last 90 days.
"C:\WINDOWS\Temp\"
zlt0684c.tmp Mar 24 2008 256 "ZLT0684c.TMP"
1 item found: 1 file, 0 directories.
Total of file sizes: 256 bytes 0.25 K
************************************************************************************
Checking for .COM files to Delete. They will only print if deleted!
Locating .COM files in the C:\WINDOWS\System32 folder
"C:\WINDOWS\system32\"
chcp.com Aug 4 2004 7680 "chcp.com"
command.com Aug 4 2004 50620 "command.com"
diskcomp.com Aug 4 2004 9216 "diskcomp.com"
diskcopy.com Aug 4 2004 7168 "diskcopy.com"
edit.com Aug 4 2004 69886 "edit.com"
format.com Aug 4 2004 25600 "format.com"
graftabl.com Aug 4 2004 26112 "graftabl.com"
graphics.com Aug 4 2004 19694 "graphics.com"
kb16.com Aug 4 2004 14710 "kb16.com"
loadfix.com Aug 4 2004 1131 "loadfix.com"
locate.com Jan 14 2005 11254 "locate.com"
mode.com Aug 4 2004 19456 "mode.com"
more.com Aug 4 2004 15872 "more.com"
tree.com Aug 4 2004 11264 "tree.com"
win.com Aug 4 2004 18432 "win.com"
15 items found: 15 files, 0 directories.
Total of file sizes: 308,095 bytes 300.87 K
************************************************************************************
Miscellaneous Malware Detections:
------------------------------------------------------------------------------------
**** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! ****
**** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****
**** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! ****
**** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! ****
**** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! ****
**** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! ****
**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****
**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****
**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****
**** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****
**** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****
**** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! ****
**** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! ****
**** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! ****
**** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! ****
**** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! ****
**** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! ****
**** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! ****
**** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! ****
**** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! ****
**** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! ****
**** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! ****
**** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! ****
**** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! ****
**** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! ****
**** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! ****
**** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! ****
**** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! ****
**** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! ****
**** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! ****
**** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! ****
**** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! ****
**** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! ****
**** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! ****
**** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! ****
**** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! ****
**** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! ****
**** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! ****
**** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! ****
**** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! ****
**** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! ****
**** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! ****
**** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! ****
**** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! ****
**** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! ****
**** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! ****
**** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! ****
**** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! ****
**** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! ****
**** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! ****
**** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! ****
**** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! ****
**** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! ****
**** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! ****
**** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! ****
**** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! ****
**** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! ****
**** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! ****
**** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! ****
**** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! ****
**** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! ****
**** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! ****
**** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! ****
**** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! ****
**** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****
**** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! ****
**** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! ****
**** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! ****
**** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! ****
**** W32/Almanahe.a Worm NOT FOUND by this tool! ****
**** msctl32.dll SpamBot NOT FOUND by this tool! ****
**** KeyLogger NOT FOUND by this tool! ****
CHECKING FOR BOT-TYPE WORMS:
**** W32/Sdbot Worm NOT FOUND by this tool! ****
CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS:
**** i386p.* Stealthing Agent NOT FOUND by this tool! ****
**** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! ****
**** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! ****
**** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! ****
**** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! ****
**** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! ****
CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS:
**** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****
**** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****
**** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****
**** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****
**** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! ****
**** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! ****
**** CmdService adware NOT FOUND by this tool! ****
**** Network_Monitor adware NOT FOUND by this tool! ****
**** Trojan.Peacomm NOT FOUND by this tool! ****
**** Trojan.Peacomm windev NOT FOUND by this tool! ****
**** AVPE Haxdoor NOT FOUND by this tool! ****
**** MEMLOW Haxdoor NOT FOUND by this tool! ****
**** VDMT Haxdoor NOT FOUND by this tool! ****
**** YCSVGA Haxdoor NOT FOUND by this tool! ****
**** PPTP Haxdoor NOT FOUND by this tool! ****
**** DVB Haxdoor NOT FOUND by this tool! ****
**** YVBB Haxdoor NOT FOUND by this tool! ****
**** YVPP Haxdoor NOT FOUND by this tool! ****
**** NKGFS Haxdoor NOT FOUND by this tool! ****
**** XMSK Haxdoor NOT FOUND by this tool! ****
**** AVPX Haxdoor NOT FOUND by this tool! ****
**** MMXF Haxdoor NOT FOUND by this tool! ****
**** DP1112 Vundo Rootkit NOT FOUND by this tool! ****
**** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****
**** I386P Rootkit Driver NOT FOUND by this tool! ****
**** ERSSDD Rootkit NOT FOUND by this tool! ****
**** GencTurK RootKit NOT FOUND by this tool! ****
**** Troj/NTRootK-BP RootKit NOT FOUND by this tool! ****
**** W32/Almanahe.sys NOT FOUND by this tool! ****
************************************************************************************
Dumping HKLM Uninstall Programs list
DisplayName REG_SZ 3Com Modem Manager
DisplayName REG_SZ 7-Zip 4.42
DisplayName REG_SZ a-squared Free 2.1
DisplayName REG_SZ Ad-Aware SE Personal
DisplayName REG_SZ Adobe Acrobat 5.0
DisplayName REG_SZ Adobe Flash Player 9 ActiveX
DisplayName REG_SZ Adobe Photoshop Elements
DisplayName REG_SZ America Online (Choose which version to remove)
DisplayName REG_SZ AOL Coach Version 1.0(Build:20030807.3)
DisplayName REG_SZ Apple Software Update
DisplayName REG_SZ ASUS Probe V2.22.06
DisplayName REG_SZ ATC for Battlefield 2 1.0
DisplayName REG_SZ ATC for Battlefield 2 Complete
DisplayName REG_SZ ATI - Software Uninstall Utility
DisplayName REG_SZ ATI Catalyst Control Center
DisplayName REG_SZ ATI Display Driver
DisplayName REG_SZ AtomixMP3 v2.3 Trial
DisplayName REG_SZ avast! Antivirus
DisplayName REG_SZ AVG Free Edition
DisplayName REG_SZ AviSynth 2.5
DisplayName REG_SZ Battlefield 1942
DisplayName REG_SZ Battlefield 2(TM)
DisplayName REG_SZ Battlefield 2: Special Forces
DisplayName REG_SZ Battlefield 2142 Demo
DisplayName REG_SZ BF2:Sandbox
DisplayName REG_SZ Bink and Smacker
DisplayName REG_SZ Call of Duty(R) 2
DisplayName REG_SZ Call of Duty(R) 2
DisplayName REG_SZ Call of Duty(R) 2 Patch 1.3
DisplayName REG_SZ Comcast High-Speed Internet Install Wizard
DisplayName REG_SZ Command & Conquer Generals
DisplayName REG_SZ Command & Conquer Generals
DisplayName REG_SZ Condition Zero
DisplayName REG_SZ Connections
DisplayName REG_SZ Continuum 0.39
DisplayName REG_SZ Cool & Quiet
DisplayName REG_SZ Counter-Strike
DisplayName REG_SZ Creative DVD Audio Plugin for Audigy Series
DisplayName REG_SZ Delta Force - Black Hawk Down
DisplayName REG_SZ Delta Force Black Hawk Down Team Sabre
DisplayName REG_SZ Dev-C++ 5 beta 9 release (4.9.9.2)
DisplayName REG_SZ DH Driver Cleaner Professional Edition
DisplayName REG_SZ Digital Ear
DisplayName REG_SZ DVD Decrypter (Remove Only)
DisplayName REG_SZ EPSON CX 4200 4800 Guide
DisplayName REG_SZ EPSON Printer Software
DisplayName REG_SZ EPSON Scan
DisplayName REG_SZ FinePixViewer Ver.3.2
DisplayName REG_SZ FinePixViewer Ver.3.2
DisplayName REG_SZ Fraps
DisplayName REG_SZ FUJIFILM USB Driver
DisplayName REG_SZ Game Maker 6.1
DisplayName REG_SZ GameSpy Arcade
DisplayName REG_SZ gmax
DisplayName REG_SZ Guitar-Online Tools - Tuner, version 2.0
DisplayName REG_SZ Half-Life 2: Deathmatch
DisplayName REG_SZ Half-Life 2: Lost Coast
DisplayName REG_SZ HijackThis 2.0.2
DisplayName REG_SZ Hotfix for Windows Media Format 11 SDK (KB929399)
DisplayName REG_SZ Hotfix for Windows Media Format SDK (KB902344)
DisplayName REG_SZ Hotfix for Windows Media Player 11 (KB939683)
DisplayName REG_SZ Hotfix for Windows XP (KB926239)
DisplayName REG_SZ ImageMixer VCD for FinePix
DisplayName REG_SZ InterVideo WinDVD 5
DisplayName REG_SZ iTunes
DisplayName REG_SZ J2SE Runtime Environment 5.0 Update 5
DisplayName REG_SZ Java(TM) SE Development Kit 6 Update 2
DisplayName REG_SZ L&H TTS3000 British English
DisplayName REG_SZ LastChaos
DisplayName REG_SZ LEGOLAND
DisplayName REG_SZ Macromedia Shockwave Player
DisplayName REG_SZ Marvell Miniport Driver
DisplayName REG_SZ Medal of Honor Allied Assault Multiplayer Demo
DisplayName REG_SZ Medieval Total War
DisplayName REG_SZ Microsoft .NET Framework 2.0
DisplayName REG_SZ Microsoft .NET Framework 2.0
DisplayName REG_SZ Microsoft Age of Empires Trial
DisplayName REG_SZ Microsoft Compression Client Pack 1.0 for Windows XP
DisplayName REG_SZ Microsoft Encarta 97 Encyclopedia
DisplayName REG_SZ Microsoft Excel 97
DisplayName REG_SZ Microsoft Halo Trial
DisplayName REG_SZ Microsoft User-Mode Driver Framework Feature Pack 1.0
DisplayName REG_SZ Microsoft Visual Basic 6.0 Working Model Edition
DisplayName REG_SZ Microsoft Web Publishing Wizard 1.53
DisplayName REG_SZ Microsoft Word 97
DisplayName REG_SZ MicroStaff WINASPI
DisplayName REG_SZ MilkShape 3D 1.7.7a
DisplayName REG_SZ mIRC
DisplayName REG_SZ Mozilla Firefox (2.0.0.12)
DisplayName REG_SZ MSN Gaming Zone
DisplayName REG_SZ MSN Music Assistant
DisplayName REG_SZ MSXML 4.0 SP2 (KB92797
DisplayName REG_SZ MSXML 4.0 SP2 (KB936181)
DisplayName REG_SZ MSXML 4.0 SP2 Parser and SDK
DisplayName REG_SZ NoteWorthy Composer
DisplayName REG_SZ NTI CD-Maker 2000 Standard
DisplayName REG_SZ Project Realtiy v0.4.0.6
DisplayName REG_SZ PSP Video 9 1.74
DisplayName REG_SZ Python 2.3.4
DisplayName REG_SZ QuarkXPress 5.0
DisplayName REG_SZ QuickTime
DisplayName REG_SZ RealPlayer Basic
DisplayName REG_SZ Realtek AC'97 Audio
DisplayName REG_SZ Rise Of Legends
DisplayName REG_SZ Rise Of Legends
DisplayName REG_SZ SeaTools for Windows
DisplayName REG_SZ Security Update for Microsoft .NET Framework 2.0 (KB928365)
DisplayName REG_SZ Security Update for Windows Media Player (KB911564)
DisplayName REG_SZ Security Update for Windows Media Player 10 (KB911565)
DisplayName REG_SZ Security Update for Windows Media Player 10 (KB917734)
DisplayName REG_SZ Security Update for Windows Media Player 11 (KB936782)
DisplayName REG_SZ Security Update for Windows Media Player 6.4 (KB92539
DisplayName REG_SZ Security Update for Windows XP (KB890046)
DisplayName REG_SZ Security Update for Windows XP (KB893066)
DisplayName REG_SZ Security Update for Windows XP (KB893756)
DisplayName REG_SZ Security Update for Windows XP (KB89635
DisplayName REG_SZ Security Update for Windows XP (KB896422)
DisplayName REG_SZ Security Update for Windows XP (KB896423)
DisplayName REG_SZ Security Update for Windows XP (KB896424)
DisplayName REG_SZ Security Update for Windows XP (KB89642
DisplayName REG_SZ Security Update for Windows XP (KB89668
DisplayName REG_SZ Security Update for Windows XP (KB899587)
DisplayName REG_SZ Security Update for Windows XP (KB89958
DisplayName REG_SZ Security Update for Windows XP (KB899591)
DisplayName REG_SZ Security Update for Windows XP (KB900725)
DisplayName REG_SZ Security Update for Windows XP (KB901017)
DisplayName REG_SZ Security Update for Windows XP (KB901214)
DisplayName REG_SZ Security Update for Windows XP (KB902400)
DisplayName REG_SZ Security Update for Windows XP (KB904706)
DisplayName REG_SZ Security Update for Windows XP (KB905414)
DisplayName REG_SZ Security Update for Windows XP (KB905749)
DisplayName REG_SZ Security Update for Windows XP (KB905915)
DisplayName REG_SZ Security Update for Windows XP (KB908519)
DisplayName REG_SZ Security Update for Windows XP (KB908531)
DisplayName REG_SZ Security Update for Windows XP (KB911280)
DisplayName REG_SZ Security Update for Windows XP (KB911562)
DisplayName REG_SZ Security Update for Windows XP (KB911567)
DisplayName REG_SZ Security Update for Windows XP (KB911927)
DisplayName REG_SZ Security Update for Windows XP (KB912812)
DisplayName REG_SZ Security Update for Windows XP (KB912919)
DisplayName REG_SZ Security Update for Windows XP (KB913446)
DisplayName REG_SZ Security Update for Windows XP (KB913580)
DisplayName REG_SZ Security Update for Windows XP (KB91438
DisplayName REG_SZ Security Update for Windows XP (KB914389)
DisplayName REG_SZ Security Update for Windows XP (KB916281)
DisplayName REG_SZ Security Update for Windows XP (KB917159)
DisplayName REG_SZ Security Update for Windows XP (KB917344)
DisplayName REG_SZ Security Update for Windows XP (KB917422)
DisplayName REG_SZ Security Update for Windows XP (KB917953)
DisplayName REG_SZ Security Update for Windows XP (KB91811
DisplayName REG_SZ Security Update for Windows XP (KB918439)
DisplayName REG_SZ Security Update for Windows XP (KB918899)
DisplayName REG_SZ Security Update for Windows XP (KB919007)
DisplayName REG_SZ Security Update for Windows XP (KB920213)
DisplayName REG_SZ Security Update for Windows XP (KB920214)
DisplayName REG_SZ Security Update for Windows XP (KB920670)
DisplayName REG_SZ Security Update for Windows XP (KB920683)
DisplayName REG_SZ Security Update for Windows XP (KB920685)
DisplayName REG_SZ Security Update for Windows XP (KB92139
DisplayName REG_SZ Security Update for Windows XP (KB921503)
DisplayName REG_SZ Security Update for Windows XP (KB921883)
DisplayName REG_SZ Security Update for Windows XP (KB922616)
DisplayName REG_SZ Security Update for Windows XP (KB922760)
DisplayName REG_SZ Security Update for Windows XP (KB922819)
DisplayName REG_SZ Security Update for Windows XP (KB923191)
DisplayName REG_SZ Security Update for Windows XP (KB923414)
DisplayName REG_SZ Security Update for Windows XP (KB923689)
DisplayName REG_SZ Security Update for Windows XP (KB923694)
DisplayName REG_SZ Security Update for Windows XP (KB923980)
DisplayName REG_SZ Security Update for Windows XP (KB924191)
DisplayName REG_SZ Security Update for Windows XP (KB924270)
DisplayName REG_SZ Security Update for Windows XP (KB924496)
DisplayName REG_SZ Security Update for Windows XP (KB924667)
DisplayName REG_SZ Security Update for Windows XP (KB925454)
DisplayName REG_SZ Security Update for Windows XP (KB925486)
DisplayName REG_SZ Security Update for Windows XP (KB925902)
DisplayName REG_SZ Security Update for Windows XP (KB926255)
DisplayName REG_SZ Security Update for Windows XP (KB926436)
DisplayName REG_SZ Security Update for Windows XP (KB927779)
DisplayName REG_SZ Security Update for Windows XP (KB927802)
DisplayName REG_SZ Security Update for Windows XP (KB928090)
DisplayName REG_SZ Security Update for Windows XP (KB928255)
DisplayName REG_SZ Security Update for Windows XP (KB928843)
DisplayName REG_SZ Security Update for Windows XP (KB929123)
DisplayName REG_SZ Security Update for Windows XP (KB929969)
DisplayName REG_SZ Security Update for Windows XP (KB93017
DisplayName REG_SZ Security Update for Windows XP (KB931261)
DisplayName REG_SZ Security Update for Windows XP (KB93176
DisplayName REG_SZ Security Update for Windows XP (KB931784)
DisplayName REG_SZ Security Update for Windows XP (KB93216
DisplayName REG_SZ Security Update for Windows XP (KB933566)
DisplayName REG_SZ Security Update for Windows XP (KB933729)
DisplayName REG_SZ Security Update for Windows XP (KB935839)
DisplayName REG_SZ Security Update for Windows XP (KB935840)
DisplayName REG_SZ Security Update for Windows XP (KB936021)
DisplayName REG_SZ Security Update for Windows XP (KB937143)
DisplayName REG_SZ Security Update for Windows XP (KB938127)
DisplayName REG_SZ Security Update for Windows XP (KB938829)
DisplayName REG_SZ Security Update for Windows XP (KB939653)
DisplayName REG_SZ Security Update for Windows XP (KB941202)
DisplayName REG_SZ Security Update for Windows XP (KB94156
DisplayName REG_SZ Security Update for Windows XP (KB941569)
DisplayName REG_SZ Security Update for Windows XP (KB941644)
DisplayName REG_SZ Security Update for Windows XP (KB942615)
DisplayName REG_SZ Security Update for Windows XP (KB943055)
DisplayName REG_SZ Security Update for Windows XP (KB943460)
DisplayName REG_SZ Security Update for Windows XP (KB943485)
DisplayName REG_SZ Security Update for Windows XP (KB944533)
DisplayName REG_SZ Security Update for Windows XP (KB944653)
DisplayName REG_SZ Security Update for Windows XP (KB946026)
DisplayName REG_SZ Shogun Total War
DisplayName REG_SZ Sid Meier's Pirates!
DisplayName REG_SZ Sid Meier's Pirates!
DisplayName REG_SZ Skype™ 3.2
DisplayName REG_SZ Soldat 1.3.1
DisplayName REG_SZ Source SDK Base
DisplayName REG_SZ SpeedFan (remove only)
DisplayName REG_SZ Spybot - Search & Destroy 1.4
DisplayName REG_SZ SpywareBlaster v3.5.1
DisplayName REG_SZ SpywareGuard v2.2
DisplayName REG_SZ Star Wars Battlefront
DisplayName REG_SZ Star Wars Galactic Battlegrounds: Saga
DisplayName REG_SZ Star Wars Jedi Knight Jedi Academy
DisplayName REG_SZ Star Wars Republic Commando
DisplayName REG_SZ Starcraft
DisplayName REG_SZ Steam
DisplayName REG_SZ Stronghold 2
DisplayName REG_SZ Stronghold Crusader
DisplayName REG_SZ TA Advantage (Thermal / Rheology)
DisplayName REG_SZ TeamSpeak 2 RC2
DisplayName REG_SZ The Battle for Middle-earth (tm)
DisplayName REG_SZ Trillian
DisplayName REG_SZ TurboTax Basic 2005
DisplayName REG_SZ TurboTax Basic 2006
DisplayName REG_SZ TurboTax Basic 2007
DisplayName REG_SZ TurboTax ItsDeductible 2005
DisplayName REG_SZ TurboTax ItsDeductible 2006
DisplayName REG_SZ Update for Windows XP (KB894391)
DisplayName REG_SZ Update for Windows XP (KB896727)
DisplayName REG_SZ Update for Windows XP (KB898461)
DisplayName REG_SZ Update for Windows XP (KB900485)
DisplayName REG_SZ Update for Windows XP (KB910437)
DisplayName REG_SZ Update for Windows XP (KB916595)
DisplayName REG_SZ Update for Windows XP (KB920872)
DisplayName REG_SZ Update for Windows XP (KB922582)
DisplayName REG_SZ Update for Windows XP (KB927891)
DisplayName REG_SZ Update for Windows XP (KB92933
DisplayName REG_SZ Update for Windows XP (KB930916)
DisplayName REG_SZ Update for Windows XP (KB931836)
DisplayName REG_SZ Update for Windows XP (KB933360)
DisplayName REG_SZ Update for Windows XP (KB93882
DisplayName REG_SZ Update for Windows XP (KB942763)
DisplayName REG_SZ Update for Windows XP (KB942840)
DisplayName REG_SZ Update for Windows XP (KB946627)
DisplayName REG_SZ Ventrilo Client
DisplayName REG_SZ version 1.3
DisplayName REG_SZ Viewpoint Media Player
DisplayName REG_SZ WebFldrs XP
DisplayName REG_SZ Windows Genuine Advantage Notifications (KB905474)
DisplayName REG_SZ Windows Installer 3.1 (KB893803)
DisplayName REG_SZ Windows Media Format 11 runtime
DisplayName REG_SZ Windows Media Format 11 runtime
DisplayName REG_SZ Windows Media Player 11
DisplayName REG_SZ Windows Media Player 11
DisplayName REG_SZ Windows XP Hotfix - KB873333
DisplayName REG_SZ Windows XP Hotfix - KB873339
DisplayName REG_SZ Windows XP Hotfix - KB885250
DisplayName REG_SZ Windows XP Hotfix - KB885835
DisplayName REG_SZ Windows XP Hotfix - KB885836
DisplayName REG_SZ Windows XP Hotfix - KB886185
DisplayName REG_SZ Windows XP Hotfix - KB887472
DisplayName REG_SZ Windows XP Hotfix - KB887742
DisplayName REG_SZ Windows XP Hotfix - KB888113
DisplayName REG_SZ Windows XP Hotfix - KB888302
DisplayName REG_SZ Windows XP Hotfix - KB890859
DisplayName REG_SZ Windows XP Hotfix - KB891781
DisplayName REG_SZ Windows XP Hotfix - KB893086
DisplayName REG_SZ WinRAR archiver
DisplayName REG_SZ World of Warcraft
DisplayName REG_SZ X-07 MAPPACK [LAN] Battlefield 2
DisplayName REG_SZ Xfire (remove only)
DisplayName REG_SZ YSVRML20
DisplayName REG_SZ ZoneAlarm Pro
ParentDisplayName REG_SZ
ParentDisplayName REG_SZ
ParentDisplayName REG_SZ Microsoft .NET Framework 2.0
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
QuietDisplayName REG_SZ Shockwave Director 10.1
QuietDisplayName REG_SZ Shockwave Flash
#####################################################################################################
-- All DONE! 
~ ShadowPuterDude ~
[b]Thanks, ~Unknown
Edit: I don't know if this helps, but I just found out that if I scan with any screen name other then Myko network anywhere does not show up. Scanning in safe mode with Myko results in A squared detecting network anywhere, yet under safe modes administrator account no traces are found.
|
|
Rank: Advanced Member
Groups: Member, Moderation
Joined: 2006/05/23
Posts: 555
Location: Northern NY
|
I see no malicious items in your logs. VNC is not malicious itself.
It is quite possible that Void Reaver Alarm makes use of these settings, since the plugin is designed to communicate with other members of your raid. VNC would be necessary in oder to do that.
a-squared Team - www.emsisoft.com
|
|
Rank: Newbie
Groups: Member
Joined: 2007/07/19
Posts: 5
|
Alright, Thanks for clearing this up.
~Unknown
|
|
Rank: Newbie
Groups: Member
Joined: 2007/07/19
Posts: 5
|
Alright, Thanks for clearing this up.
~Unknown
|
|
|
Guest User |
|